Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INVOICE_MAY-888201-2024.exe

Overview

General Information

Sample name:INVOICE_MAY-888201-2024.exe
Analysis ID:1446511
MD5:a362350a60490b6010c41ffe84f78ce6
SHA1:a24ade8b3223cfcce28218b812735341852ef15b
SHA256:3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • INVOICE_MAY-888201-2024.exe (PID: 6928 cmdline: "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe" MD5: A362350A60490B6010C41FFE84F78CE6)
    • INVOICE_MAY-888201-2024.exe (PID: 2516 cmdline: "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe" MD5: A362350A60490B6010C41FFE84F78CE6)
    • INVOICE_MAY-888201-2024.exe (PID: 1868 cmdline: "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe" MD5: A362350A60490B6010C41FFE84F78CE6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.ipr-co.org", "Username": "info@ipr-co.org", "Password": "IPRco@100102@"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2871663068.0000000002ADE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.2871663068.0000000002B09000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.2871663068.0000000002A91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 10 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x31659:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x316cb:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x31755:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x317e7:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x31851:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x318c3:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x31959:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x319e9:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.INVOICE_MAY-888201-2024.exe.416da10.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.INVOICE_MAY-888201-2024.exe.416da10.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 11 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.55.225.242, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe, Initiated: true, ProcessId: 1868, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49733

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 3.2.INVOICE_MAY-888201-2024.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.ipr-co.org", "Username": "info@ipr-co.org", "Password": "IPRco@100102@"}
                    Multi AV Scanner detection for submitted file
                    Source: INVOICE_MAY-888201-2024.exeReversingLabs: Detection: 50%
                    Source: INVOICE_MAY-888201-2024.exeVirustotal: Detection: 37%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: INVOICE_MAY-888201-2024.exeJoe Sandbox ML: detected
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: FSJg.pdb source: INVOICE_MAY-888201-2024.exe
                    Source: Binary string: FSJg.pdbSHA256+ source: INVOICE_MAY-888201-2024.exe

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.4:49733 -> 185.55.225.242:587
                    Source: Joe Sandbox ViewIP Address: 185.55.225.242 185.55.225.242
                    Source: global trafficTCP traffic: 192.168.2.4:49733 -> 185.55.225.242:587
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficDNS traffic detected: DNS query: mail.ipr-co.org
                    Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipr-co.org
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.ipr-co.org
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2877310742.00000000063D2000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2877310742.00000000063D2000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: INVOICE_MAY-888201-2024.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd#tableLayoutPanel1
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: INVOICE_MAY-888201-2024.exeString found in binary or memory: https://github.com/romenrg/genetic-startups

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, R1W.cs.Net Code: Rf5bBq
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.raw.unpack, R1W.cs.Net Code: Rf5bBq

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 3.2.INVOICE_MAY-888201-2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large strings
                    Source: INVOICE_MAY-888201-2024.exe, MainForm.csLong String: Length: 150953
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: INVOICE_MAY-888201-2024.exe
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_0162DAEC0_2_0162DAEC
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B14400_2_074B1440
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B63B80_2_074B63B8
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B6F700_2_074B6F70
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B18AB0_2_074B18AB
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074BE6A00_2_074BE6A0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074BE6B00_2_074BE6B0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B14300_2_074B1430
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B63A80_2_074B63A8
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074BE26B0_2_074BE26B
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B6F600_2_074B6F60
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B5E080_2_074B5E08
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074BDE0C0_2_074BDE0C
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B1D780_2_074B1D78
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B5DF70_2_074B5DF7
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B18230_2_074B1823
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_074B18380_2_074B1838
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_07844EA00_2_07844EA0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_078403080_2_07840308
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_078403180_2_07840318
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_078408280_2_07840828
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D293703_2_00D29370
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D24A983_2_00D24A98
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D29BF03_2_00D29BF0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D23E803_2_00D23E80
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D2CF6F3_2_00D2CF6F
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D241C83_2_00D241C8
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D29BEA3_2_00D29BEA
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_0573DD083_2_0573DD08
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_0573BCF03_2_0573BCF0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_05738B883_2_05738B88
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_05733F283_2_05733F28
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_05734FE03_2_05734FE0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_057336303_2_05733630
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_05732EE03_2_05732EE0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_057356C03_2_057356C0
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_057300403_2_05730040
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 3_2_00D2D1D03_2_00D2D1D0
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1653826040.0000000002EB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed18eca6f-bc3e-402d-bb4c-39672b1f82f2.exe4 vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1652144239.00000000010DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed18eca6f-bc3e-402d-bb4c-39672b1f82f2.exe4 vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657777470.00000000074C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000000.1619612043.0000000000B68000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFSJg.exeN vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed18eca6f-bc3e-402d-bb4c-39672b1f82f2.exe4 vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1658919197.0000000007AF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870066515.0000000000AF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed18eca6f-bc3e-402d-bb4c-39672b1f82f2.exe4 vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exeBinary or memory string: OriginalFilenameFSJg.exeN vs INVOICE_MAY-888201-2024.exe
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 3.2.INVOICE_MAY-888201-2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, KLhJmaON.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, KLhJmaON.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, 9HIFdl.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, 9HIFdl.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, BJqXKI3HWiVSLZ0xpk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, BJqXKI3HWiVSLZ0xpk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, Rr81Etym4NnXSl69Xm.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, BJqXKI3HWiVSLZ0xpk.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.2ea14ac.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.5af0000.6.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.2eb14c4.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1652144239.0000000001119000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TPConfigSnapshot.snp.VBPw
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@2/1
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INVOICE_MAY-888201-2024.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMutant created: NULL
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: INVOICE_MAY-888201-2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: INVOICE_MAY-888201-2024.exeReversingLabs: Detection: 50%
                    Source: INVOICE_MAY-888201-2024.exeVirustotal: Detection: 37%
                    Source: INVOICE_MAY-888201-2024.exeString found in binary or memory: Form3!Types of Squares-Startup life evolution%Genetic AlgorithmsyPopulation: chromosomes encoding starting cell and movementsYOperators: selection, crossover and mutation
                    Source: INVOICE_MAY-888201-2024.exeString found in binary or memory: Source code available on Github under MIT license: https://github.com/romenrg/genetic-startups
                    Source: unknownProcess created: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess created: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess created: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess created: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess created: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: FSJg.pdb source: INVOICE_MAY-888201-2024.exe
                    Source: Binary string: FSJg.pdbSHA256+ source: INVOICE_MAY-888201-2024.exe

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: INVOICE_MAY-888201-2024.exe, MainForm.cs.Net Code: createBasicLayout
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, Rr81Etym4NnXSl69Xm.cs.Net Code: HZEGldaUFE System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, Rr81Etym4NnXSl69Xm.cs.Net Code: HZEGldaUFE System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.74c0000.7.raw.unpack, LoginForm.cs.Net Code: _206B_206C_202A_202D_206F_206F_206C_202D_206A_202A_200B_206C_206E_206A_206D_206B_202C_206E_200C_206F_200D_206D_200C_200F_202C_206C_202E_206B_202B_202E_206E_206B_206B_206D_206C_202C_200D_202E_202C_200E_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, Rr81Etym4NnXSl69Xm.cs.Net Code: HZEGldaUFE System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_0162F0B2 pushad ; iretd 0_2_0162F0B9
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeCode function: 0_2_054B8678 push eax; mov dword ptr [esp], ecx0_2_054B867C
                    Source: INVOICE_MAY-888201-2024.exeStatic PE information: section name: .text entropy: 6.9718122606002035
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, Kw8p261T624tr3QMnE.csHigh entropy of concatenated method names: 'XcjwbuN9h9', 'C26windKpb', 'XLIw8SfMuB', 'C4B8awMXhU', 'Qnx8zTyk7g', 'Vr7wCNYtDq', 'L7ywFxaDaI', 'P99wSh6YnF', 'vF6wnxSWx3', 'hHawG2iV2U'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, DOcNg6Kfi1wL7Vu5dp.csHigh entropy of concatenated method names: 'Av58gLO56P', 'eUu8DrSXdu', 'nQs8XNWTZN', 'i6P8wAl6Nh', 'UfU8kLrJ5I', 'zq0X2nhwfO', 'c2rXf6Wd14', 'csLXui4arJ', 'STyX3MiKLm', 'GF9XynbkLw'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, usFyFq6baBZYcaFtv7.csHigh entropy of concatenated method names: 'ToString', 'fMvTK9SBLA', 'AIBTH9SZKF', 'SMPTJsOxfX', 'moqTeBBJ25', 'AecTIwZyak', 'u1wT7kxTj3', 'nbWTssgE73', 'Vl1T41gWLv', 'YTCTxdeLVT'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, RSBT6oZSTqTq8ySqKr.csHigh entropy of concatenated method names: 'QFxmF2SSIo', 'nd6mnDkFb3', 'oPTmGOD3vv', 'gMxmbWi19k', 'AWEmDCZnqa', 'LtHmX6C0i0', 'a5am823Dsb', 'qfDQuRgxmt', 'Bb6Q3aL9sb', 'URZQyigaQE'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, BJqXKI3HWiVSLZ0xpk.csHigh entropy of concatenated method names: 'xnTDvvWGpt', 'ffFDLN4RYT', 'q3dDOb9dwi', 'uhTDrbZkkT', 'TD3D26TnCU', 'f7kDfhQj91', 'vqsDu1qw4i', 'oFZD3oaUdP', 'xiVDyH7nib', 'zwlDaIZ0fO'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, E8QkDgzeDbXtqxheWf.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'p31m5GZE8q', 'tiemddBGgT', 'XwxmTVBA62', 'clNmhVoJIy', 'BTdmQaCKwu', 'Cqvmmk2kpt', 'R3Wmq6pU5x'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, D6sqB4XSKgHBqpcXvu.csHigh entropy of concatenated method names: 'MaeFwxYOXh', 'UhcFkod5F0', 'Xf8FYkh0Lb', 'e5AFAYkhfj', 'EUOFdfecn6', 'BNsFTuN6Jr', 'acLV28TVY3WUUq6HHg', 'Rp26Xy6aZpN8j6pegw', 'OcqJ3hbRiSRmcjtIIk', 'o97FFsAASj'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, vfKy81FyeimwDiPc9A.csHigh entropy of concatenated method names: 'PmA5prktr8', 'HO15ogpgTr', 'X9T5cOvs82', 'Hxq5Hk3cOw', 'bvS5eBZrui', 'Blt5IFsZ0q', 'O2X5sfswct', 'Vbf54dYwol', 'kpb59V9Ytb', 'euY5KQyMqo'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, GL1sSyhb2FTyTeXApu.csHigh entropy of concatenated method names: 'ifxh3Hlqq5', 's8YhaveprV', 'K9UQCpLRCj', 'V7lQFH15IP', 'uaehKPV4nn', 'qpGhZ49k1a', 'ndth0XTp6b', 'KYChv86vjD', 'r6NhLjjFgS', 'HpZhObwewR'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, Dq1NQdjG4GhppsNcIko.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GUsqv2xTvv', 'MAMqL4gqNq', 'kyHqOc0VPJ', 'HREqrjcbND', 'Uw5q2ORyQB', 'pUHqfPaNEx', 'JWOquLKFxS'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, opbgTmsSm1QQLEJyW3.csHigh entropy of concatenated method names: 'sK0iMsH6dV', 'cUriUC9e2o', 'Uo7iplhamP', 's9tioqYMoQ', 'GCOidWZ7pF', 'bE4iT5u3mh', 'QN5ihCBVVB', 'PLbiQ4KRAu', 'mnSimYWoAE', 'Uxwiqhhkbl'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, FnNGpq8XHKNRD6jojh.csHigh entropy of concatenated method names: 'h6XXROoQRw', 'c4rXWyBMfs', 'FtCiJRvLNl', 'LgAieXTvYm', 'FQtiI2Bkoi', 'yfxi7dk1AC', 'P6Gis1jK6X', 'JgSi4w2nke', 'sgpixfm4A5', 'jbwi97xOWm'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, yuKX27E4oU7tkdDeru.csHigh entropy of concatenated method names: 'JNed9VObBH', 'xXYdZMFe3a', 'n6Ddv0V4Ec', 'weKdLBlMMn', 'BjddHknqJO', 'qhOdJtwFLX', 'j5mde04sK5', 't61dIEwC5Q', 'vZSd7qmO4Q', 'D2hds2l5Xw'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, BR9nsQwFIkZln20SGC.csHigh entropy of concatenated method names: 'mJ8wjdp5Bc', 'LbEwNy7OA7', 'iGjwl5JasA', 'VHkwMuOJoi', 'vRWwRm1lK9', 'JUvwUpfEPM', 'f90wWwLkvN', 'uxYwpHQ3J1', 'DESwomE5Hw', 'v7qw6l0RKe'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, kKOqnR59PALe4lSinq.csHigh entropy of concatenated method names: 'kbThYHTP2r', 'RZQhA6Skd2', 'ToString', 'GvQhbDdSIg', 'yWNhDfyj40', 'Ny9hitF6SE', 'EShhXQh3Ku', 'dnIh8W2th8', 'mC8hwDwHyI', 'yMahkpdBWo'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, kVDc5tg30l8SJy6L7t.csHigh entropy of concatenated method names: 'sjeQcDluh5', 'VoOQHQFn0d', 'g0gQJUk9nC', 'rBLQewWK3j', 'EKtQvxIbPD', 'p8JQImAvvO', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, us5Qu0jrbviKDr1psuI.csHigh entropy of concatenated method names: 'v1dmjeD38U', 'BQpmNagjof', 'SFpmlg84Py', 'sUxmMPBgZh', 'EuwmRn4Ddf', 'OVnmUuXgkn', 'r4smWGKCq5', 'RipmpVxWqm', 'fgSmod19Gn', 'h8Om6aMZSK'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, dAy9nGkcxf1MLlG49k.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'PMFSynMCue', 'z5jSaVPxoO', 'VsRSzZ48Ov', 'CdVnCTfORu', 'Jb6nF9UvOk', 'qOvnSjsMj0', 'wg4nn9mAg3', 'UIOwULWIKysIYKQ63Ev'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, Rr81Etym4NnXSl69Xm.csHigh entropy of concatenated method names: 'kLRngLMLK8', 'ksonbV6PHi', 'GkAnD4qTg2', 'z69nigLJNs', 'GVDnXMoac1', 'qotn8DEODB', 'zK0nwnQ2vp', 'Fx4nk8eIHy', 'i9YnBHCLlV', 'rq7nYanrvM'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, TXpDnF7O0hYgXpxm4Q.csHigh entropy of concatenated method names: 'mEflFCQUD', 'viMMmleds', 'cNbUCkQC6', 'SuVWV3WCX', 'kEEo2YWQp', 'Fkh6bYL4l', 'RedkVGy12Pcw6Jxvec', 'FiaeggjZRrcGSjRi04', 'kvFQ7q52a', 'NKqqAmceA'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, BkTyYHpkDmTwKCuvOL.csHigh entropy of concatenated method names: 'Dispose', 'kUyFyP0uaS', 'RRpSHKs3Mc', 'Yeo11PJ4li', 'uTtFa32asF', 'aTyFzM8tb9', 'ProcessDialogKey', 'yETSCYo33D', 'h79SFWQ0cc', 'cB7SSRtury'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42672e0.5.raw.unpack, D5qwyKtH9ISZRnuo1s.csHigh entropy of concatenated method names: 'Io1Qb2UayA', 'UR3QDoVGj2', 'qS3QirKmsD', 'Os5QX3rrZO', 'ENoQ8ZtPaO', 'rscQwX8UN7', 'af8QkIGGWf', 'FcRQBhTiRv', 'yIfQYDganJ', 'K48QAvNd97'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, Kw8p261T624tr3QMnE.csHigh entropy of concatenated method names: 'XcjwbuN9h9', 'C26windKpb', 'XLIw8SfMuB', 'C4B8awMXhU', 'Qnx8zTyk7g', 'Vr7wCNYtDq', 'L7ywFxaDaI', 'P99wSh6YnF', 'vF6wnxSWx3', 'hHawG2iV2U'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, DOcNg6Kfi1wL7Vu5dp.csHigh entropy of concatenated method names: 'Av58gLO56P', 'eUu8DrSXdu', 'nQs8XNWTZN', 'i6P8wAl6Nh', 'UfU8kLrJ5I', 'zq0X2nhwfO', 'c2rXf6Wd14', 'csLXui4arJ', 'STyX3MiKLm', 'GF9XynbkLw'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, usFyFq6baBZYcaFtv7.csHigh entropy of concatenated method names: 'ToString', 'fMvTK9SBLA', 'AIBTH9SZKF', 'SMPTJsOxfX', 'moqTeBBJ25', 'AecTIwZyak', 'u1wT7kxTj3', 'nbWTssgE73', 'Vl1T41gWLv', 'YTCTxdeLVT'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, RSBT6oZSTqTq8ySqKr.csHigh entropy of concatenated method names: 'QFxmF2SSIo', 'nd6mnDkFb3', 'oPTmGOD3vv', 'gMxmbWi19k', 'AWEmDCZnqa', 'LtHmX6C0i0', 'a5am823Dsb', 'qfDQuRgxmt', 'Bb6Q3aL9sb', 'URZQyigaQE'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, BJqXKI3HWiVSLZ0xpk.csHigh entropy of concatenated method names: 'xnTDvvWGpt', 'ffFDLN4RYT', 'q3dDOb9dwi', 'uhTDrbZkkT', 'TD3D26TnCU', 'f7kDfhQj91', 'vqsDu1qw4i', 'oFZD3oaUdP', 'xiVDyH7nib', 'zwlDaIZ0fO'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, E8QkDgzeDbXtqxheWf.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'p31m5GZE8q', 'tiemddBGgT', 'XwxmTVBA62', 'clNmhVoJIy', 'BTdmQaCKwu', 'Cqvmmk2kpt', 'R3Wmq6pU5x'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, D6sqB4XSKgHBqpcXvu.csHigh entropy of concatenated method names: 'MaeFwxYOXh', 'UhcFkod5F0', 'Xf8FYkh0Lb', 'e5AFAYkhfj', 'EUOFdfecn6', 'BNsFTuN6Jr', 'acLV28TVY3WUUq6HHg', 'Rp26Xy6aZpN8j6pegw', 'OcqJ3hbRiSRmcjtIIk', 'o97FFsAASj'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, vfKy81FyeimwDiPc9A.csHigh entropy of concatenated method names: 'PmA5prktr8', 'HO15ogpgTr', 'X9T5cOvs82', 'Hxq5Hk3cOw', 'bvS5eBZrui', 'Blt5IFsZ0q', 'O2X5sfswct', 'Vbf54dYwol', 'kpb59V9Ytb', 'euY5KQyMqo'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, GL1sSyhb2FTyTeXApu.csHigh entropy of concatenated method names: 'ifxh3Hlqq5', 's8YhaveprV', 'K9UQCpLRCj', 'V7lQFH15IP', 'uaehKPV4nn', 'qpGhZ49k1a', 'ndth0XTp6b', 'KYChv86vjD', 'r6NhLjjFgS', 'HpZhObwewR'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, Dq1NQdjG4GhppsNcIko.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GUsqv2xTvv', 'MAMqL4gqNq', 'kyHqOc0VPJ', 'HREqrjcbND', 'Uw5q2ORyQB', 'pUHqfPaNEx', 'JWOquLKFxS'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, opbgTmsSm1QQLEJyW3.csHigh entropy of concatenated method names: 'sK0iMsH6dV', 'cUriUC9e2o', 'Uo7iplhamP', 's9tioqYMoQ', 'GCOidWZ7pF', 'bE4iT5u3mh', 'QN5ihCBVVB', 'PLbiQ4KRAu', 'mnSimYWoAE', 'Uxwiqhhkbl'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, FnNGpq8XHKNRD6jojh.csHigh entropy of concatenated method names: 'h6XXROoQRw', 'c4rXWyBMfs', 'FtCiJRvLNl', 'LgAieXTvYm', 'FQtiI2Bkoi', 'yfxi7dk1AC', 'P6Gis1jK6X', 'JgSi4w2nke', 'sgpixfm4A5', 'jbwi97xOWm'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, yuKX27E4oU7tkdDeru.csHigh entropy of concatenated method names: 'JNed9VObBH', 'xXYdZMFe3a', 'n6Ddv0V4Ec', 'weKdLBlMMn', 'BjddHknqJO', 'qhOdJtwFLX', 'j5mde04sK5', 't61dIEwC5Q', 'vZSd7qmO4Q', 'D2hds2l5Xw'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, BR9nsQwFIkZln20SGC.csHigh entropy of concatenated method names: 'mJ8wjdp5Bc', 'LbEwNy7OA7', 'iGjwl5JasA', 'VHkwMuOJoi', 'vRWwRm1lK9', 'JUvwUpfEPM', 'f90wWwLkvN', 'uxYwpHQ3J1', 'DESwomE5Hw', 'v7qw6l0RKe'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, kKOqnR59PALe4lSinq.csHigh entropy of concatenated method names: 'kbThYHTP2r', 'RZQhA6Skd2', 'ToString', 'GvQhbDdSIg', 'yWNhDfyj40', 'Ny9hitF6SE', 'EShhXQh3Ku', 'dnIh8W2th8', 'mC8hwDwHyI', 'yMahkpdBWo'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, kVDc5tg30l8SJy6L7t.csHigh entropy of concatenated method names: 'sjeQcDluh5', 'VoOQHQFn0d', 'g0gQJUk9nC', 'rBLQewWK3j', 'EKtQvxIbPD', 'p8JQImAvvO', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, us5Qu0jrbviKDr1psuI.csHigh entropy of concatenated method names: 'v1dmjeD38U', 'BQpmNagjof', 'SFpmlg84Py', 'sUxmMPBgZh', 'EuwmRn4Ddf', 'OVnmUuXgkn', 'r4smWGKCq5', 'RipmpVxWqm', 'fgSmod19Gn', 'h8Om6aMZSK'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, dAy9nGkcxf1MLlG49k.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'PMFSynMCue', 'z5jSaVPxoO', 'VsRSzZ48Ov', 'CdVnCTfORu', 'Jb6nF9UvOk', 'qOvnSjsMj0', 'wg4nn9mAg3', 'UIOwULWIKysIYKQ63Ev'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, Rr81Etym4NnXSl69Xm.csHigh entropy of concatenated method names: 'kLRngLMLK8', 'ksonbV6PHi', 'GkAnD4qTg2', 'z69nigLJNs', 'GVDnXMoac1', 'qotn8DEODB', 'zK0nwnQ2vp', 'Fx4nk8eIHy', 'i9YnBHCLlV', 'rq7nYanrvM'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, TXpDnF7O0hYgXpxm4Q.csHigh entropy of concatenated method names: 'mEflFCQUD', 'viMMmleds', 'cNbUCkQC6', 'SuVWV3WCX', 'kEEo2YWQp', 'Fkh6bYL4l', 'RedkVGy12Pcw6Jxvec', 'FiaeggjZRrcGSjRi04', 'kvFQ7q52a', 'NKqqAmceA'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, BkTyYHpkDmTwKCuvOL.csHigh entropy of concatenated method names: 'Dispose', 'kUyFyP0uaS', 'RRpSHKs3Mc', 'Yeo11PJ4li', 'uTtFa32asF', 'aTyFzM8tb9', 'ProcessDialogKey', 'yETSCYo33D', 'h79SFWQ0cc', 'cB7SSRtury'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.42e3900.2.raw.unpack, D5qwyKtH9ISZRnuo1s.csHigh entropy of concatenated method names: 'Io1Qb2UayA', 'UR3QDoVGj2', 'qS3QirKmsD', 'Os5QX3rrZO', 'ENoQ8ZtPaO', 'rscQwX8UN7', 'af8QkIGGWf', 'FcRQBhTiRv', 'yIfQYDganJ', 'K48QAvNd97'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, Kw8p261T624tr3QMnE.csHigh entropy of concatenated method names: 'XcjwbuN9h9', 'C26windKpb', 'XLIw8SfMuB', 'C4B8awMXhU', 'Qnx8zTyk7g', 'Vr7wCNYtDq', 'L7ywFxaDaI', 'P99wSh6YnF', 'vF6wnxSWx3', 'hHawG2iV2U'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, DOcNg6Kfi1wL7Vu5dp.csHigh entropy of concatenated method names: 'Av58gLO56P', 'eUu8DrSXdu', 'nQs8XNWTZN', 'i6P8wAl6Nh', 'UfU8kLrJ5I', 'zq0X2nhwfO', 'c2rXf6Wd14', 'csLXui4arJ', 'STyX3MiKLm', 'GF9XynbkLw'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, usFyFq6baBZYcaFtv7.csHigh entropy of concatenated method names: 'ToString', 'fMvTK9SBLA', 'AIBTH9SZKF', 'SMPTJsOxfX', 'moqTeBBJ25', 'AecTIwZyak', 'u1wT7kxTj3', 'nbWTssgE73', 'Vl1T41gWLv', 'YTCTxdeLVT'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, RSBT6oZSTqTq8ySqKr.csHigh entropy of concatenated method names: 'QFxmF2SSIo', 'nd6mnDkFb3', 'oPTmGOD3vv', 'gMxmbWi19k', 'AWEmDCZnqa', 'LtHmX6C0i0', 'a5am823Dsb', 'qfDQuRgxmt', 'Bb6Q3aL9sb', 'URZQyigaQE'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, BJqXKI3HWiVSLZ0xpk.csHigh entropy of concatenated method names: 'xnTDvvWGpt', 'ffFDLN4RYT', 'q3dDOb9dwi', 'uhTDrbZkkT', 'TD3D26TnCU', 'f7kDfhQj91', 'vqsDu1qw4i', 'oFZD3oaUdP', 'xiVDyH7nib', 'zwlDaIZ0fO'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, E8QkDgzeDbXtqxheWf.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'p31m5GZE8q', 'tiemddBGgT', 'XwxmTVBA62', 'clNmhVoJIy', 'BTdmQaCKwu', 'Cqvmmk2kpt', 'R3Wmq6pU5x'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, D6sqB4XSKgHBqpcXvu.csHigh entropy of concatenated method names: 'MaeFwxYOXh', 'UhcFkod5F0', 'Xf8FYkh0Lb', 'e5AFAYkhfj', 'EUOFdfecn6', 'BNsFTuN6Jr', 'acLV28TVY3WUUq6HHg', 'Rp26Xy6aZpN8j6pegw', 'OcqJ3hbRiSRmcjtIIk', 'o97FFsAASj'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, vfKy81FyeimwDiPc9A.csHigh entropy of concatenated method names: 'PmA5prktr8', 'HO15ogpgTr', 'X9T5cOvs82', 'Hxq5Hk3cOw', 'bvS5eBZrui', 'Blt5IFsZ0q', 'O2X5sfswct', 'Vbf54dYwol', 'kpb59V9Ytb', 'euY5KQyMqo'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, GL1sSyhb2FTyTeXApu.csHigh entropy of concatenated method names: 'ifxh3Hlqq5', 's8YhaveprV', 'K9UQCpLRCj', 'V7lQFH15IP', 'uaehKPV4nn', 'qpGhZ49k1a', 'ndth0XTp6b', 'KYChv86vjD', 'r6NhLjjFgS', 'HpZhObwewR'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, Dq1NQdjG4GhppsNcIko.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GUsqv2xTvv', 'MAMqL4gqNq', 'kyHqOc0VPJ', 'HREqrjcbND', 'Uw5q2ORyQB', 'pUHqfPaNEx', 'JWOquLKFxS'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, opbgTmsSm1QQLEJyW3.csHigh entropy of concatenated method names: 'sK0iMsH6dV', 'cUriUC9e2o', 'Uo7iplhamP', 's9tioqYMoQ', 'GCOidWZ7pF', 'bE4iT5u3mh', 'QN5ihCBVVB', 'PLbiQ4KRAu', 'mnSimYWoAE', 'Uxwiqhhkbl'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, FnNGpq8XHKNRD6jojh.csHigh entropy of concatenated method names: 'h6XXROoQRw', 'c4rXWyBMfs', 'FtCiJRvLNl', 'LgAieXTvYm', 'FQtiI2Bkoi', 'yfxi7dk1AC', 'P6Gis1jK6X', 'JgSi4w2nke', 'sgpixfm4A5', 'jbwi97xOWm'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, yuKX27E4oU7tkdDeru.csHigh entropy of concatenated method names: 'JNed9VObBH', 'xXYdZMFe3a', 'n6Ddv0V4Ec', 'weKdLBlMMn', 'BjddHknqJO', 'qhOdJtwFLX', 'j5mde04sK5', 't61dIEwC5Q', 'vZSd7qmO4Q', 'D2hds2l5Xw'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, BR9nsQwFIkZln20SGC.csHigh entropy of concatenated method names: 'mJ8wjdp5Bc', 'LbEwNy7OA7', 'iGjwl5JasA', 'VHkwMuOJoi', 'vRWwRm1lK9', 'JUvwUpfEPM', 'f90wWwLkvN', 'uxYwpHQ3J1', 'DESwomE5Hw', 'v7qw6l0RKe'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, kKOqnR59PALe4lSinq.csHigh entropy of concatenated method names: 'kbThYHTP2r', 'RZQhA6Skd2', 'ToString', 'GvQhbDdSIg', 'yWNhDfyj40', 'Ny9hitF6SE', 'EShhXQh3Ku', 'dnIh8W2th8', 'mC8hwDwHyI', 'yMahkpdBWo'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, kVDc5tg30l8SJy6L7t.csHigh entropy of concatenated method names: 'sjeQcDluh5', 'VoOQHQFn0d', 'g0gQJUk9nC', 'rBLQewWK3j', 'EKtQvxIbPD', 'p8JQImAvvO', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, us5Qu0jrbviKDr1psuI.csHigh entropy of concatenated method names: 'v1dmjeD38U', 'BQpmNagjof', 'SFpmlg84Py', 'sUxmMPBgZh', 'EuwmRn4Ddf', 'OVnmUuXgkn', 'r4smWGKCq5', 'RipmpVxWqm', 'fgSmod19Gn', 'h8Om6aMZSK'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, dAy9nGkcxf1MLlG49k.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'PMFSynMCue', 'z5jSaVPxoO', 'VsRSzZ48Ov', 'CdVnCTfORu', 'Jb6nF9UvOk', 'qOvnSjsMj0', 'wg4nn9mAg3', 'UIOwULWIKysIYKQ63Ev'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, Rr81Etym4NnXSl69Xm.csHigh entropy of concatenated method names: 'kLRngLMLK8', 'ksonbV6PHi', 'GkAnD4qTg2', 'z69nigLJNs', 'GVDnXMoac1', 'qotn8DEODB', 'zK0nwnQ2vp', 'Fx4nk8eIHy', 'i9YnBHCLlV', 'rq7nYanrvM'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, TXpDnF7O0hYgXpxm4Q.csHigh entropy of concatenated method names: 'mEflFCQUD', 'viMMmleds', 'cNbUCkQC6', 'SuVWV3WCX', 'kEEo2YWQp', 'Fkh6bYL4l', 'RedkVGy12Pcw6Jxvec', 'FiaeggjZRrcGSjRi04', 'kvFQ7q52a', 'NKqqAmceA'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, BkTyYHpkDmTwKCuvOL.csHigh entropy of concatenated method names: 'Dispose', 'kUyFyP0uaS', 'RRpSHKs3Mc', 'Yeo11PJ4li', 'uTtFa32asF', 'aTyFzM8tb9', 'ProcessDialogKey', 'yETSCYo33D', 'h79SFWQ0cc', 'cB7SSRtury'
                    Source: 0.2.INVOICE_MAY-888201-2024.exe.7af0000.8.raw.unpack, D5qwyKtH9ISZRnuo1s.csHigh entropy of concatenated method names: 'Io1Qb2UayA', 'UR3QDoVGj2', 'qS3QirKmsD', 'Os5QX3rrZO', 'ENoQ8ZtPaO', 'rscQwX8UN7', 'af8QkIGGWf', 'FcRQBhTiRv', 'yIfQYDganJ', 'K48QAvNd97'
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: INVOICE_MAY-888201-2024.exe PID: 6928, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 1620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 2E70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 4E70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 7C70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 8C70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 8E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 9E20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: D20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 2A90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: 1070000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWindow / User API: threadDelayed 5114Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWindow / User API: threadDelayed 3073Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 7000Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1744Thread sleep count: 5114 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1744Thread sleep count: 3073 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99205s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -99076s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -98956s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -98814s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -98527s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -98418s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -98303s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -98187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -98078s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97968s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97528s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97299s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -97047s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96498s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96390s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96275s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -96047s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -95861s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -95697s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -95577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -95413s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -95312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -95203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -95093s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -94984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe TID: 1856Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99546Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99437Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99328Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99205Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 99076Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 98956Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 98814Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 98527Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 98418Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 98303Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 98187Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 98078Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97968Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97859Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97750Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97640Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97528Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97422Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97299Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97172Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 97047Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96937Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96828Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96718Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96609Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96498Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96390Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96275Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96172Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 96047Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 95861Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 95697Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 95577Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 95413Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 95312Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 95203Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 95093Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 94984Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: hgfsZrw6
                    Source: INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE
                    Source: INVOICE_MAY-888201-2024.exe, 00000000.00000002.1658919197.0000000007AF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: R0vmCit3ZF
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeMemory written: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess created: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeProcess created: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe "C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.INVOICE_MAY-888201-2024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2871663068.0000000002ADE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2871663068.0000000002B09000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2871663068.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: INVOICE_MAY-888201-2024.exe PID: 6928, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: INVOICE_MAY-888201-2024.exe PID: 1868, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.INVOICE_MAY-888201-2024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2871663068.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: INVOICE_MAY-888201-2024.exe PID: 6928, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: INVOICE_MAY-888201-2024.exe PID: 1868, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.3ec34e0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.INVOICE_MAY-888201-2024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.INVOICE_MAY-888201-2024.exe.416da10.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2871663068.0000000002ADE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2871663068.0000000002B09000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2871663068.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: INVOICE_MAY-888201-2024.exe PID: 6928, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: INVOICE_MAY-888201-2024.exe PID: 1868, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter                    		Boot or Logon Initialization Scripts111
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                    Software Packing                    		NTDS111
                    Security Software Discovery                    		Distributed Component Object Model1
                    Input Capture                    		11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Process Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    INVOICE_MAY-888201-2024.exe50%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    INVOICE_MAY-888201-2024.exe38%VirustotalBrowse
                    INVOICE_MAY-888201-2024.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    ipr-co.org0%VirustotalBrowse
                    18.31.95.13.in-addr.arpa1%VirustotalBrowse
                    mail.ipr-co.org0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
                    http://www.fontbureau.com0%URL Reputationsafe
                    http://www.fontbureau.com/designersG0%URL Reputationsafe
                    http://www.fontbureau.com/designers/?0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://www.fontbureau.com/designers?0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.fontbureau.com/designers0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://r3.i.lencr.org/00%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.fontbureau.com/designers80%URL Reputationsafe
                    http://www.fontbureau.com/designers80%URL Reputationsafe
                    http://www.fonts.com0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    https://github.com/romenrg/genetic-startups0%Avira URL Cloudsafe
                    http://ipr-co.org0%Avira URL Cloudsafe
                    http://tempuri.org/DataSet1.xsd#tableLayoutPanel10%Avira URL Cloudsafe
                    http://mail.ipr-co.org0%Avira URL Cloudsafe
                    https://github.com/romenrg/genetic-startups0%VirustotalBrowse
                    http://ipr-co.org0%VirustotalBrowse
                    http://tempuri.org/DataSet1.xsd#tableLayoutPanel12%VirustotalBrowse
                    http://mail.ipr-co.org0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ipr-co.org
                    		185.55.225.242
                    		truefalseunknown
                    mail.ipr-co.org
                    		unknown
                    		unknowntrueunknown
                    18.31.95.13.in-addr.arpa
                    		unknown
                    		unknownfalseunknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.apache.org/licenses/LICENSE-2.0INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.comINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designersGINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/?INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/bTheINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://account.dyn.com/INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers?INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.tiro.comINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/romenrg/genetic-startupsINVOICE_MAY-888201-2024.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designersINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.goodfont.co.krINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.carterandcone.comlINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ipr-co.orgINVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://r3.i.lencr.org/0INVOICE_MAY-888201-2024.exe, 00000003.00000002.2877310742.00000000063D2000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.sajatypeworks.comINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netDINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/cabarga.htmlNINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/cTheINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cnINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/frere-user.htmlINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.lencr.org/0INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.i.lencr.org/0INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://r3.o.lencr.org0INVOICE_MAY-888201-2024.exe, 00000003.00000002.2877310742.00000000063D2000.00000004.00000020.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmp, INVOICE_MAY-888201-2024.exe, 00000003.00000002.2870609630.0000000000DE5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/DPleaseINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers8INVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fonts.comINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.sandoll.co.krINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.urwpp.deDPleaseINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.zhongyicts.com.cnINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.sakkal.comINVOICE_MAY-888201-2024.exe, 00000000.00000002.1657160649.00000000070D2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/DataSet1.xsd#tableLayoutPanel1INVOICE_MAY-888201-2024.exefalse
                    • 2%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://mail.ipr-co.orgINVOICE_MAY-888201-2024.exe, 00000003.00000002.2871663068.0000000002AE6000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.55.225.242
                    		ipr-co.orgIran (ISLAMIC Republic Of)
                    		201999SERVERPARSIRfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1446511
                    Start date and time:2024-05-23 15:20:09 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 23s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:9
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:INVOICE_MAY-888201-2024.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@5/1@2/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 280
                    • Number of non-executed functions: 10
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:20:57API Interceptor43x Sleep call for process: INVOICE_MAY-888201-2024.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.55.225.242SecuriteInfo.com.Win32.PWSX-gen.15208.17708.exeGet hashmaliciousAgentTeslaBrowse
                      826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77_dump.exeGet hashmaliciousAgentTeslaBrowse
                        PO#7A68D23.exeGet hashmaliciousAgentTeslaBrowse
                          SecuriteInfo.com.Win32.TrojanX-gen.4972.30087.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            02cfb7e952177524257b4d3ef4f7f30c3b4ef2d321cedf21ab70ae617c3ccf41_dump.exeGet hashmaliciousAgentTeslaBrowse
                              TS-240514-UF3.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                INVOICE KAD-0138-2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  Documents for shipping PI BL PL.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    SecuriteInfo.com.Win32.PWSX-gen.1728.1300.exeGet hashmaliciousAgentTeslaBrowse
                                      IaxmVY8bvT.exeGet hashmaliciousAgentTeslaBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        SERVERPARSIRSecuriteInfo.com.Win32.PWSX-gen.15208.17708.exeGet hashmaliciousAgentTeslaBrowse
                                        • 185.55.225.242
                                        826d8202d71324a5d3b0b76f33e8633d791e0cd0e8d1130c03a612458f9d7d77_dump.exeGet hashmaliciousAgentTeslaBrowse
                                        • 185.55.225.242
                                        PO#7A68D23.exeGet hashmaliciousAgentTeslaBrowse
                                        • 185.55.225.242
                                        SecuriteInfo.com.Win32.TrojanX-gen.4972.30087.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 185.55.225.242
                                        02cfb7e952177524257b4d3ef4f7f30c3b4ef2d321cedf21ab70ae617c3ccf41_dump.exeGet hashmaliciousAgentTeslaBrowse
                                        • 185.55.225.242
                                        TS-240514-UF3.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 185.55.225.242
                                        order pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 185.159.153.113
                                        INVOICE KAD-0138-2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 185.55.225.242
                                        Documents for shipping PI BL PL.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 185.55.225.242
                                        SecuriteInfo.com.Win32.PWSX-gen.1728.1300.exeGet hashmaliciousAgentTeslaBrowse
                                        • 185.55.225.242

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INVOICE_MAY-888201-2024.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1216
                                        Entropy (8bit):5.34331486778365
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):6.965789800275949
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:INVOICE_MAY-888201-2024.exe
                                        File size:939'520 bytes
                                        MD5:a362350a60490b6010c41ffe84f78ce6
                                        SHA1:a24ade8b3223cfcce28218b812735341852ef15b
                                        SHA256:3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75
                                        SHA512:5297e4fb3d52862ac979bbf6d504fcdffb84b2a3457356ba8c2ac97064ef36f03906c00c78c94cf820f097d5f400ad6a56607bd75331a0311374e8c9e898cd56
                                        SSDEEP:12288:c/ZitHOWilim4McpWg0CA3tSwXUVlWXQw0:SZiBOWib4vpWgUlXdf
                                        TLSH:13159F3D18FD2A229160D6A4CFE0C663F110F4FA3963992299D24755074BE9BBDC327E
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Nf..............0..L...........k... ........@.. ....................................@................................

                                        File Icon

                                        Icon Hash:90cececece8e8eb0

                                        Static PE Info

                                        General

                                        Entrypoint:0x4e6bd2
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x664EEC1C [Thu May 23 07:11:24 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xe6b7d0x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xe80000x5d4.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xe47240x54.text
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xe4bd80xe4c0092f36c122f3edaabc6e5cba42134fa57False0.6973936987704918data6.9718122606002035IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xe80000x5d40x600625eef7c947577a583ba2c7e6504af0bFalse0.4283854166666667data4.154134310628926IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xea0000xc0x20074ace239a9799cf06d03fcf5d9dcf7dbFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0xe80900x344data0.4270334928229665
                                        RT_MANIFEST0xe83e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 23, 2024 15:20:59.999960899 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:00.005871058 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:00.006067991 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:01.078222036 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.079888105 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:01.084920883 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.379375935 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.379582882 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:01.437350035 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.703684092 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.709552050 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:01.714569092 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.983844995 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.984499931 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:01.984664917 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:01.988537073 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:02.015651941 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:02.066126108 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:02.305937052 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:02.322709084 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:02.327759027 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:02.584604025 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:02.585761070 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:02.590796947 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:02.849422932 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:02.849822998 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:02.855671883 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:03.332057953 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:03.332372904 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:03.341406107 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:03.615401983 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:03.615834951 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:03.620942116 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:03.922599077 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:03.922782898 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:03.929394007 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:04.197087049 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:04.202174902 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:04.202272892 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:04.202272892 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:04.202272892 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:21:04.207135916 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:04.259360075 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:04.259375095 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:04.259385109 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:04.657104015 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:21:04.697889090 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:22:39.620718002 CEST49733587192.168.2.4185.55.225.242
                                        May 23, 2024 15:22:39.632865906 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:22:39.898698092 CEST58749733185.55.225.242192.168.2.4
                                        May 23, 2024 15:22:39.903433084 CEST49733587192.168.2.4185.55.225.242

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 23, 2024 15:20:59.606080055 CEST6026253192.168.2.41.1.1.1
                                        May 23, 2024 15:20:59.991370916 CEST53602621.1.1.1192.168.2.4
                                        May 23, 2024 15:21:29.892906904 CEST5358217162.159.36.2192.168.2.4
                                        May 23, 2024 15:21:30.444938898 CEST6103353192.168.2.41.1.1.1
                                        May 23, 2024 15:21:30.493484974 CEST53610331.1.1.1192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        May 23, 2024 15:20:59.606080055 CEST192.168.2.41.1.1.10x3cdeStandard query (0)mail.ipr-co.orgA (IP address)IN (0x0001)false
                                        May 23, 2024 15:21:30.444938898 CEST192.168.2.41.1.1.10x2e08Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        May 23, 2024 15:20:59.991370916 CEST1.1.1.1192.168.2.40x3cdeNo error (0)mail.ipr-co.orgipr-co.orgCNAME (Canonical name)IN (0x0001)false
                                        May 23, 2024 15:20:59.991370916 CEST1.1.1.1192.168.2.40x3cdeNo error (0)ipr-co.org185.55.225.242A (IP address)IN (0x0001)false
                                        May 23, 2024 15:21:30.493484974 CEST1.1.1.1192.168.2.40x2e08Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                        SMTP Packets

                                        TimestampSource PortDest PortSource IPDest IPCommands
                                        May 23, 2024 15:21:01.078222036 CEST58749733185.55.225.242192.168.2.4220-irpro5.dnswebhost.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 16:51:00 +0330
                                        220-We do not authorize the use of this system to transport unsolicited,
                                        220 and/or bulk e-mail.
                                        May 23, 2024 15:21:01.079888105 CEST49733587192.168.2.4185.55.225.242EHLO 888683
                                        May 23, 2024 15:21:01.379375935 CEST58749733185.55.225.242192.168.2.4250-irpro5.dnswebhost.com Hello 888683 [8.46.123.175]
                                        250-SIZE 52428800
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-PIPECONNECT
                                        250-AUTH PLAIN LOGIN
                                        250-STARTTLS
                                        250 HELP
                                        May 23, 2024 15:21:01.379582882 CEST49733587192.168.2.4185.55.225.242STARTTLS
                                        May 23, 2024 15:21:01.703684092 CEST58749733185.55.225.242192.168.2.4220 TLS go ahead

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:09:20:54
                                        Start date:23/05/2024
                                        Path:C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"
                                        Imagebase:0xa80000
                                        File size:939'520 bytes
                                        MD5 hash:A362350A60490B6010C41FFE84F78CE6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1654398090.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1654398090.00000000040E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:09:20:57
                                        Start date:23/05/2024
                                        Path:C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"
                                        Imagebase:0x320000
                                        File size:939'520 bytes
                                        MD5 hash:A362350A60490B6010C41FFE84F78CE6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:09:20:57
                                        Start date:23/05/2024
                                        Path:C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\INVOICE_MAY-888201-2024.exe"
                                        Imagebase:0x5e0000
                                        File size:939'520 bytes
                                        MD5 hash:A362350A60490B6010C41FFE84F78CE6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2871663068.0000000002ADE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2871663068.0000000002B09000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2869740310.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2871663068.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2871663068.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:11%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:180
                                          Total number of Limit Nodes:7
                                          execution_graph 38489 78434b0 38490 784363b 38489->38490 38492 78434d6 38489->38492 38492->38490 38493 7841040 38492->38493 38494 7843730 PostMessageW 38493->38494 38495 784379c 38494->38495 38495->38492 38275 7841902 38276 78417c1 38275->38276 38277 78417d0 38276->38277 38280 78421c8 38276->38280 38298 78421b9 38276->38298 38281 78421e2 38280->38281 38290 7842206 38281->38290 38316 7842807 38281->38316 38321 7842dd9 38281->38321 38325 7842e19 38281->38325 38330 7842afc 38281->38330 38335 7842cb3 38281->38335 38340 7842ab0 38281->38340 38345 7842975 38281->38345 38350 78427d5 38281->38350 38355 7842989 38281->38355 38360 7842a2d 38281->38360 38364 784290d 38281->38364 38369 7842ac3 38281->38369 38374 7842962 38281->38374 38379 7842941 38281->38379 38384 78425e0 38281->38384 38290->38277 38299 78421c8 38298->38299 38300 7842807 2 API calls 38299->38300 38301 78425e0 2 API calls 38299->38301 38302 7842941 2 API calls 38299->38302 38303 7842962 2 API calls 38299->38303 38304 7842ac3 2 API calls 38299->38304 38305 784290d 2 API calls 38299->38305 38306 7842a2d 2 API calls 38299->38306 38307 7842989 2 API calls 38299->38307 38308 7842206 38299->38308 38309 78427d5 2 API calls 38299->38309 38310 7842975 2 API calls 38299->38310 38311 7842ab0 2 API calls 38299->38311 38312 7842cb3 2 API calls 38299->38312 38313 7842afc 2 API calls 38299->38313 38314 7842e19 2 API calls 38299->38314 38315 7842dd9 2 API calls 38299->38315 38300->38308 38301->38308 38302->38308 38303->38308 38304->38308 38305->38308 38306->38308 38307->38308 38308->38277 38309->38308 38310->38308 38311->38308 38312->38308 38313->38308 38314->38308 38315->38308 38317 784280d 38316->38317 38318 7842fc6 38317->38318 38389 7840c58 38317->38389 38393 7840c60 38317->38393 38318->38290 38397 7840750 38321->38397 38401 7840749 38321->38401 38322 7842df3 38326 7842e1f 38325->38326 38405 7840e10 38326->38405 38409 7840e09 38326->38409 38327 7842e42 38331 7842ac2 38330->38331 38331->38290 38413 7843418 38331->38413 38418 7843428 38331->38418 38332 7842f57 38336 784281e 38335->38336 38337 7842fc6 38336->38337 38338 7840c60 VirtualAllocEx 38336->38338 38339 7840c58 VirtualAllocEx 38336->38339 38337->38290 38338->38336 38339->38336 38341 7842bfd 38340->38341 38343 7840750 Wow64SetThreadContext 38341->38343 38344 7840749 Wow64SetThreadContext 38341->38344 38342 7842c18 38343->38342 38344->38342 38346 784299b 38345->38346 38431 7840d20 38346->38431 38435 7840d18 38346->38435 38347 7842784 38347->38290 38352 78427db 38350->38352 38351 7842fc6 38351->38290 38352->38351 38353 7840c60 VirtualAllocEx 38352->38353 38354 7840c58 VirtualAllocEx 38352->38354 38353->38352 38354->38352 38356 7842999 38355->38356 38358 7840d20 WriteProcessMemory 38356->38358 38359 7840d18 WriteProcessMemory 38356->38359 38357 7842784 38357->38290 38358->38357 38359->38357 38362 7840d20 WriteProcessMemory 38360->38362 38363 7840d18 WriteProcessMemory 38360->38363 38361 7842988 38362->38361 38363->38361 38365 784281e 38364->38365 38366 7842fc6 38365->38366 38367 7840c60 VirtualAllocEx 38365->38367 38368 7840c58 VirtualAllocEx 38365->38368 38366->38290 38367->38365 38368->38365 38370 7842add 38369->38370 38372 7843418 2 API calls 38370->38372 38373 7843428 2 API calls 38370->38373 38371 7842f57 38372->38371 38373->38371 38375 784296f 38374->38375 38377 7843418 2 API calls 38375->38377 38378 7843428 2 API calls 38375->38378 38376 7842f57 38377->38376 38378->38376 38380 784294a 38379->38380 38382 7840d20 WriteProcessMemory 38380->38382 38383 7840d18 WriteProcessMemory 38380->38383 38381 784285c 38382->38381 38383->38381 38385 78425fc 38384->38385 38439 784139c 38385->38439 38443 78413a8 38385->38443 38390 7840c60 VirtualAllocEx 38389->38390 38392 7840cdd 38390->38392 38392->38317 38394 7840c67 VirtualAllocEx 38393->38394 38396 7840cdd 38394->38396 38396->38317 38398 7840757 Wow64SetThreadContext 38397->38398 38400 78407dd 38398->38400 38400->38322 38402 7840750 Wow64SetThreadContext 38401->38402 38404 78407dd 38402->38404 38404->38322 38406 7840e5b ReadProcessMemory 38405->38406 38408 7840e9f 38406->38408 38408->38327 38410 7840e10 ReadProcessMemory 38409->38410 38412 7840e9f 38410->38412 38412->38327 38414 7843428 38413->38414 38423 7840260 38414->38423 38427 7840268 38414->38427 38415 7843450 38415->38332 38419 784343d 38418->38419 38421 7840260 ResumeThread 38419->38421 38422 7840268 ResumeThread 38419->38422 38420 7843450 38420->38332 38421->38420 38422->38420 38424 7840268 ResumeThread 38423->38424 38426 78402d9 38424->38426 38426->38415 38428 784026f ResumeThread 38427->38428 38430 78402d9 38428->38430 38430->38415 38432 7840d27 WriteProcessMemory 38431->38432 38434 7840dbf 38432->38434 38434->38347 38436 7840d20 WriteProcessMemory 38435->38436 38438 7840dbf 38436->38438 38438->38347 38440 78413a8 CreateProcessA 38439->38440 38442 78415f3 38440->38442 38444 7841431 CreateProcessA 38443->38444 38446 78415f3 38444->38446 38447 162ad28 38450 162ae11 38447->38450 38448 162ad37 38451 162adb9 38450->38451 38452 162ae1a 38450->38452 38451->38448 38453 162ae4c 38452->38453 38456 162b4c0 38452->38456 38460 162b4b1 38452->38460 38453->38448 38457 162b4d4 38456->38457 38458 162b4f9 38457->38458 38464 162b020 38457->38464 38458->38453 38461 162b4d4 38460->38461 38462 162b020 LoadLibraryExW 38461->38462 38463 162b4f9 38461->38463 38462->38463 38463->38453 38465 162b6a0 LoadLibraryExW 38464->38465 38467 162b719 38465->38467 38467->38458 38468 1624668 38469 162467a 38468->38469 38470 1624686 38469->38470 38472 1624778 38469->38472 38473 162479d 38472->38473 38477 1624888 38473->38477 38481 1624879 38473->38481 38478 16248af 38477->38478 38480 162498c 38478->38480 38485 16244e0 38478->38485 38482 16248af 38481->38482 38483 162498c 38482->38483 38484 16244e0 CreateActCtxA 38482->38484 38484->38483 38486 1625918 CreateActCtxA 38485->38486 38488 16259db 38486->38488 38496 162d1d8 38497 162d21e 38496->38497 38501 162d3a7 38497->38501 38505 162d3b8 38497->38505 38498 162d30b 38502 162d3b5 38501->38502 38508 162b3e8 38502->38508 38506 162d3e6 38505->38506 38507 162b3e8 DuplicateHandle 38505->38507 38506->38498 38507->38506 38509 162d420 DuplicateHandle 38508->38509 38510 162d3e6 38509->38510 38510->38498 38511 162b418 38512 162b460 GetModuleHandleW 38511->38512 38513 162b45a 38511->38513 38514 162b48d 38512->38514 38513->38512

                                          Executed Functions

                                          Function 074B1440 Relevance: 5.4, Strings: 4, Instructions: 437COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 294 74b1440-74b146b 295 74b146d 294->295 296 74b1472-74b14ba 294->296 295->296 297 74b14bb 296->297 298 74b14c2-74b14de 297->298 299 74b14e0 298->299 300 74b14e7-74b14e8 298->300 299->297 299->300 301 74b150a 299->301 302 74b1649-74b165b 299->302 303 74b1809-74b181c 299->303 304 74b16c3-74b16d6 299->304 305 74b15c2-74b15d5 299->305 306 74b1687-74b169a 299->306 307 74b1847 299->307 308 74b16db-74b16df 299->308 309 74b169f-74b16be 299->309 310 74b181e 299->310 311 74b1893-74b18a6 299->311 312 74b1712-74b1738 299->312 313 74b15d7-74b15ef 299->313 314 74b1755-74b1767 299->314 315 74b14ea 299->315 316 74b17e9-74b1807 299->316 317 74b18a8 299->317 318 74b15ad-74b15c0 299->318 319 74b1622-74b1647 299->319 320 74b17ba 299->320 321 74b157e 299->321 322 74b173d-74b1750 299->322 323 74b1533-74b157b 299->323 324 74b15f0 299->324 325 74b1876-74b1891 299->325 300->323 399 74b150a call 74b1c90 301->399 400 74b150a call 74b1ca0 301->400 330 74b166e-74b1675 302->330 331 74b165d-74b166c 302->331 326 74b17c1-74b17dd 303->326 329 74b15f7-74b1613 304->329 328 74b1585-74b15a1 305->328 306->329 327 74b184e-74b186a 307->327 332 74b16f2-74b16f9 308->332 333 74b16e1-74b16f0 308->333 309->329 310->307 311->327 312->329 313->324 390 74b176d call 74b2300 314->390 391 74b176d call 74b2240 314->391 392 74b176d call 74b2250 314->392 397 74b14ef call 74b1c50 315->397 398 74b14ef call 74b1c60 315->398 316->326 343 74b195e 317->343 318->328 319->329 320->326 321->328 322->329 323->321 324->329 325->327 350 74b17df 326->350 351 74b17e6-74b17e7 326->351 337 74b186c 327->337 338 74b1873-74b1874 327->338 347 74b15aa-74b15ab 328->347 348 74b15a3 328->348 352 74b161c-74b161d 329->352 353 74b1615 329->353 336 74b167c-74b1682 330->336 331->336 342 74b1700-74b170d 332->342 333->342 336->329 337->307 337->311 337->317 337->325 337->338 337->343 354 74b1bab-74b1bb2 337->354 355 74b1a6e-74b1a71 337->355 356 74b1a4e-74b1a4f 337->356 357 74b199c-74b1a04 337->357 358 74b1b93-74b1ba6 337->358 359 74b1ad4-74b1b5b 337->359 338->317 339 74b14f5-74b1508 339->298 341 74b1510-74b1531 341->298 342->329 360 74b1965-74b1981 343->360 347->313 348->302 348->303 348->304 348->305 348->306 348->307 348->308 348->309 348->310 348->311 348->312 348->313 348->314 348->316 348->317 348->318 348->319 348->320 348->321 348->322 348->324 348->325 348->347 350->303 350->307 350->310 350->311 350->316 350->317 350->320 350->325 350->343 350->351 350->354 350->355 350->356 350->357 350->358 350->359 351->310 352->314 353->302 353->303 353->304 353->306 353->307 353->308 353->309 353->310 353->311 353->312 353->314 353->316 353->317 353->319 353->320 353->322 353->324 353->325 353->352 395 74b1a74 call 74b4aea 355->395 396 74b1a74 call 74b4af0 355->396 393 74b1a51 call 7843470 356->393 394 74b1a51 call 7843461 356->394 380 74b1a2e 357->380 381 74b1a06-74b1a12 357->381 403 74b1b5e call 74b2300 359->403 404 74b1b5e call 74b2240 359->404 405 74b1b5e call 74b2250 359->405 361 74b1983 360->361 362 74b1996-74b1997 360->362 361->343 361->354 361->355 361->356 361->357 361->358 361->359 361->362 362->354 364 74b1773-74b17b8 364->310 364->320 366 74b1a57-74b1a69 366->360 367 74b1a7a-74b1a91 406 74b1a96 call 74b63a8 367->406 407 74b1a96 call 74b63b8 367->407 372 74b1a9c-74b1aa2 401 74b1aa8 call 74b6f60 372->401 402 74b1aa8 call 74b6f70 372->402 376 74b1aae-74b1acf 384 74b1a34-74b1a49 380->384 382 74b1a1c-74b1a22 381->382 383 74b1a14-74b1a1a 381->383 386 74b1a2c 382->386 383->386 384->360 386->384 388 74b1b64-74b1b73 408 74b1b76 call 74b7a78 388->408 409 74b1b76 call 74b7a88 388->409 389 74b1b7c-74b1b8e 390->364 391->364 392->364 393->366 394->366 395->367 396->367 397->339 398->339 399->341 400->341 401->376 402->376 403->388 404->388 405->388 406->372 407->372 408->389 409->389
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $^q$$^q$5$z-,
                                          • API String ID: 0-1755758331
                                          • Opcode ID: 0a9a963f7d36802b53e2926186c02554ecc1bfa7b4c1bb42cf9a30d9f173df85
                                          • Instruction ID: e6fb1801af3e0033817e44393daa24f3c4629e54cd855f8c68bb2276f1235554
                                          • Opcode Fuzzy Hash: 0a9a963f7d36802b53e2926186c02554ecc1bfa7b4c1bb42cf9a30d9f173df85
                                          • Instruction Fuzzy Hash: C31225B4E1521DCFDB24CFA9D9946DDFBB2BB8A300F10946AD40ABB254DB309941CF24
                                          Function 074B1430 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 455 74b1430-74b146b 456 74b146d 455->456 457 74b1472-74b14ba 455->457 456->457 458 74b14bb 457->458 459 74b14c2-74b14de 458->459 460 74b14e0 459->460 461 74b14e7-74b14e8 459->461 460->458 460->461 462 74b150a 460->462 463 74b1649-74b165b 460->463 464 74b1809-74b181c 460->464 465 74b16c3-74b16d6 460->465 466 74b15c2-74b15d5 460->466 467 74b1687-74b169a 460->467 468 74b1847 460->468 469 74b16db-74b16df 460->469 470 74b169f-74b16be 460->470 471 74b181e 460->471 472 74b1893-74b18a6 460->472 473 74b1712-74b1738 460->473 474 74b15d7-74b15ef 460->474 475 74b1755-74b1767 460->475 476 74b14ea 460->476 477 74b17e9-74b1807 460->477 478 74b18a8 460->478 479 74b15ad-74b15c0 460->479 480 74b1622-74b1647 460->480 481 74b17ba 460->481 482 74b157e 460->482 483 74b173d-74b1750 460->483 484 74b1533-74b157b 460->484 485 74b15f0 460->485 486 74b1876-74b1891 460->486 461->484 551 74b150a call 74b1c90 462->551 552 74b150a call 74b1ca0 462->552 491 74b166e-74b1675 463->491 492 74b165d-74b166c 463->492 487 74b17c1-74b17dd 464->487 490 74b15f7-74b1613 465->490 489 74b1585-74b15a1 466->489 467->490 488 74b184e-74b186a 468->488 493 74b16f2-74b16f9 469->493 494 74b16e1-74b16f0 469->494 470->490 471->468 472->488 473->490 474->485 562 74b176d call 74b2300 475->562 563 74b176d call 74b2240 475->563 564 74b176d call 74b2250 475->564 569 74b14ef call 74b1c50 476->569 570 74b14ef call 74b1c60 476->570 477->487 504 74b195e 478->504 479->489 480->490 481->487 482->489 483->490 484->482 485->490 486->488 511 74b17df 487->511 512 74b17e6-74b17e7 487->512 498 74b186c 488->498 499 74b1873-74b1874 488->499 508 74b15aa-74b15ab 489->508 509 74b15a3 489->509 513 74b161c-74b161d 490->513 514 74b1615 490->514 497 74b167c-74b1682 491->497 492->497 503 74b1700-74b170d 493->503 494->503 497->490 498->468 498->472 498->478 498->486 498->499 498->504 515 74b1bab-74b1bb2 498->515 516 74b1a6e-74b1a71 498->516 517 74b1a4e-74b1a4f 498->517 518 74b199c-74b1a04 498->518 519 74b1b93-74b1ba6 498->519 520 74b1ad4-74b1b5b 498->520 499->478 500 74b14f5-74b1508 500->459 502 74b1510-74b1531 502->459 503->490 521 74b1965-74b1981 504->521 508->474 509->463 509->464 509->465 509->466 509->467 509->468 509->469 509->470 509->471 509->472 509->473 509->474 509->475 509->477 509->478 509->479 509->480 509->481 509->482 509->483 509->485 509->486 509->508 511->464 511->468 511->471 511->472 511->477 511->478 511->481 511->486 511->504 511->512 511->515 511->516 511->517 511->518 511->519 511->520 512->471 513->475 514->463 514->464 514->465 514->467 514->468 514->469 514->470 514->471 514->472 514->473 514->475 514->477 514->478 514->480 514->481 514->483 514->485 514->486 514->513 567 74b1a74 call 74b4aea 516->567 568 74b1a74 call 74b4af0 516->568 565 74b1a51 call 7843470 517->565 566 74b1a51 call 7843461 517->566 541 74b1a2e 518->541 542 74b1a06-74b1a12 518->542 555 74b1b5e call 74b2300 520->555 556 74b1b5e call 74b2240 520->556 557 74b1b5e call 74b2250 520->557 522 74b1983 521->522 523 74b1996-74b1997 521->523 522->504 522->515 522->516 522->517 522->518 522->519 522->520 522->523 523->515 525 74b1773-74b17b8 525->471 525->481 527 74b1a57-74b1a69 527->521 528 74b1a7a-74b1a91 558 74b1a96 call 74b63a8 528->558 559 74b1a96 call 74b63b8 528->559 533 74b1a9c-74b1aa2 553 74b1aa8 call 74b6f60 533->553 554 74b1aa8 call 74b6f70 533->554 537 74b1aae-74b1acf 545 74b1a34-74b1a49 541->545 543 74b1a1c-74b1a22 542->543 544 74b1a14-74b1a1a 542->544 547 74b1a2c 543->547 544->547 545->521 547->545 549 74b1b64-74b1b73 560 74b1b76 call 74b7a78 549->560 561 74b1b76 call 74b7a88 549->561 550 74b1b7c-74b1b8e 551->502 552->502 553->537 554->537 555->549 556->549 557->549 558->533 559->533 560->550 561->550 562->525 563->525 564->525 565->527 566->527 567->528 568->528 569->500 570->500
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $^q$5$z-,
                                          • API String ID: 0-2605771091
                                          • Opcode ID: 8962087863c0c6ea9b9bd68660e05882a15e48829d63997bfba26db0b6b1cd6a
                                          • Instruction ID: 9ec3cc311d77d22a5ae4f5225fa70af2c0302bb390f52b491797076ab7fa745a
                                          • Opcode Fuzzy Hash: 8962087863c0c6ea9b9bd68660e05882a15e48829d63997bfba26db0b6b1cd6a
                                          • Instruction Fuzzy Hash: 9102F4B4E11219CFDB64CFA9D9946DDFBB2BB89300F10D46AD40ABB254DB349941CF24
                                          Function 074B18AB Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 571 74b18ab-74b192b 577 74b192d-74b1939 571->577 578 74b1955 571->578 580 74b193b-74b1941 577->580 581 74b1943-74b1949 577->581 579 74b195b 578->579 582 74b195e 579->582 583 74b1953 580->583 581->583 584 74b1965-74b1981 582->584 583->579 585 74b1983 584->585 586 74b1996-74b1997 584->586 585->582 585->586 587 74b1bab-74b1bb2 585->587 588 74b1a6e-74b1a71 585->588 589 74b1a4e-74b1a4f 585->589 590 74b199c-74b1a04 585->590 591 74b1b93-74b1ba6 585->591 592 74b1ad4-74b1b5b 585->592 586->587 626 74b1a74 call 74b4aea 588->626 627 74b1a74 call 74b4af0 588->627 622 74b1a51 call 7843470 589->622 623 74b1a51 call 7843461 589->623 605 74b1a2e 590->605 606 74b1a06-74b1a12 590->606 615 74b1b5e call 74b2300 592->615 616 74b1b5e call 74b2240 592->616 617 74b1b5e call 74b2250 592->617 593 74b1a57-74b1a69 593->584 595 74b1a7a-74b1a91 620 74b1a96 call 74b63a8 595->620 621 74b1a96 call 74b63b8 595->621 599 74b1a9c-74b1aa2 624 74b1aa8 call 74b6f60 599->624 625 74b1aa8 call 74b6f70 599->625 602 74b1aae-74b1acf 607 74b1a34-74b1a49 605->607 609 74b1a1c-74b1a22 606->609 610 74b1a14-74b1a1a 606->610 607->584 611 74b1a2c 609->611 610->611 611->607 613 74b1b64-74b1b73 618 74b1b76 call 74b7a78 613->618 619 74b1b76 call 74b7a88 613->619 614 74b1b7c-74b1b8e 615->613 616->613 617->613 618->614 619->614 620->599 621->599 622->593 623->593 624->602 625->602 626->595 627->595
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $^q$$^q$$^q
                                          • API String ID: 0-831282457
                                          • Opcode ID: c4655f98a2be5051145233a2539342b1dee3faaba44a72a62b5285f65604b99b
                                          • Instruction ID: e7b7140fd1c8694558bef1e7d4bfa44760624e169001da6ed817ae19d3b3528a
                                          • Opcode Fuzzy Hash: c4655f98a2be5051145233a2539342b1dee3faaba44a72a62b5285f65604b99b
                                          • Instruction Fuzzy Hash: 9E81AF74E1132DCFDB64DFA5D954B9DBBB2BB89200F1085AAD40AAB354DB305E85CF20
                                          Function 074B6F70 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 652 74b6f70-74b6f98 653 74b6f9a 652->653 654 74b6f9f-74b6fdf 652->654 653->654 655 74b6fe0 654->655 656 74b6fe7-74b7003 655->656 657 74b700c-74b700d 656->657 658 74b7005 656->658 659 74b7012-74b7016 657->659 660 74b72e5-74b72ee 657->660 658->655 658->659 658->660 661 74b7208-74b721d 658->661 662 74b710f-74b7128 658->662 663 74b72ce-74b72e0 658->663 664 74b712d-74b7188 658->664 665 74b718d-74b71a0 658->665 666 74b708c-74b709f 658->666 667 74b7222-74b7234 658->667 668 74b70c0-74b70c4 658->668 669 74b7247-74b726d call 74b66d0 658->669 670 74b7046-74b7054 658->670 671 74b71a5-74b7203 call 74b6a00 658->671 672 74b70a4-74b70bb 658->672 673 74b7239-74b7242 658->673 674 74b72b2-74b72c9 658->674 675 74b7070-74b7087 658->675 676 74b70f7-74b710a 658->676 677 74b7297-74b72ad 658->677 678 74b7056-74b706b 658->678 683 74b7029-74b7030 659->683 684 74b7018-74b7027 659->684 661->656 662->656 663->656 664->656 665->656 666->656 667->656 680 74b70d7-74b70de 668->680 681 74b70c6-74b70d5 668->681 690 74b7277-74b7292 669->690 670->656 671->656 672->656 673->656 674->656 675->656 676->656 677->656 678->656 687 74b70e5-74b70f2 680->687 681->687 685 74b7037-74b7044 683->685 684->685 685->656 687->656 690->656
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: UJ$yO6
                                          • API String ID: 0-870398751
                                          • Opcode ID: d59310000b4c7b2c5ac055fbadab31834fa05d212f812c33b92df271a122b960
                                          • Instruction ID: b216c3d0eccc5b182ecfe80e033f4bfc078ab0e744c2728bf9da03ca3713c481
                                          • Opcode Fuzzy Hash: d59310000b4c7b2c5ac055fbadab31834fa05d212f812c33b92df271a122b960
                                          • Instruction Fuzzy Hash: 8EB1E8B1D15219DBCF28CFA6D9809DEFBB2BF89310F10982AD415AB264DB349906CF51
                                          Function 074B6F60 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 696 74b6f60-74b6f98 698 74b6f9a 696->698 699 74b6f9f-74b6fdf 696->699 698->699 700 74b6fe0 699->700 701 74b6fe7-74b7003 700->701 702 74b700c-74b700d 701->702 703 74b7005 701->703 704 74b7012-74b7016 702->704 705 74b72e5-74b72ee 702->705 703->700 703->704 703->705 706 74b7208-74b721d 703->706 707 74b710f-74b7128 703->707 708 74b72ce-74b72e0 703->708 709 74b712d-74b7188 703->709 710 74b718d-74b71a0 703->710 711 74b708c-74b709f 703->711 712 74b7222-74b7234 703->712 713 74b70c0-74b70c4 703->713 714 74b7247-74b726d call 74b66d0 703->714 715 74b7046-74b7054 703->715 716 74b71a5-74b7203 call 74b6a00 703->716 717 74b70a4-74b70bb 703->717 718 74b7239-74b7242 703->718 719 74b72b2-74b72c9 703->719 720 74b7070-74b7087 703->720 721 74b70f7-74b710a 703->721 722 74b7297-74b72ad 703->722 723 74b7056-74b706b 703->723 728 74b7029-74b7030 704->728 729 74b7018-74b7027 704->729 706->701 707->701 708->701 709->701 710->701 711->701 712->701 725 74b70d7-74b70de 713->725 726 74b70c6-74b70d5 713->726 735 74b7277-74b7292 714->735 715->701 716->701 717->701 718->701 719->701 720->701 721->701 722->701 723->701 732 74b70e5-74b70f2 725->732 726->732 730 74b7037-74b7044 728->730 729->730 730->701 732->701 735->701
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: UJ$yO6
                                          • API String ID: 0-870398751
                                          • Opcode ID: 8204dfc6a95b29a4b32e4e5e6b84ccdf8d8f7a4514ae8b2182c19914dcb35c19
                                          • Instruction ID: 22260c900129871ea3b182259cd426be037a14d706e1acba9fefa68c42481485
                                          • Opcode Fuzzy Hash: 8204dfc6a95b29a4b32e4e5e6b84ccdf8d8f7a4514ae8b2182c19914dcb35c19
                                          • Instruction Fuzzy Hash: D4B1F7B1D15219DFCB18CFA6D9809DEFBB2BF89200F10D92AD415EB264DB349906CF51
                                          Function 074B63B8 Relevance: 2.7, Strings: 2, Instructions: 206COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 783 74b63b8-74b63dd 784 74b63df 783->784 785 74b63e4-74b6415 783->785 784->785 786 74b6416 785->786 787 74b641d-74b6439 786->787 788 74b643b 787->788 789 74b6442-74b6443 787->789 788->786 790 74b6448-74b645b 788->790 791 74b6608-74b661b 788->791 792 74b65ae-74b65d5 788->792 793 74b64ec-74b652e 788->793 794 74b664c-74b6662 788->794 795 74b6620-74b6647 788->795 796 74b6667-74b6670 788->796 797 74b6564-74b6579 788->797 798 74b65da-74b65ec 788->798 799 74b657e-74b658c 788->799 800 74b645d-74b6474 788->800 801 74b6533-74b6536 788->801 802 74b65f1-74b6603 788->802 803 74b6591-74b65a9 788->803 804 74b6476-74b6489 788->804 805 74b64b5-74b64b9 788->805 789->790 789->796 790->787 791->787 792->787 793->787 794->787 795->787 797->787 798->787 799->787 800->787 817 74b6539 call 74b56d8 801->817 818 74b6539 call 74b6798 801->818 819 74b6539 call 74b6838 801->819 820 74b6539 call 74b56f4 801->820 802->787 803->787 806 74b648b-74b649a 804->806 807 74b649c-74b64a3 804->807 808 74b64bb-74b64ca 805->808 809 74b64cc-74b64d3 805->809 812 74b64aa-74b64b0 806->812 807->812 811 74b64da-74b64e7 808->811 809->811 810 74b653f-74b655f 810->787 811->787 812->787 817->810 818->810 819->810 820->810
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: !>c8$%)Y
                                          • API String ID: 0-2922296349
                                          • Opcode ID: 34e909578de6ff28fcea9ce1f955846fe3bd0370b373939d55809b30f43743d3
                                          • Instruction ID: 55798a2415817c438525dc1ae9ba67c2724c30e1686e81af3616194350936375
                                          • Opcode Fuzzy Hash: 34e909578de6ff28fcea9ce1f955846fe3bd0370b373939d55809b30f43743d3
                                          • Instruction Fuzzy Hash: 328125B0D15619EFCB18CFA6E5819DEFBB2FF89310F10942AE415AB224D7309942CF55
                                          Function 074B63A8 Relevance: 2.7, Strings: 2, Instructions: 204COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 821 74b63a8-74b63dd 822 74b63df 821->822 823 74b63e4-74b6415 821->823 822->823 824 74b6416 823->824 825 74b641d-74b6439 824->825 826 74b643b 825->826 827 74b6442-74b6443 825->827 826->824 828 74b6448-74b645b 826->828 829 74b6608-74b661b 826->829 830 74b65ae-74b65d5 826->830 831 74b64ec-74b652e 826->831 832 74b664c-74b6662 826->832 833 74b6620-74b6647 826->833 834 74b6667-74b6670 826->834 835 74b6564-74b6579 826->835 836 74b65da-74b65ec 826->836 837 74b657e-74b658c 826->837 838 74b645d-74b6474 826->838 839 74b6533-74b6536 826->839 840 74b65f1-74b6603 826->840 841 74b6591-74b65a9 826->841 842 74b6476-74b6489 826->842 843 74b64b5-74b64b9 826->843 827->828 827->834 828->825 829->825 830->825 831->825 832->825 833->825 835->825 836->825 837->825 838->825 855 74b6539 call 74b56d8 839->855 856 74b6539 call 74b6798 839->856 857 74b6539 call 74b6838 839->857 858 74b6539 call 74b56f4 839->858 840->825 841->825 844 74b648b-74b649a 842->844 845 74b649c-74b64a3 842->845 846 74b64bb-74b64ca 843->846 847 74b64cc-74b64d3 843->847 850 74b64aa-74b64b0 844->850 845->850 849 74b64da-74b64e7 846->849 847->849 848 74b653f-74b655f 848->825 849->825 850->825 855->848 856->848 857->848 858->848
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: !>c8$%)Y
                                          • API String ID: 0-2922296349
                                          • Opcode ID: 5bddbd073b4d3aaec6c30eeb7e17fa80e10e27eab58f974e134a9889f454ed66
                                          • Instruction ID: 14dde709e9c0262c4fc19e2c580c8ce8340311736cf84a561bd6e3ba54c03783
                                          • Opcode Fuzzy Hash: 5bddbd073b4d3aaec6c30eeb7e17fa80e10e27eab58f974e134a9889f454ed66
                                          • Instruction Fuzzy Hash: DC8137B1D1561AEFCB18CFA6E5805DEFBB2FF89310F10942AE415AB224D7309942CF55
                                          Function 074B1838 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $^q
                                          • API String ID: 0-388095546
                                          • Opcode ID: fa50dd12b312dec12783b3a7a181ee353152666cd221c82f75d9fd71cbe98300
                                          • Instruction ID: 0bf034149ada9d7f6db16065b60ed2facdc36965363899b185585f7d5885d4f1
                                          • Opcode Fuzzy Hash: fa50dd12b312dec12783b3a7a181ee353152666cd221c82f75d9fd71cbe98300
                                          • Instruction Fuzzy Hash: 64710474E1125DCFDB64CFA5C954BDDBBB2BB89300F1085AAD40AAB254DB309981CF24
                                          Function 074B1823 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $^q
                                          • API String ID: 0-388095546
                                          • Opcode ID: 6344e8e2ebce30a4c475a63b4d49564dfeac5611fbb7c6b9b0f46fd9371c5ea1
                                          • Instruction ID: 582bf54921886e0ba5357bb018dbdeb800ec1e30a348e2e003323edfb191d2e1
                                          • Opcode Fuzzy Hash: 6344e8e2ebce30a4c475a63b4d49564dfeac5611fbb7c6b9b0f46fd9371c5ea1
                                          • Instruction Fuzzy Hash: E0711474E1125DCFDB64CFA9C954BDDBBB2BB89300F1085AAD40AAB254DB309981CF24
                                          Function 07844EA0 Relevance: .4, Instructions: 350COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ea448ed30771d992ac14f5dbed34130efc185a3eb42713ebdfde0da5c2e300a
                                          • Instruction ID: 4ef91dfd5d59ab0022cb5d02ba1b6af0a709f8656ca726249cd33e4cd244b2f6
                                          • Opcode Fuzzy Hash: 2ea448ed30771d992ac14f5dbed34130efc185a3eb42713ebdfde0da5c2e300a
                                          • Instruction Fuzzy Hash: 44D1CCB17016598FDB29DFB9C810B6EB7FBAF99200F14446DD009CB694DBB5D802CB92
                                          Function 074B1D78 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95440d587df0400a24128e32d666b9cdf4ef617b4f4c9d8b082b765ed7e9ec0f
                                          • Instruction ID: 1c398b56503cfc326475665e85ea39a6d4d158b487eb2073c7e876fe53a04f90
                                          • Opcode Fuzzy Hash: 95440d587df0400a24128e32d666b9cdf4ef617b4f4c9d8b082b765ed7e9ec0f
                                          • Instruction Fuzzy Hash: 5B4147B4D10219DFCB44CFA9D5456EEFBF6FB89300F109826D424A7264D7346A42CF60
                                          Function 074B438E Relevance: 5.1, Strings: 4, Instructions: 123COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 410 74b438e-74b4394 412 74b432f-74b433b 410->412 413 74b4396-74b439e 410->413 416 74b4342-74b434b 412->416 414 74b44e9-74b44f7 413->414 415 74b43a4-74b43ad 413->415 417 74b4381-74b4384 415->417 418 74b438d 417->418 419 74b4386 417->419 418->410 419->418 421 74b44ab-74b44ce 419->421 422 74b43af-74b43d4 419->422 423 74b4442-74b4448 419->423 424 74b4412-74b442c 419->424 425 74b4485-74b4491 419->425 426 74b4494-74b4498 419->426 443 74b44dc-74b44e3 421->443 444 74b44d0-74b44d8 421->444 445 74b43d9-74b43e3 422->445 446 74b43d6 422->446 428 74b444a-74b444c 423->428 429 74b444e-74b445a 423->429 437 74b4432-74b443d 424->437 438 74b44e4 424->438 425->426 430 74b449a 426->430 431 74b44a4-74b44a9 426->431 436 74b445c-74b446b 428->436 429->436 432 74b449f 430->432 431->432 432->417 436->438 447 74b446d-74b4474 436->447 437->417 438->414 444->443 449 74b43ec-74b43ef 445->449 450 74b43e5-74b43ea 445->450 446->445 447->414 451 74b4476-74b4480 447->451 452 74b43f2-74b4403 449->452 450->452 451->417 452->414 454 74b4409-74b440d 452->454 454->417
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LR^q$LR^q$P$$^q
                                          • API String ID: 0-267310105
                                          • Opcode ID: f7e2faa235684791a8076ea01e7ddca7cc88e8b7d016c32d8d77deb04e461f10
                                          • Instruction ID: c47fe88c7284de04edc52e447bb49523ccb1d6ca32188da24ab1fa256214497b
                                          • Opcode Fuzzy Hash: f7e2faa235684791a8076ea01e7ddca7cc88e8b7d016c32d8d77deb04e461f10
                                          • Instruction Fuzzy Hash: 144101B0B50195CBCF28CFAC94442FEBBB1AB45214F184A6BE5119B283CA308D56CB65
                                          Function 054B36A0 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 741 54b36a0-54b3702 call 54b2a28 747 54b3768-54b3794 741->747 748 54b3704-54b3706 741->748 749 54b379b-54b37a3 747->749 748->749 750 54b370c-54b3718 748->750 754 54b37aa-54b38e5 749->754 750->754 755 54b371e-54b3759 call 54b2a34 750->755 773 54b38eb-54b38f9 754->773 767 54b375e-54b3767 755->767 774 54b38fb-54b3901 773->774 775 54b3902-54b3948 773->775 774->775 780 54b394a-54b394d 775->780 781 54b3955 775->781 780->781 782 54b3956 781->782 782->782
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Hbq$Hbq
                                          • API String ID: 0-4258043069
                                          • Opcode ID: 3c5aea0bad02fbb65996c5c5dedd59ba16a263a3950c332ca0a8f39ef4a4f00a
                                          • Instruction ID: 9188ce2639a18d9dd097d3b51c3668ddad9b04eda3b1cee59205e3b1cb1b383f
                                          • Opcode Fuzzy Hash: 3c5aea0bad02fbb65996c5c5dedd59ba16a263a3950c332ca0a8f39ef4a4f00a
                                          • Instruction Fuzzy Hash: FD816E74E003598FDB04DFA9C8946EEBBF6FF88300F14856AE409AB350DB749946CB61
                                          Function 054B327C Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 859 54b327c-54b40d2 862 54b40db-54b40eb 859->862 863 54b40d4-54b40d6 859->863 864 54b40f1-54b4101 862->864 865 54b41b6-54b4288 862->865 866 54b418a-54b41af 863->866 864->865 867 54b4107-54b410b 864->867 886 54b428f-54b42aa 865->886 866->865 870 54b410d 867->870 871 54b4113-54b4132 867->871 870->865 870->871 872 54b4159-54b415e 871->872 873 54b4134-54b4154 call 54b33e4 call 54b325c call 54b326c 871->873 875 54b4160-54b4162 call 54b33f4 872->875 876 54b4167-54b417a call 54b3238 872->876 873->872 875->876 876->886 887 54b4180-54b4187 876->887 887->866
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq$Hbq
                                          • API String ID: 0-4081012451
                                          • Opcode ID: 91c20a0f52681ddb7b746e529e5edf0393d0bb45bdc90904c6ec588227bcc8a3
                                          • Instruction ID: 3d9f7c4bb0d4e0dde00adf92f9b82aa11a04f75382b9a1aa176259f8ca038eba
                                          • Opcode Fuzzy Hash: 91c20a0f52681ddb7b746e529e5edf0393d0bb45bdc90904c6ec588227bcc8a3
                                          • Instruction Fuzzy Hash: 5C41C270B002159FDF18AFAD84496FF7AE7FBD8340B24896AE40697395CE34CD0587A9
                                          Function 074BA242 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 904 74ba242-74ba249 905 74ba24b-74ba273 904->905 906 74ba2aa-74ba461 904->906 908 74ba27a-74ba2a6 905->908 909 74ba275 905->909 908->906 909->908
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q$Te^q
                                          • API String ID: 0-3743469327
                                          • Opcode ID: 950ac061ba875dbf559f84c67b8820d314bfc24eead58b29e7c4ccede8857f78
                                          • Instruction ID: 22f31ec7001e0f1f273a23ed6773369f31d6fb4cd370e225817c065fdbd96192
                                          • Opcode Fuzzy Hash: 950ac061ba875dbf559f84c67b8820d314bfc24eead58b29e7c4ccede8857f78
                                          • Instruction Fuzzy Hash: FA5108B4E052498FDB18CFE9C8446EDFFF6AF89300F14912AD405AB355DB35594ACB60
                                          Function 054BCDC9 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 912 54bcdc9-54bcdd0 913 54bcdd2-54bcdeb 912->913 914 54bce10-54bcf3d 912->914 915 54bcdf5-54bcdf8 913->915 929 54bcdfb call 54bcf40 915->929 930 54bcdfb call 54bcf50 915->930 918 54bce01-54bce0f 918->914 929->918 930->918
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: b74da6c89513558764c3c82b0ba0ec8ccb14df779aec15d3965c30410aa36f85
                                          • Instruction ID: 4b070ba9121078e90367105cc5b81eec0ab23956ea3add1420056a001a5ee05d
                                          • Opcode Fuzzy Hash: b74da6c89513558764c3c82b0ba0ec8ccb14df779aec15d3965c30410aa36f85
                                          • Instruction Fuzzy Hash: 43417B32D5071A9BDB10EFA9D8407CDF7B2FF94300F618A29E508BB250EB706995CB80
                                          Function 054BCDD8 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 931 54bcdd8-54bcdf8 947 54bcdfb call 54bcf40 931->947 948 54bcdfb call 54bcf50 931->948 933 54bce01-54bcf3d 947->933 948->933
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: 45e21a2143a41a21352f41a8e4e075fff275d34b1af136f3f45d86b5dc815cd3
                                          • Instruction ID: 9539be9758d64ec4a47382ac244c9e4fb3065a115e3e15406b562099c475d65a
                                          • Opcode Fuzzy Hash: 45e21a2143a41a21352f41a8e4e075fff275d34b1af136f3f45d86b5dc815cd3
                                          • Instruction Fuzzy Hash: D7413C31D5071A9BDB14EFA9D8406DDF7B2FF95300F618B29E509BB250EB706585CB80
                                          Function 074B2E48 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Hbq$Hbq
                                          • API String ID: 0-4258043069
                                          • Opcode ID: a72d2b0e89c0c67dc0b0ec7b2795e651d370a9438fba28a7c77ca81696c95e07
                                          • Instruction ID: fc4351fc4741f15b3ea3fda33d8720bf5cadea66a0a77c52d86e6c6eb6a91792
                                          • Opcode Fuzzy Hash: a72d2b0e89c0c67dc0b0ec7b2795e651d370a9438fba28a7c77ca81696c95e07
                                          • Instruction Fuzzy Hash: 4A018670120608CFC751DF66F589161BFB0FB49305F60A9DAF0844A206CB32DC67CB58
                                          Function 0784139C Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 078415DE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: a24aa61e4a880fd2002bc9b7584854dc30efc97a123458198ab0ef1d03db0a10
                                          • Instruction ID: e8674d91a55ae23ab2ef69e77cb882d4eb9389135867b668ad7570cbf82e09eb
                                          • Opcode Fuzzy Hash: a24aa61e4a880fd2002bc9b7584854dc30efc97a123458198ab0ef1d03db0a10
                                          • Instruction Fuzzy Hash: 05A14BB1D0021EDFDB10DF68C8447DDBBB6AF54314F1481A9E859E7240DBB49985CF92
                                          Function 078413A8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 078415DE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 683514a32f686be675915ade9cc9f0c2e1a38681adc7c2691ead723bba7953a6
                                          • Instruction ID: 3400eafdb5deeddbcd32b6d0b2259cb4e2ab6608b7e13883189846e7dc10c50f
                                          • Opcode Fuzzy Hash: 683514a32f686be675915ade9cc9f0c2e1a38681adc7c2691ead723bba7953a6
                                          • Instruction Fuzzy Hash: BC915BB1E0021EDFDB14DFA8C8447EDBBB6AF54314F1481A9E809E7240DBB49985CF92
                                          Function 0162590D Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 016259C9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: a652a349e53aab7b6874f12197a1d38044e9b8d00fd9a01b74c4764256f8a525
                                          • Instruction ID: df26ef1dabf052c43fed23dd5fd05fc6c0468b0c1ca76714ecbb5e4aa3d3c006
                                          • Opcode Fuzzy Hash: a652a349e53aab7b6874f12197a1d38044e9b8d00fd9a01b74c4764256f8a525
                                          • Instruction Fuzzy Hash: 4741F3B0C00729CFDB24CFA9C985BDEBBB5BF49304F24806AD409AB254DB755946CF90
                                          Function 016244E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 016259C9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: accd3f6f8d18a58e26743e48537e0ed158c62e5c739e707e98fb1fc1df343c0b
                                          • Instruction ID: 8b960e75c12c2c3f06eb4947e0549171ef5c145a278154087c6684c0d510f719
                                          • Opcode Fuzzy Hash: accd3f6f8d18a58e26743e48537e0ed158c62e5c739e707e98fb1fc1df343c0b
                                          • Instruction Fuzzy Hash: 2041F1B0C00729CBDB24CFA9C885BDEBBB5BF49314F60806AD409AB251DB756946CF90
                                          Function 07840D18 Relevance: 1.6, APIs: 1, Instructions: 78injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07840DB0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: ac5bd50c9a4d1ab7655085199fe9a62874281119bf81a3616b831ae3946f342a
                                          • Instruction ID: b05a615b2fa2ffb5f54fc970fdbce705ca08a2bc89850fcecbfc84c9b15bc370
                                          • Opcode Fuzzy Hash: ac5bd50c9a4d1ab7655085199fe9a62874281119bf81a3616b831ae3946f342a
                                          • Instruction Fuzzy Hash: AC3138B1900359DFCF10CFA9C8847EEBBF5EF49320F108529E555A7251C7B4A945CB54
                                          Function 07840749 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078407CE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: b8e2460930541d69c9428e92040a032f040362c9dd9d5e0bef12a1f1e3db597c
                                          • Instruction ID: c689904ca5ebdb8038380600249972f4611ff5eaa0f240fd327757e9b24953c7
                                          • Opcode Fuzzy Hash: b8e2460930541d69c9428e92040a032f040362c9dd9d5e0bef12a1f1e3db597c
                                          • Instruction Fuzzy Hash: 252169B1900209CFDB10CFA9C4857EEFBF4EF48324F208429D559A7240C7B9A945CF95
                                          Function 07840D20 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07840DB0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 7af519e7893ef14c6766d05521557688e0c56779936e607fc10d15c68978a873
                                          • Instruction ID: 6f23404856f412e759b0b7cae508ad3640d77cd2ffc8a4ef7e8130220f5dd90f
                                          • Opcode Fuzzy Hash: 7af519e7893ef14c6766d05521557688e0c56779936e607fc10d15c68978a873
                                          • Instruction Fuzzy Hash: 832125B19003599FCF10CFA9C885BEEBBF5FF48310F10842AE959A7251C778A944CBA4
                                          Function 07840E09 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07840E90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: 545f45fd2eb1cee968120f179086b66f536cedbb8aad16cb0cdfdd6a31edad9d
                                          • Instruction ID: 8ced74c00a656accc4ae8bf680c9421344d5a164424cd0e64b2246825a4d9d42
                                          • Opcode Fuzzy Hash: 545f45fd2eb1cee968120f179086b66f536cedbb8aad16cb0cdfdd6a31edad9d
                                          • Instruction Fuzzy Hash: 6F2124B18003599FCB10CFAAC880AEEFBF5FF48320F108429E559A7250C774A954CFA4
                                          Function 0162B3E8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0162D3E6,?,?,?,?,?), ref: 0162D4A7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 5dcda9e2e6006d2e40170d89133f43726737c1241de04410212315701be97418
                                          • Instruction ID: 4e5bbc8d86d84517ecd8fc364217d369cc0b28e6a6a02fdab0495e9067c2d1ad
                                          • Opcode Fuzzy Hash: 5dcda9e2e6006d2e40170d89133f43726737c1241de04410212315701be97418
                                          • Instruction Fuzzy Hash: 9F21E4B5901258EFDB10CF9AD984ADEFFF8EB48320F14845AE918A7350D374A944CFA5
                                          Function 0162B3F8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0162B47E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 1c5344f7fb8e06da17aa47a44634bdd1a122e4d667944e803833db541cddcc0d
                                          • Instruction ID: 70ecff3d01d493f7c999e13033f8112ed2c114c05e80b2b4f3d5015f66d348f7
                                          • Opcode Fuzzy Hash: 1c5344f7fb8e06da17aa47a44634bdd1a122e4d667944e803833db541cddcc0d
                                          • Instruction Fuzzy Hash: F42198B5C057988FCB11CFA9C8407DEBFF0EF45214F05809AC498AB262C338A449CFA5
                                          Function 07840750 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078407CE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 95ec8904b23f37e19677cd93244978b1402a903fd6a9b01dfef02713634e0b1c
                                          • Instruction ID: 3d2ae1c3aaa79dde568d19b789f6af54a5fb833a0fc75384c95704d88d21e3b3
                                          • Opcode Fuzzy Hash: 95ec8904b23f37e19677cd93244978b1402a903fd6a9b01dfef02713634e0b1c
                                          • Instruction Fuzzy Hash: 892138B19003098FDB10DFAAC4857EEFBF4EF88324F10842AD559A7240CB78A945CFA5
                                          Function 07840E10 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07840E90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: bd6dc782f29f833590cc36b0f2d9a42b1422b6c608254f75f23c5eb0137689d7
                                          • Instruction ID: b71a85da923d73e3a6b6355f884c8a51af6a8c3f99942d063dbc2bfc6cf5bd45
                                          • Opcode Fuzzy Hash: bd6dc782f29f833590cc36b0f2d9a42b1422b6c608254f75f23c5eb0137689d7
                                          • Instruction Fuzzy Hash: F72116B18002599FCB10DFAAC880ADEFBF5FF48310F108429E559A7250C7749954CBA4
                                          Function 0162D419 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0162D3E6,?,?,?,?,?), ref: 0162D4A7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 1c8991cfb65050fe64dfc47880168cd78e37fc6b0a92a05f8892f673a873de01
                                          • Instruction ID: 6ca8a16f11db0fee55752167f896d88fb69f86f151b173fc97f909c1391e9d40
                                          • Opcode Fuzzy Hash: 1c8991cfb65050fe64dfc47880168cd78e37fc6b0a92a05f8892f673a873de01
                                          • Instruction Fuzzy Hash: 5221E2B5D01259DFDB10CFA9D984ADEFBF4EB48324F14842AE918A7350C378A944CF65
                                          Function 07840C58 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07840CCE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: a1d71c568977cc030f3d7315a51515f30136d6905aec7a182cb4c4ee93b44f8d
                                          • Instruction ID: f4880d7a691d3f36263815931d79ccb46d0ba73e8440a9e020b9e12c968b50b1
                                          • Opcode Fuzzy Hash: a1d71c568977cc030f3d7315a51515f30136d6905aec7a182cb4c4ee93b44f8d
                                          • Instruction Fuzzy Hash: 1321A9B2804289DFCB20DFA9C841ADEBFF4EF48320F208859E595A7250C7759844CB90
                                          Function 07840260 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 32fbef8a381e98074aebc7bb2640c54b2a9a15f2c96ca4d113f509cae2c2e5cd
                                          • Instruction ID: 49c46002331b2893650c5d5fdc495ecd626c4541f78a50ff1317ba9ad3c14f5e
                                          • Opcode Fuzzy Hash: 32fbef8a381e98074aebc7bb2640c54b2a9a15f2c96ca4d113f509cae2c2e5cd
                                          • Instruction Fuzzy Hash: 64119AB19043998FCB21DFA9C4457EEFFF4AF88320F24885AC199A7240CA78A545CB95
                                          Function 0162B020 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0162B4F9,00000800,00000000,00000000), ref: 0162B70A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 19d75c51390f084cba2fcc98f1b901e8b75ba2c124ef09d07c1c6b985d5087de
                                          • Instruction ID: 2a38c9ecf9bced48afd28ba42f03b8263cc9b1ba102a74ce0beb01ec742b884c
                                          • Opcode Fuzzy Hash: 19d75c51390f084cba2fcc98f1b901e8b75ba2c124ef09d07c1c6b985d5087de
                                          • Instruction Fuzzy Hash: 5B1126B69003588FDB24CF9AC844AEEFBF4EB88310F14842AE919A7310C375A545CFA5
                                          Function 07840C60 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07840CCE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: d20418c38af7ad1e3dd46a10de1d65cd0afe8d31c5b76da8ae753a7f1a63138d
                                          • Instruction ID: 14b3d9bc2abb9be5b797e135b60e50983883b0049bcafa4667be05ed3b403699
                                          • Opcode Fuzzy Hash: d20418c38af7ad1e3dd46a10de1d65cd0afe8d31c5b76da8ae753a7f1a63138d
                                          • Instruction Fuzzy Hash: 7E1114B19002499BCB20DFAAC844ADEBBF5AB88324F208419E559A7250CB75A944CFA4
                                          Function 0162B699 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0162B4F9,00000800,00000000,00000000), ref: 0162B70A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 16eeeaa2531395fe7fa88a217cb3c9797238d73329250c73af8b33850d2415ea
                                          • Instruction ID: d6463366ce0fa346267a4aee82fd2982747e366688d49e583450a07fbaf4300b
                                          • Opcode Fuzzy Hash: 16eeeaa2531395fe7fa88a217cb3c9797238d73329250c73af8b33850d2415ea
                                          • Instruction Fuzzy Hash: 6A1123B6C002598FDB14CFAAC944BEEFBF4EB48310F14852AD559B7610C375A545CFA4
                                          Function 07843729 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0784378D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 1a0e91885fb5043cc5af2cf343e597cd60cfa81d10a5554c20549b163697011c
                                          • Instruction ID: bb590dae6a685b3aa026a537099cc1f30c25285f2f51efa924d3171ba06f5f1a
                                          • Opcode Fuzzy Hash: 1a0e91885fb5043cc5af2cf343e597cd60cfa81d10a5554c20549b163697011c
                                          • Instruction Fuzzy Hash: E51120B18003899FDB10CF99C484ADEFBF8EB58324F20842AE454A7200C3B5A944CFA1
                                          Function 07840268 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 7c51056e16596f606cc79b96407020ce7d21549ce5233fb09cbafa57044fa214
                                          • Instruction ID: 9e8fc15461335e9824a037378b9a58f2350aea68f8c8a8c072fd34751021bb2a
                                          • Opcode Fuzzy Hash: 7c51056e16596f606cc79b96407020ce7d21549ce5233fb09cbafa57044fa214
                                          • Instruction Fuzzy Hash: 3B116AB19002598FCB10DFAAC4457DFFBF4EB88324F208419D519A7240CB74A944CF94
                                          Function 0162B418 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0162B47E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: ae9dd54baa9bceb4c9467c36b5485f9efc1b2c02567102b7e9f63c285ce12748
                                          • Instruction ID: 960e5b2db75a50f65fc9da0ca9bb4651b0818d6c153e8eb5634e3280b673abfe
                                          • Opcode Fuzzy Hash: ae9dd54baa9bceb4c9467c36b5485f9efc1b2c02567102b7e9f63c285ce12748
                                          • Instruction Fuzzy Hash: 661110B5C017598FDB14CF9AC884ADEFBF4EB88324F10852AD419A7314C379A545CFA5
                                          Function 07841040 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0784378D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: d9620f4112f42a6d503c819b2ed9bc14bb3da79ff95a8590ddb918eb31b01a17
                                          • Instruction ID: 0ad5eb12fd9bbc78dd0c04574caea88a6b725d61df5a10db61df3536452a2183
                                          • Opcode Fuzzy Hash: d9620f4112f42a6d503c819b2ed9bc14bb3da79ff95a8590ddb918eb31b01a17
                                          • Instruction Fuzzy Hash: CA1110B58003589FDB10DF8AC484BDEBBF8EB58320F10842AE959A7200C3B4A944CFA5
                                          Function 054B342C Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq
                                          • API String ID: 0-149360118
                                          • Opcode ID: fe469768a9c76e86dc26ae49f37ae65fdcc1347b5972e901bdeba000fdfacafb
                                          • Instruction ID: beb96396652fa0e07355cea73eddb652e5115a34bfcb6d0f3a6c1fabe43b5975
                                          • Opcode Fuzzy Hash: fe469768a9c76e86dc26ae49f37ae65fdcc1347b5972e901bdeba000fdfacafb
                                          • Instruction Fuzzy Hash: 4A91DE71A01208DFDF18DFAAD848AEEBBF6FF89310F10846AE445A7351DB749805CB61
                                          Function 054B9D50 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 456eb29c13da49f42ebb784902c8d80e0b814a79ca845487376c0258883a3a1e
                                          • Instruction ID: 3d9f0457a713f0226c8ab92fdaa97fb0f7d1d4a31a4199c9e3fe91df35b5a6b4
                                          • Opcode Fuzzy Hash: 456eb29c13da49f42ebb784902c8d80e0b814a79ca845487376c0258883a3a1e
                                          • Instruction Fuzzy Hash: F5D10F3590020ACFDF04DFA8C4949EDB7B1FF48324B158659D8167B259D770AE96CF90
                                          Function 054B9D41 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: d51901e5afdb5ca575b73fdd3197fb0c73f6a4153c3150428151ba5483d485b3
                                          • Instruction ID: 4372a0af6eba4fb7e754e131dc1a5ae5713118ca3fecac1bff4c7b7dca74c9e9
                                          • Opcode Fuzzy Hash: d51901e5afdb5ca575b73fdd3197fb0c73f6a4153c3150428151ba5483d485b3
                                          • Instruction Fuzzy Hash: 3DA11C3590024ACFCF04DFA8C8849DDB7B1FF48314B218B55D816AB259EB70E99ACF90
                                          Function 074B268C Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: a3b6e336de82daa2e774784a07b1603e4eeb68adf0d566b2f8d98b9dc2db7afc
                                          • Instruction ID: 0f27608128e4d945385cc712d5a29fb5b4500bd13f557923912bd12ccc24a2b4
                                          • Opcode Fuzzy Hash: a3b6e336de82daa2e774784a07b1603e4eeb68adf0d566b2f8d98b9dc2db7afc
                                          • Instruction Fuzzy Hash: 63518F71B002569FCB15EF7998445AFBBF6EFC8324B148A2AE419D7351DB309D0587A0
                                          Function 054B33F4 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Hbq
                                          • API String ID: 0-1245868
                                          • Opcode ID: 8253f516ecff0eae0e3fd204fbc399f37172c8806b2cf374713adaa012a713eb
                                          • Instruction ID: f39cdab6b1fcf45ee52eed03ca854038e115d359e66de64b22db1cfef91248f7
                                          • Opcode Fuzzy Hash: 8253f516ecff0eae0e3fd204fbc399f37172c8806b2cf374713adaa012a713eb
                                          • Instruction Fuzzy Hash: AB417F74A002189FDB14DFA9C444ADFBBF5FF88310F10886AE44AE7350DB75A945CBA4
                                          Function 054B2A74 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: j{\
                                          • API String ID: 0-337062406
                                          • Opcode ID: 7f3dcf6922cce89e2c529261dc307c1bb7b1f08f833deb72f6383899546fb09c
                                          • Instruction ID: d502b8d66c9de3a329bf331837aa72181fb32cdc9245bcac836eae72dd23a83c
                                          • Opcode Fuzzy Hash: 7f3dcf6922cce89e2c529261dc307c1bb7b1f08f833deb72f6383899546fb09c
                                          • Instruction Fuzzy Hash: 8741C4B1D00609DBDB24CF9AC584ADDFBB5BF48304F64842AD409AB215D7B56A8ACF90
                                          Function 054B3AEC Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: j{\
                                          • API String ID: 0-337062406
                                          • Opcode ID: da3f13f531c8d74a7d9fbe2420889a53a11bf55fcd79f62429a10ed9f760d19d
                                          • Instruction ID: c921afba9797b6595da68c9ecb2ef38fbf0f2d9be8800d1dbeb35a9a25f944ae
                                          • Opcode Fuzzy Hash: da3f13f531c8d74a7d9fbe2420889a53a11bf55fcd79f62429a10ed9f760d19d
                                          • Instruction Fuzzy Hash: F341D2B1D00249DFDB24CFAAC584ADEFBB5BF48304F24851AD409AB215D7756A8ACF90
                                          Function 054B39F0 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: j{\
                                          • API String ID: 0-337062406
                                          • Opcode ID: 420cc8cf111834bf134eccbc613c22bc3954272e2a422272f6765803dd9753f2
                                          • Instruction ID: 8c38f9de63a7c23ac659b9c767e517a818fdbae3d8c37b04b60a02bb2ff06f25
                                          • Opcode Fuzzy Hash: 420cc8cf111834bf134eccbc613c22bc3954272e2a422272f6765803dd9753f2
                                          • Instruction Fuzzy Hash: 1521E2766002048FCB14EF78C4445DABBF6EF88214B54C9A9D50ADB350EFB5EC0ACBA0
                                          Function 074BA2EB Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 77498548bb3ba9090ad5b42cde0606203d187422807c37550752383dc0813512
                                          • Instruction ID: 4eaaf58330fbfb15a10b49faa297732d946e5c731fee3eb7aa371d6f3113c87e
                                          • Opcode Fuzzy Hash: 77498548bb3ba9090ad5b42cde0606203d187422807c37550752383dc0813512
                                          • Instruction Fuzzy Hash: E521D3B4E11209DFDF18CFE9D8849EDFBB2BB89300F20952AE909A7354D7355946CB50
                                          Function 054B39E0 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: j{\
                                          • API String ID: 0-337062406
                                          • Opcode ID: f0bc572f3c257d5aeecb2c86e447d6b020f32b3c845e5f20f90b93f5a00c525c
                                          • Instruction ID: f59281c0f0e4f197074ad22a738f499887bb16f97581139fb5be0a47eaf85677
                                          • Opcode Fuzzy Hash: f0bc572f3c257d5aeecb2c86e447d6b020f32b3c845e5f20f90b93f5a00c525c
                                          • Instruction Fuzzy Hash: 8711B4B66002054FCB14EB29C4459EFB7F6EF84614F108969E506DB350EB74E9098BA1
                                          Function 074B4D98 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 49bf7c7b1085b2781aad30595455c81acf1794aeaec7b6efc29abff81feecec9
                                          • Instruction ID: 62fb2790ecbaf6acb815983b00f58514c49b1736753838459374014ec7351bba
                                          • Opcode Fuzzy Hash: 49bf7c7b1085b2781aad30595455c81acf1794aeaec7b6efc29abff81feecec9
                                          • Instruction Fuzzy Hash: FF111C71B0021A8BCB54EBBD99105EFB7F6AF88210B50456AC505E7344EB358E16CBA1
                                          Function 074BA2BA Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 2b166d353a033ed0d7beec9006f76e472ab2d03c998e90dd8cc611ece14116ad
                                          • Instruction ID: c99a9e7cbea37f85918c24244e8dc11f23577358cda0c76bc15280e60f1f3729
                                          • Opcode Fuzzy Hash: 2b166d353a033ed0d7beec9006f76e472ab2d03c998e90dd8cc611ece14116ad
                                          • Instruction Fuzzy Hash: 3511A2B4E15209CBCF18CFE9C9849EDFBB6BB89300F10912AD919A7354DB36594ACB50
                                          Function 074B08F0 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: 5e89a613a03d340319c56108c0215dfd77a7d538b15da098a4df0ee0221b07fb
                                          • Instruction ID: 05254ed495479f5065b635b0ef184729beee9dda3beeea9c322b6a51efc41905
                                          • Opcode Fuzzy Hash: 5e89a613a03d340319c56108c0215dfd77a7d538b15da098a4df0ee0221b07fb
                                          • Instruction Fuzzy Hash: B9F06434A50209EFCF84EFB8E64949CFFB0FB44204B5086A9D806A7315EF306A48CB91
                                          Function 074BD96C Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Iv#
                                          • API String ID: 0-1619277444
                                          • Opcode ID: e060f192cc9bbc8340d11f590b13f542cc82046ae1d1b65654bfa13cb1ac97d8
                                          • Instruction ID: 10409f4afb3c8ce1d653d7a057b512722e63afe2fbe23bab24a0da6e947e9ff6
                                          • Opcode Fuzzy Hash: e060f192cc9bbc8340d11f590b13f542cc82046ae1d1b65654bfa13cb1ac97d8
                                          • Instruction Fuzzy Hash: 96F03AB0E00259CFCB10DB94E955B9C77B6FB49291F0085AAE50AAB614D7704994CF60
                                          Function 054BA0F0 Relevance: .7, Instructions: 727COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d21d360d74310cda137d471e133d39e8203d59ebf14e308dd390b76512f3aed4
                                          • Instruction ID: 99b882ae0d3eb5a3cfea824c1adc5ef2fdae439edfda3d4bf99919f40678cfa4
                                          • Opcode Fuzzy Hash: d21d360d74310cda137d471e133d39e8203d59ebf14e308dd390b76512f3aed4
                                          • Instruction Fuzzy Hash: DE724D31D10609CFDB14EF68C894AEDBBB1FF45314F00869AD549AB265EF30AAC5CB91
                                          Function 054B7098 Relevance: .6, Instructions: 551COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53a5caea3f8e722d82b9aa7c66d2d7e209a5243b0eb4f257b10d387c78e90f44
                                          • Instruction ID: 2730974cd7726680c38dafba9ba4e9e31e4f7b3f9770c78c59a0224f6af86ec2
                                          • Opcode Fuzzy Hash: 53a5caea3f8e722d82b9aa7c66d2d7e209a5243b0eb4f257b10d387c78e90f44
                                          • Instruction Fuzzy Hash: 6242F731E006198BDB14DF69C884AEDF7B1FF89304F1186AAD459BB351EB70AA85CF50
                                          Function 054BB9C0 Relevance: .5, Instructions: 500COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a88691bc611acee849a178f6c93beb8f0d566af25daa25f41417534e525b6f1
                                          • Instruction ID: 6843e5dc52d75868488ef76ece168d79c7410ee0f628188b52baea34cf386089
                                          • Opcode Fuzzy Hash: 1a88691bc611acee849a178f6c93beb8f0d566af25daa25f41417534e525b6f1
                                          • Instruction Fuzzy Hash: B3223830A10615CFDB14DF69C888AEDB7B2FF88304F1485A9E44AAB365DB70AD45CF60
                                          Function 054B7089 Relevance: .3, Instructions: 332COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a87e686f0fffae0cfd9defdb416fb60a295d35912e815c9e1b8307a4ae0d34f8
                                          • Instruction ID: 0b0c7427b1be979dfef0c4ec3103ffeb97b639f7cacd91e8e912d4b5ce81f17d
                                          • Opcode Fuzzy Hash: a87e686f0fffae0cfd9defdb416fb60a295d35912e815c9e1b8307a4ae0d34f8
                                          • Instruction Fuzzy Hash: 9EE1FD31E006198FDF14DF69C884AEDB7B2FF88304F1586AAD459AB351EB70A985CF50
                                          Function 074BF5A1 Relevance: .3, Instructions: 272COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 097c1d678d8e08daf9fa01ae6b3047f75badd6918ba5df62d0f10835eff53bcf
                                          • Instruction ID: a0e603a76081de08eff9cc42aba6639c4af9baa0d819b20c9406342d4b8fe083
                                          • Opcode Fuzzy Hash: 097c1d678d8e08daf9fa01ae6b3047f75badd6918ba5df62d0f10835eff53bcf
                                          • Instruction Fuzzy Hash: 95A1E5B0A00219CFCB24DF78D8546EE7BB6AF8D350F20456AD409A73A1DF349D16CBA1
                                          Function 054B9A80 Relevance: .2, Instructions: 197COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b8928814f44378e4e0fc42e46b0d29444628d726fdf1f7c1a6ecc609483e174
                                          • Instruction ID: 976d74e52f57c975dced855f6d62e68f1932be60841a1d5597a24ab1be5b2951
                                          • Opcode Fuzzy Hash: 5b8928814f44378e4e0fc42e46b0d29444628d726fdf1f7c1a6ecc609483e174
                                          • Instruction Fuzzy Hash: 1A91F77191060ACFCB41DF68C8809D9FBF5FF89310B14879AE919AB355EB70E985CB90
                                          Function 074BBB38 Relevance: .2, Instructions: 177COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 640b99d82b5a6328887c5d061e55097793f5e2b6c4ca6c2a33a00e298277ae5b
                                          • Instruction ID: ccf723e374f2cb52b40bf23c02e8b17cdcdc1bacecfb1a3b245b34053c339fc1
                                          • Opcode Fuzzy Hash: 640b99d82b5a6328887c5d061e55097793f5e2b6c4ca6c2a33a00e298277ae5b
                                          • Instruction Fuzzy Hash: F6613CF0919209CBC714CF99D5859FEBBBAFF4A301F10955AE506A7215CB34AC82CBA4
                                          Function 054B8E08 Relevance: .2, Instructions: 176COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c01e8b04c3def39b67f03d999efddf11d99df82597d8c09adea5a7dfd8a4f2ae
                                          • Instruction ID: f71a06738c6c5cdb38fb6a43c987af28be75e847b93c807a5e3cfcb299b51013
                                          • Opcode Fuzzy Hash: c01e8b04c3def39b67f03d999efddf11d99df82597d8c09adea5a7dfd8a4f2ae
                                          • Instruction Fuzzy Hash: 5271BD79700A00CFC718DF29C48899ABBF2FF8961471589A9E54ACB372DB72EC41CB50
                                          Function 054B8DF9 Relevance: .2, Instructions: 174COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cd455ffe668df34363e7afc536b66e5642af9251de97a878a44e4e8933175d6
                                          • Instruction ID: 253f1164851ce41d951aee0d93b54dd3560b839b7e505e6429d4fc25a743613e
                                          • Opcode Fuzzy Hash: 0cd455ffe668df34363e7afc536b66e5642af9251de97a878a44e4e8933175d6
                                          • Instruction Fuzzy Hash: ED71BE79600A00CFC718DF29C49899ABBF2FF89614B1589A9E54ACB372DB71EC45CB50
                                          Function 054B8C18 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67ea786d907444d075c46a03f8a1c2a6d383261b7d865bad290632e6bbbabf84
                                          • Instruction ID: 23451d80dd398dca8c183bfd74cd8e1d306dc9bbde77f78a83900334f228c56f
                                          • Opcode Fuzzy Hash: 67ea786d907444d075c46a03f8a1c2a6d383261b7d865bad290632e6bbbabf84
                                          • Instruction Fuzzy Hash: F471C4B4A05216CFDB44CF69D584999FBF5FF48300B0986AAE80ADB312D770E885CF90
                                          Function 054BDAD8 Relevance: .2, Instructions: 167COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b689bbe3fe270999d44dbc60691474c4cfb781096099d0b4a3a781c09e5b1ac
                                          • Instruction ID: d6965de67d9280113d6bc44e94e27293effb77a9edbc765165fb626c9cbdf5f7
                                          • Opcode Fuzzy Hash: 0b689bbe3fe270999d44dbc60691474c4cfb781096099d0b4a3a781c09e5b1ac
                                          • Instruction Fuzzy Hash: 00518130B046158FDB14DB69C594BEAB7B6EF88300F1444AED50ACB7A0CBB5EC01CBA0
                                          Function 054BB9B0 Relevance: .2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8a43b1cda19e2d01d6e89833869cfbce0c2c23a617d175cf5fd2bacca3b5908
                                          • Instruction ID: e6e7dad500dabef532e74ae945a1ac4e73061bbc8b2951e8f049dcc3378d05f2
                                          • Opcode Fuzzy Hash: c8a43b1cda19e2d01d6e89833869cfbce0c2c23a617d175cf5fd2bacca3b5908
                                          • Instruction Fuzzy Hash: F8516B30A106008FDB14EF69C898B99B7E2FF89314F5485BDD5469B3A1DB75A809CB60
                                          Function 074B31E8 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa08ee678e401eab5e5a032ec3921f6450cd52e85aadcea48b06ad7c1731c4a2
                                          • Instruction ID: 9189f46fae9e82621f1d778205e4486eb7c499d1295263a78c538f6aa133cf33
                                          • Opcode Fuzzy Hash: fa08ee678e401eab5e5a032ec3921f6450cd52e85aadcea48b06ad7c1731c4a2
                                          • Instruction Fuzzy Hash: F26170B0A10215CFC71ACF59DA84AEABBB1FB44301F16CA97D4554B296C730EC45CBA1
                                          Function 054B2A34 Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27f095b53bd66fa4a5ac4bc165afafbaf3b61eceb638c149cf72d643b096ce22
                                          • Instruction ID: 424af9c36c40afff69d9895db2b400ba0489554df7b99b4074bfea58ea2916ba
                                          • Opcode Fuzzy Hash: 27f095b53bd66fa4a5ac4bc165afafbaf3b61eceb638c149cf72d643b096ce22
                                          • Instruction Fuzzy Hash: C6514F71E002559FDF18DFAAC945AEFBBF9EF88310F10891AE415E7350DB7499058BA0
                                          Function 074BF938 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2736d514e4086a82d586311be7e5c22764d75ed3fb93a562b2a0adefbd06cc9
                                          • Instruction ID: 44f0ddb1c5325b49c51801368f81e16647840be1698b6b6ee52ff3f2a042fec8
                                          • Opcode Fuzzy Hash: c2736d514e4086a82d586311be7e5c22764d75ed3fb93a562b2a0adefbd06cc9
                                          • Instruction Fuzzy Hash: E241A8B1B002168FCB68DF7DCC941EE7BB2AF89254B14946BD44DDB390EB358C468B61
                                          Function 054B9A71 Relevance: .1, Instructions: 146COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 994248ee415a42f1502491fc8111c393f64962cd2dcd4c35221306c31c7e35ec
                                          • Instruction ID: 788ae2b8e93bca36e9c7607d13ed6271e1b92341007e929528d515d7909e0fed
                                          • Opcode Fuzzy Hash: 994248ee415a42f1502491fc8111c393f64962cd2dcd4c35221306c31c7e35ec
                                          • Instruction Fuzzy Hash: E561F77591070ACFCB41EF68C8809D9FBB1FF49310B14879AE859EB255EB70E985CB90
                                          Function 074BB230 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eca801321044ec54b107ebfc710be4e64e5ccd637b07c7392b11f365f3086829
                                          • Instruction ID: 758a9508fd9e0978c342abab9678c986c1f986cdd265b96544a7e0d18ee322df
                                          • Opcode Fuzzy Hash: eca801321044ec54b107ebfc710be4e64e5ccd637b07c7392b11f365f3086829
                                          • Instruction Fuzzy Hash: 0151B2F4914259CFDB64CFA8C984AEDBBB5FB4A301F509596E80AA7351DB309D81CF20
                                          Function 074BBB32 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba7bc72f4f784d2a876114c6064e84c174eaf7d0ea200f0328e985c6fad5afa1
                                          • Instruction ID: ac8ea7ea553cce4bedb3b4a4d6d892bc6c28869d7a46f59a62d752f4741dd50c
                                          • Opcode Fuzzy Hash: ba7bc72f4f784d2a876114c6064e84c174eaf7d0ea200f0328e985c6fad5afa1
                                          • Instruction Fuzzy Hash: C45138F0919209CBCB14CF99D5859FEBBBAFF49301F10951AE506A7215CB34AC82CBA4
                                          Function 054BDAC7 Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ffb6d88bedef3d331b5f96804b4f6bab953cbbc5c4e33af196b684a1fa7b72cb
                                          • Instruction ID: 7925c8834bcd1bde8a9794943b9ca0e09560ccea7959e636715d632c5cc4e5b0
                                          • Opcode Fuzzy Hash: ffb6d88bedef3d331b5f96804b4f6bab953cbbc5c4e33af196b684a1fa7b72cb
                                          • Instruction Fuzzy Hash: C9418F30B042158FDB14EF68C594BEABBB6BF89300F1444AED40A9B765CBB5EC05CB60
                                          Function 074BAA18 Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96aecd3c9e623b1f9306d22b60a4c121156ca4bfaa0977190233ccac686d8a51
                                          • Instruction ID: 3ed91cb788ff37d47b064102c230cbdba443d46b2815a4f9fe793ea63a6f35df
                                          • Opcode Fuzzy Hash: 96aecd3c9e623b1f9306d22b60a4c121156ca4bfaa0977190233ccac686d8a51
                                          • Instruction Fuzzy Hash: F0415DB0E182098BDB18CF9AD5446FEFBF6AF8D301F04D02AE519A3251DB344D42CBA0
                                          Function 054BDF30 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c7db19d9bd26028913ad537ed33c09151475533b4a2cd6c7b1958d8e6740302
                                          • Instruction ID: 9c13a20f020d335b1e31f472db2206700423d9b0605bd97388adb1c96ea294f5
                                          • Opcode Fuzzy Hash: 7c7db19d9bd26028913ad537ed33c09151475533b4a2cd6c7b1958d8e6740302
                                          • Instruction Fuzzy Hash: 39417435E00259CFEF14EB75D0547EEBAB2EB88314F14447AD506A7344CBB58982CBB5
                                          Function 074BAA0A Relevance: .1, Instructions: 119COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0557566219dcbb36881ba5cb1e7a75a69d0113218f24f88427ca32a2484d93a
                                          • Instruction ID: 1aa6b19f4ef4d43b9a10c1c9e325fb57d2a422f48a7d1ee73d67f08724e02b70
                                          • Opcode Fuzzy Hash: c0557566219dcbb36881ba5cb1e7a75a69d0113218f24f88427ca32a2484d93a
                                          • Instruction Fuzzy Hash: 64414DB4E192088FDB14CF9AD5442EEBBF6AF8D301F04D02BE419A3251DB344D46CB60
                                          Function 074B2CD0 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6841eac317bdbfcaa5aaddccad69e053325fd3fb7d2370d1e23a917c45e7276
                                          • Instruction ID: 78aede03a35705f0ace57b00a76ef8c51372eea7cd1c7f06040305245fe56fb4
                                          • Opcode Fuzzy Hash: b6841eac317bdbfcaa5aaddccad69e053325fd3fb7d2370d1e23a917c45e7276
                                          • Instruction Fuzzy Hash: A531E3740097C58FC317DB79A810551BF71BF86201B1A8ADAC5C5CBAA3CB39A81AC363
                                          Function 074B1D88 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0a5ce3e4caf79a4d5ac4b7ac1f340b9cbc8f4f4d20b49d89aeae40dbf5b63b56
                                          • Instruction ID: 9d2ab24c26edb39c3bc7f4edc2bb150d7e7121f598b9db20a86fba340e6ec40c
                                          • Opcode Fuzzy Hash: 0a5ce3e4caf79a4d5ac4b7ac1f340b9cbc8f4f4d20b49d89aeae40dbf5b63b56
                                          • Instruction Fuzzy Hash: 324156B0D1021EDFCB44CFAAD5446EEFBF6FB89200F10992AD424A7254D7346A41CF60
                                          Function 074B6862 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f58e32b29c49d896b6c885bbf83378832706b4517de5467d67756b0b9c7f344
                                          • Instruction ID: 9d96285a5b7b1e628eb1495584c6265252b00c60e8736b70eb4d2a496ac150c3
                                          • Opcode Fuzzy Hash: 5f58e32b29c49d896b6c885bbf83378832706b4517de5467d67756b0b9c7f344
                                          • Instruction Fuzzy Hash: 3041ABB2900249EFCF24DFA9D881ADFBFF4EB49314F14806AE405AB211D371A945CFA5
                                          Function 054B7D2A Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cdf7b7ffe01d37c9e05a6967aa7268a908ebc5558aeeb5b06a370fc5f8437ca
                                          • Instruction ID: 58433164637679fbc35478e7a0dcc374a15166fc68f5a067392e2ab27663cc51
                                          • Opcode Fuzzy Hash: 0cdf7b7ffe01d37c9e05a6967aa7268a908ebc5558aeeb5b06a370fc5f8437ca
                                          • Instruction Fuzzy Hash: 68411D34A10709CFCB04EF68C5849DDBBB6FF89304F018569E519AB365EB71A946CB81
                                          Function 054B7D30 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ae0e99e917783de4495ef61f953b3b4c5d330326e3219694cf8b17769b13a27
                                          • Instruction ID: 6277759960194cbd77d52a7eaed496e0eedca7c43b5778f1a2374461f11b3e14
                                          • Opcode Fuzzy Hash: 7ae0e99e917783de4495ef61f953b3b4c5d330326e3219694cf8b17769b13a27
                                          • Instruction Fuzzy Hash: 09411D30A10709CFCB04EF68C4849DDFBB6FF89304F018569E519AB365EB71A946CB81
                                          Function 054B8C07 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d701e75f45897b62acca4230f59451b844ec0b483fda5f78c3fd7308e832aed1
                                          • Instruction ID: 6e1cc39594c29cd812b9cf9ed24fcb236e0b1fe7822e96b84e16d94053019976
                                          • Opcode Fuzzy Hash: d701e75f45897b62acca4230f59451b844ec0b483fda5f78c3fd7308e832aed1
                                          • Instruction Fuzzy Hash: C9413AB4A05206CFD715CF28C580AE9FBF5FF49300B1986AAE44ADB352D770E845CB50
                                          Function 074B5704 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1cc108c14d8fa7b4f0e53d129646bd0e9be016241fe35fb6ad6f92d73571647
                                          • Instruction ID: 3a9ac722c02de05d29aac057eca84dc14b83f3e0be3d8d0e5518adca94b1e47d
                                          • Opcode Fuzzy Hash: f1cc108c14d8fa7b4f0e53d129646bd0e9be016241fe35fb6ad6f92d73571647
                                          • Instruction Fuzzy Hash: DC3148B2A00209EFCF14DFA9D885ADEBFF5EB48310F10846AE409E7310D735A944CBA5
                                          Function 054B5998 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f148fefc83802278b2535031af0a3aa2e28c3a7c965688c69487a339c3fd4a0
                                          • Instruction ID: 68a00ef2766a16f9c72806f1bd8213370396da1de296b4dc76bddbfc30d69838
                                          • Opcode Fuzzy Hash: 2f148fefc83802278b2535031af0a3aa2e28c3a7c965688c69487a339c3fd4a0
                                          • Instruction Fuzzy Hash: 0B41F775A0020ADFDB40DF68D9849DEFBB5FF49310B14C699E918AB311E730A985CF90
                                          Function 054B2A28 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b0595e27458e03f021303b0d8443d9d0cfd92ccf75142d2214f42301cb7890a
                                          • Instruction ID: b09c1d1950592b86b4f5857f20fb8ea78064048f5697b76baf9a90e2a2d0497f
                                          • Opcode Fuzzy Hash: 8b0595e27458e03f021303b0d8443d9d0cfd92ccf75142d2214f42301cb7890a
                                          • Instruction Fuzzy Hash: FA41B1B0D10358DBDB14CF9AC884ADEFBB1BF48710F60862AE419BB254DBB46845CF91
                                          Function 054B7C28 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: baf2cd5d67c8baabc113e8c2ab1c525c99567fd2bbfe1b562ed5ea1edb857b42
                                          • Instruction ID: 0c45d30e66509e6e3ded927f0f86d4950be2e8a9802bc72d93ffb8dd2ff4e938
                                          • Opcode Fuzzy Hash: baf2cd5d67c8baabc113e8c2ab1c525c99567fd2bbfe1b562ed5ea1edb857b42
                                          • Instruction Fuzzy Hash: F4314B35B002199FCF04EBA4D8548DDFBB6FF88214B05866DE506AB350EB71AD46CB90
                                          Function 054B59A8 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb0dd4f0db6afbca4338a60b96f422dbf3675b056fc2cbf7d24c3c898e1c4cf3
                                          • Instruction ID: 239914fbeda5c83dcecce173acca6c6d2ae71302b772d34ced33665172ca027e
                                          • Opcode Fuzzy Hash: eb0dd4f0db6afbca4338a60b96f422dbf3675b056fc2cbf7d24c3c898e1c4cf3
                                          • Instruction Fuzzy Hash: C341D575A0020ADFCB44DFA9D88499EFBB5FF49310B14C699E918AB311E730A985CF90
                                          Function 074B2AE0 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3268cbd8765cb5438e5aae0560aef74cce999bb67cddff603401990aeba7308
                                          • Instruction ID: dcf0251a93548d78348256193aa5619c35b0e391eac6cde935dae4aac504794e
                                          • Opcode Fuzzy Hash: a3268cbd8765cb5438e5aae0560aef74cce999bb67cddff603401990aeba7308
                                          • Instruction Fuzzy Hash: 274158B0460B5DDBD702EF10F44A2A8BFB4FB49341F415992E0D082288CFBA0EB4DB59
                                          Function 074B4AF0 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c82d60e13c1d272617b1cca8694c7b3583082e29ca55138a60f1153d0bb5a2c8
                                          • Instruction ID: ef30440b5a57c4b3ad4ac86683cf246258ddca375c796188a1c25fb3e719d796
                                          • Opcode Fuzzy Hash: c82d60e13c1d272617b1cca8694c7b3583082e29ca55138a60f1153d0bb5a2c8
                                          • Instruction Fuzzy Hash: 553107B4E142198BCB04CFAAD8456EEFBB2EB88311F10D42AD516A7314DB359A02CF64
                                          Function 054B6598 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f363cd5d786eea74780a4916be52277003b71d96b213eacf88366619a0836e7e
                                          • Instruction ID: 609db3f3431ced45c4e15320ef5c84246968d6cd966a42005d19333580e84e4f
                                          • Opcode Fuzzy Hash: f363cd5d786eea74780a4916be52277003b71d96b213eacf88366619a0836e7e
                                          • Instruction Fuzzy Hash: 2B2193363581118FD7149F2CC8986E97BF5FF85711B1A88B6E00ACF3A6DA65DC0587A0
                                          Function 054BD3A8 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66db01d4dbae70dbbc9365a40077c8dcc36c3773201205b46fca3515d5e512a6
                                          • Instruction ID: 628351e0c7d9eaf599e82bcca025581cccaf02251708ef14aaf3a0d590735c3c
                                          • Opcode Fuzzy Hash: 66db01d4dbae70dbbc9365a40077c8dcc36c3773201205b46fca3515d5e512a6
                                          • Instruction Fuzzy Hash: CC311835A20218DFDB04DFA8D884DEDB7B9FF88700F1145AAE915AB365C771A810CFA0
                                          Function 074B2AD1 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa9c9f074215e0d72d05d672a494fb5652fdf7009c4bad14eba226c7b209479b
                                          • Instruction ID: 20827e362254a7f17397a3e3713b778d6af81f5b8ab2705b7d75beeddbf992bb
                                          • Opcode Fuzzy Hash: fa9c9f074215e0d72d05d672a494fb5652fdf7009c4bad14eba226c7b209479b
                                          • Instruction Fuzzy Hash: C24147B1460B6DCBE715EF00F44A2A8BF74F749381F815A91E0D042288CFBA0EB4DB59
                                          Function 054BFB60 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2bebbe203b6e8f588a67ed91b9535536428e8d5b78712fce56b104b66c2ad2f4
                                          • Instruction ID: 760ed2ea03670106a07d2eca81db242e0dd1c784b9ea0296d03991c5761aba30
                                          • Opcode Fuzzy Hash: 2bebbe203b6e8f588a67ed91b9535536428e8d5b78712fce56b104b66c2ad2f4
                                          • Instruction Fuzzy Hash: 8B21A1357142109FDB14EB79D8189AE33FAFF8462071540AAE90ACB361DE71DC468BA0
                                          Function 054BDF21 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef8b2c5a4b6e2c2e581db1a4a7b2e11c5f83be1bd7cc3fe2331eae03b765d083
                                          • Instruction ID: 779f88930021fccefb3cd112e9eaf2bd5fa290b2188d844faa9e2fc31e95dc66
                                          • Opcode Fuzzy Hash: ef8b2c5a4b6e2c2e581db1a4a7b2e11c5f83be1bd7cc3fe2331eae03b765d083
                                          • Instruction Fuzzy Hash: 4F31C875E00215CFFF18EB75C0547EE7AA2EF88314F10487AC502A7384DBB98942CBA6
                                          Function 054B3C6F Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7cb6a1efe32e25f9b79878f857fd6efe8434c448a758f838249e788ef3642e38
                                          • Instruction ID: 82a68c7d5d74acd8b22a95bffa03e0d423f7ca9dea900d0cfb1743e6144f07bb
                                          • Opcode Fuzzy Hash: 7cb6a1efe32e25f9b79878f857fd6efe8434c448a758f838249e788ef3642e38
                                          • Instruction Fuzzy Hash: 4A215171B001159BDB18EFABC804AFFBBFAAFC4600F10851AA514D7350EAB09A058BE0
                                          Function 074B4AEA Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3de3f55028fad5656d326d0e16875358f2bfb6d6780fa635a50222fcc9dcbf
                                          • Instruction ID: 3c8a9299cbdfc7bfa9e10723985b948113e105d69db4acd4b11d41b5b73443e1
                                          • Opcode Fuzzy Hash: 3c3de3f55028fad5656d326d0e16875358f2bfb6d6780fa635a50222fcc9dcbf
                                          • Instruction Fuzzy Hash: DE3117B5E142198BCB04CFAAD8456EEFBB2EB88300F10D42AD515A7314DB349A01CF64
                                          Function 074BFDA8 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1431153038ae8d4223183232721349c4b49c05bf4311e2dd8125b82db70a64ab
                                          • Instruction ID: 81f2ee06686debd18a79bc75d0266c6c8082ae79b0cb9dfcc06ab66a4197df1a
                                          • Opcode Fuzzy Hash: 1431153038ae8d4223183232721349c4b49c05bf4311e2dd8125b82db70a64ab
                                          • Instruction Fuzzy Hash: DA3106B4D14209DFCB15DFA8C844AEDBBB1EF49310F14906AE805A7360DB34AE45CFA1
                                          Function 074B1309 Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a3f03226ffd8dc38f71cef9bf16c51ab65210f01f8713943df60f6877185b26
                                          • Instruction ID: 3275c7bd75dad421eadd8c4741c1c524e9337e94b4ac7847829bf2cd96b3e6ff
                                          • Opcode Fuzzy Hash: 6a3f03226ffd8dc38f71cef9bf16c51ab65210f01f8713943df60f6877185b26
                                          • Instruction Fuzzy Hash: 8C31B1B0E15249EFCB54CFA5C5515DEFFF2AF86200F24D4AAC009A7364E7349A41CB14
                                          Function 074B1318 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2a2163e4a2399dc70ba9db67e82ddb9b3dfb0cfe2c5e9aecfa264ec30d0ed69
                                          • Instruction ID: d8f62ee8b6a3c847a73ba0c28f120c989a6b441b46e7fa5c2480a9f81e5b14ee
                                          • Opcode Fuzzy Hash: e2a2163e4a2399dc70ba9db67e82ddb9b3dfb0cfe2c5e9aecfa264ec30d0ed69
                                          • Instruction Fuzzy Hash: 372160B0E1520DEBDB58DFA5C5515EEFBB6EF89200F24D4AAC009A7324E7309A41CB54
                                          Function 054BE1E9 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e85a7e5dd41db5c51666821b11b9a6d69b4eaa0109af17652d060e043fa24af2
                                          • Instruction ID: 0d909e8b9a81c570c4b5a9c2d877c0123c2233ccd296836737ab37a0bb8ce134
                                          • Opcode Fuzzy Hash: e85a7e5dd41db5c51666821b11b9a6d69b4eaa0109af17652d060e043fa24af2
                                          • Instruction Fuzzy Hash: 3321F875E1021AEFDF09EFA0D8499DEBBB6FF88304F058526E001BB254DB749446CB90
                                          Function 0133D1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652526526.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_133d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46c54c9955a625653cabf24cf83d220199208f0455ff328071b19937fe3b0ce7
                                          • Instruction ID: 96a3e36c00acaf914168ae2d4f670b302668814325bfbf2629d4c1e141b3baae
                                          • Opcode Fuzzy Hash: 46c54c9955a625653cabf24cf83d220199208f0455ff328071b19937fe3b0ce7
                                          • Instruction Fuzzy Hash: 62214671504204EFDB01DF98D9C0B26BBA5FBC4328F60C66DE8098B352C33AD446CA65
                                          Function 0133D01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652526526.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_133d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0138f3b46d11c4a3377743f1c87bf6b4599671b1109656db98025e0da4b4cb1
                                          • Instruction ID: 8e79623eba891b7e394f7cf88e156b51aa5882292475c47046b0a43dba2b7369
                                          • Opcode Fuzzy Hash: f0138f3b46d11c4a3377743f1c87bf6b4599671b1109656db98025e0da4b4cb1
                                          • Instruction Fuzzy Hash: A3213070604204DFCB11DF68D980B26FBA5FB84B18F60C569E80A4B256C33AC446CA61
                                          Function 074BFDB8 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46f6e29b98afee99e500663771f59906256c4b4df7ba40f8bf48b44a3e38fbb4
                                          • Instruction ID: 1e84aeb30fb8c744df48f291b3ef109708097846fe8218a8043c3f7853427fb1
                                          • Opcode Fuzzy Hash: 46f6e29b98afee99e500663771f59906256c4b4df7ba40f8bf48b44a3e38fbb4
                                          • Instruction Fuzzy Hash: 8E31A5B4E10219DFCB15DFA9D8949EDBBB1EF88310F10902AE905A7360DB34AD45CFA1
                                          Function 074BEB97 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b7d3e7499eb7910261f0d9a09a582122751229e2639841e1129224cc58ee960
                                          • Instruction ID: f10e54ea4abe52001bf357d9ec52dd8f9847d1ba88b3ef67540a4dc5a9682665
                                          • Opcode Fuzzy Hash: 5b7d3e7499eb7910261f0d9a09a582122751229e2639841e1129224cc58ee960
                                          • Instruction Fuzzy Hash: BC110070B001258BCB34AA3D98446FB77B2FBC5750F14862AE51597345DB30DD4187D0
                                          Function 054BAC30 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 782dd7b2bcdd8db5350a063eaa09ce99b760aace70051030ca95a3ad7918e089
                                          • Instruction ID: ccba1e55a9dbf59816d6e452c28e55156a9a8d82e6b92fdc76ac06ec467f3bb8
                                          • Opcode Fuzzy Hash: 782dd7b2bcdd8db5350a063eaa09ce99b760aace70051030ca95a3ad7918e089
                                          • Instruction Fuzzy Hash: D7218331A106099FCB00EF6DD8408DAFBB5FF49350F50C26AE958A7300EB31A958CB90
                                          Function 054BE1F8 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 126afcbcdcc48c3e8d3ecc72ff4b4c0dd7e34c993fa61c811270ec71aa386973
                                          • Instruction ID: 00bacb76fd7e0bcce154a30a0b893c6d4bc8a3e00b1a7c1c83f51d2d3c13e0e6
                                          • Opcode Fuzzy Hash: 126afcbcdcc48c3e8d3ecc72ff4b4c0dd7e34c993fa61c811270ec71aa386973
                                          • Instruction Fuzzy Hash: D821B031E10219AFDF09EFA1D8489DEBBB6FF89304F05851AE101BB260DB71A845CB90
                                          Function 054B369E Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 141de5ada847f13915ba0a56fd4c8431919fe4352fa76747141defdd7f424c40
                                          • Instruction ID: e9ba70bed997a8be6a10b16e30ac37e7f6d8a5193ff7487f79380226c893bf24
                                          • Opcode Fuzzy Hash: 141de5ada847f13915ba0a56fd4c8431919fe4352fa76747141defdd7f424c40
                                          • Instruction Fuzzy Hash: D21196B9E0021A9FDF14DFA9C9405FEB7F7FF88200B14452AD505E7254EB7499018B61
                                          Function 074B501C Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a657684dbaecb497a1fe68da02902d5a47d9837f6603ff1da92a5a3621bf8926
                                          • Instruction ID: 6220ce83bc1e20b2f3c9a2dcc79571134ee7ed63faa106dc437524b2ec042bc6
                                          • Opcode Fuzzy Hash: a657684dbaecb497a1fe68da02902d5a47d9837f6603ff1da92a5a3621bf8926
                                          • Instruction Fuzzy Hash: A931DDB0D11258DFDB20DF99C988BCEFBF4AB48314F24805AE408AB250D7B56885CFA5
                                          Function 074B282C Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f826d099ac861e5307d71a8ee85588e6cf3973d4023badb5e752b6ac6d240ea0
                                          • Instruction ID: ea1530409e14502bf3eb17daf3e86d0665a0570b261eb01aca979babafde1b70
                                          • Opcode Fuzzy Hash: f826d099ac861e5307d71a8ee85588e6cf3973d4023badb5e752b6ac6d240ea0
                                          • Instruction Fuzzy Hash: 8A31DDB0D11258DBDB20DF99C988BCEFBF5AB48314F20806AE408AB250D7B55885CFA5
                                          Function 0133D006 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652526526.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_133d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: beab6543dc73b4be326283cd59cb534281c5d8f532dceed4d6695b83762cc6a3
                                          • Instruction ID: 4919f45769813ed1bcba44b682825ea4165a7a91937a41b9f43e935a09243363
                                          • Opcode Fuzzy Hash: beab6543dc73b4be326283cd59cb534281c5d8f532dceed4d6695b83762cc6a3
                                          • Instruction Fuzzy Hash: FD2153755083809FDB02CF64D994711BF71EB86618F24C5DAD8498F2A7C33A9856CB62
                                          Function 074BD7F9 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e234d5ed9b622cd2e4003de0c18dac8688e38f3d57a8897fb4f5020661ae124d
                                          • Instruction ID: 9362bad1c75ffcd86f8a9f0826900281391ae334f869875516427c6965cd392d
                                          • Opcode Fuzzy Hash: e234d5ed9b622cd2e4003de0c18dac8688e38f3d57a8897fb4f5020661ae124d
                                          • Instruction Fuzzy Hash: 2C21B2B0E54209CFCB14DFADE5855E9BBB9FB09345B14A66AE405CF31ADB309845CF10
                                          Function 074B2EF8 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f8a62ea06b09120002cd4eb4c26e0381562ae5ab267a0db130c93aabab532e6
                                          • Instruction ID: 3e22cfda4c1f2bce13d1332d810cfa99d58c6343340437497bd1069348d7cb56
                                          • Opcode Fuzzy Hash: 2f8a62ea06b09120002cd4eb4c26e0381562ae5ab267a0db130c93aabab532e6
                                          • Instruction Fuzzy Hash: 2B11E670B00244AFC721DB59ED45E9ABFA5FB84310F14882AF5068B395CB70E940CBB1
                                          Function 074BAB8A Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8d336493d39fc79af0d82d0e3079bf7f1a0049ed9020a020de162c918503263
                                          • Instruction ID: 2174f6625cad35b8de61b8ed169c821df0cf228bc6758f231a7a7e8c6eacbd3f
                                          • Opcode Fuzzy Hash: e8d336493d39fc79af0d82d0e3079bf7f1a0049ed9020a020de162c918503263
                                          • Instruction Fuzzy Hash: 1C214DF4A08249CFCB50CFA9C1809EEBBF1EF4A310F2091A6D519A7752C7309E42CB61
                                          Function 074B1C90 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4721de76860acbac4051910c2a64afeeb25d2a873445e5de99ef1ad0a00a88e
                                          • Instruction ID: 1503173072372df9d951a5a724bede3a8d16904548ed61c71d4e11ba5577bf61
                                          • Opcode Fuzzy Hash: e4721de76860acbac4051910c2a64afeeb25d2a873445e5de99ef1ad0a00a88e
                                          • Instruction Fuzzy Hash: CC217CB4E102099FDB04DFA5D5851AEBFF2EB89310F20C5AA9815A7358EB305A02CB51
                                          Function 074B4E68 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60888822d5b2ea9501a69fbc3d32da343500b61322b46f98d8c1a05d5f1a7dd3
                                          • Instruction ID: b22ac769d2aa4464fe58a14c67f1868fbbab89c3211dcc48fac294fdeb565158
                                          • Opcode Fuzzy Hash: 60888822d5b2ea9501a69fbc3d32da343500b61322b46f98d8c1a05d5f1a7dd3
                                          • Instruction Fuzzy Hash: BE11C6B6E006165BCB25DEBD9C405FFB6B7FBC4260B54462AE419D7340EF709D018761
                                          Function 074B1CA0 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d834c97f5db5d0c2228994f8804fb3f493164eeb4ba62e5aa6db7edb54eebd7a
                                          • Instruction ID: 74406067ee095730311159d45c31faf11bf14990ca12993d98a5f480b2b333f6
                                          • Opcode Fuzzy Hash: d834c97f5db5d0c2228994f8804fb3f493164eeb4ba62e5aa6db7edb54eebd7a
                                          • Instruction Fuzzy Hash: 5F2129B4E1021DDFDB44DFA9D5811AEFBF6EB88200F20C46A9819E3318EB305A41CF91
                                          Function 074B7A78 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f3211189fd5feb87d69701ab9862510a0f76779a3d369dbf6782ad5bfb5f808
                                          • Instruction ID: 01eaf9552887290b5e107823fca285e55ae4eef3cf3f22fbdd04993deffa2512
                                          • Opcode Fuzzy Hash: 8f3211189fd5feb87d69701ab9862510a0f76779a3d369dbf6782ad5bfb5f808
                                          • Instruction Fuzzy Hash: 672147B0D0520ADFCB55DFA9D4456EEBFB2EB89310F1495ABE004EB251DB305A80CFA1
                                          Function 054BD7E0 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 126a248a391945abb0d152b543cf0096d4e9f2528f4b138a0ecc013e54286ef7
                                          • Instruction ID: 9a74815b0c6b7079d1919aabee41bc6f6b10043020f28d93a686cc142b4b680c
                                          • Opcode Fuzzy Hash: 126a248a391945abb0d152b543cf0096d4e9f2528f4b138a0ecc013e54286ef7
                                          • Instruction Fuzzy Hash: 021136357083445FCF165F7998106FA3F655F85205F0880ABE019CB293CAB9C846C3B1
                                          Function 074B56D8 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4028d4e5110f66694ea668a71ac6332887659435d577121b768799efc94ef1e5
                                          • Instruction ID: ffa0362621426b2faa494129257a0207af4d43b4079396159d8a43fbe03b12e9
                                          • Opcode Fuzzy Hash: 4028d4e5110f66694ea668a71ac6332887659435d577121b768799efc94ef1e5
                                          • Instruction Fuzzy Hash: 421191B4E45349DFCB15EFB8C8516EEBBB4EB48200F1048AAE804D7351EA309E01CB62
                                          Function 074BAB98 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2271b5ea283f03f02538dbb37b10623c91d4cad642bcef392731caa9f92b0ee
                                          • Instruction ID: 6e00d122a42f0e9b5963dfe83c5c753f2419e80bc107beffe6f3090cad91f8b0
                                          • Opcode Fuzzy Hash: d2271b5ea283f03f02538dbb37b10623c91d4cad642bcef392731caa9f92b0ee
                                          • Instruction Fuzzy Hash: 4321A4B4E18209DFCB54CFA9C1819EEBBF5AF49300F6095A6D909A7711D7309E41CB61
                                          Function 074B7A88 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4739043314e880b4956d6a9ec5bc90d0da96f4b7d46a5277f5598dba23017a5d
                                          • Instruction ID: c098311eac37632c3a8c88a0b09b6632955a9dc2ae878fb5239f7ac1dfc15d55
                                          • Opcode Fuzzy Hash: 4739043314e880b4956d6a9ec5bc90d0da96f4b7d46a5277f5598dba23017a5d
                                          • Instruction Fuzzy Hash: C22106B0E1020ADFCB54DFA9C4456EEBBF1BB88300F14946AD415AB350EB305E80CFA1
                                          Function 054B6AE9 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91ac447e2d4a390380d6d516e0118467b524a07b44dd660112a5aa1088d8250e
                                          • Instruction ID: 2c3ca0e9f7a304b1a67712afa8629d8effe6322a6f9113c4cd5fb40861aac564
                                          • Opcode Fuzzy Hash: 91ac447e2d4a390380d6d516e0118467b524a07b44dd660112a5aa1088d8250e
                                          • Instruction Fuzzy Hash: 861182363482104FE7148A2CC8986E57BB6EF85310B1A84B6E04ACF3A7DA65DC058760
                                          Function 074B5714 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6d7a9317f72a44814d2fd33e9feb3275c078c1e202201058d265b7a9202c946
                                          • Instruction ID: a322d70819deeb2e753fc0608083462d852f46f8d452dfc8b6eb61a9abcedcdd
                                          • Opcode Fuzzy Hash: a6d7a9317f72a44814d2fd33e9feb3275c078c1e202201058d265b7a9202c946
                                          • Instruction Fuzzy Hash: A821F2B5900259DFCB20CF9AD884ADEBFF4EB49320F10842AE919A7210C375A944CFA5
                                          Function 054B4AF4 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2d1151b145f30c98c5c4cf5e508c6938bb19bb1100dfca26fe73e11f1e0dd22
                                          • Instruction ID: 2bda631cfe3d7b945b47e2b8cdf2a5ccc53ba8256ce34b855e129517a382e992
                                          • Opcode Fuzzy Hash: a2d1151b145f30c98c5c4cf5e508c6938bb19bb1100dfca26fe73e11f1e0dd22
                                          • Instruction Fuzzy Hash: 9921D0B5900248DFDB10DF9AC584ADEFBF8FB48320F10842AE959A7210D7B4A944CFA5
                                          Function 074BDA59 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32af56ae206ee376b11894d65887f1955de5a8fbf03edbc2af84313a6e49f2a0
                                          • Instruction ID: 566e2e7fc19378b28b0ad744ab264f31d09c7c318e15a952342311c1e018d0c5
                                          • Opcode Fuzzy Hash: 32af56ae206ee376b11894d65887f1955de5a8fbf03edbc2af84313a6e49f2a0
                                          • Instruction Fuzzy Hash: 822139B0E04258CFCB10DFA4E945BACBBB6FB4D251F1085A9E449AB715DB304D96CF10
                                          Function 054BD728 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49be2b60daba4c7d4dfa89acbc124747b813ac325a32e4cffe715acf9d8c9521
                                          • Instruction ID: 9a7e1c85578c6e90baa77eb99bd374b95b1caf1d82fef72b39eb448ee2b3e584
                                          • Opcode Fuzzy Hash: 49be2b60daba4c7d4dfa89acbc124747b813ac325a32e4cffe715acf9d8c9521
                                          • Instruction Fuzzy Hash: 070161765042455FDB119A65D8017E67FA7EF85315F0880EBF5448B252C6BAC403C7A0
                                          Function 0133D1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652526526.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_133d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                          • Instruction ID: 759507945bc8f8997bd666a632b1bf77b5d2ad21792a0372d736e69618f1b5af
                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                          • Instruction Fuzzy Hash: A311BB75504280DFDB02CF54C5C4B15BFB1FB84228F24C6AAD8498B296C33AD40ACB61
                                          Function 074B2D78 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb891a3e81860961577c958b8e4c5d9c5ee39ac8ef18920485741cd4d42267f0
                                          • Instruction ID: 50f62705d22f54cb5535bcda84ef3468605813bdc86e6e23906a833c26008768
                                          • Opcode Fuzzy Hash: fb891a3e81860961577c958b8e4c5d9c5ee39ac8ef18920485741cd4d42267f0
                                          • Instruction Fuzzy Hash: 4B117975560F04CBC314EF29E685556FBF2FF88310B41AA69D08683A68DF74F829CB80
                                          Function 054BD7D1 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01c71e7d38dc1c0ffd5c5ebc6025ec290fef8d11f61fb5c99937cc8ecf864e3e
                                          • Instruction ID: fe77c50a577e42dfdc8f105c5c83b370c3744791a6297eaf662836e423527165
                                          • Opcode Fuzzy Hash: 01c71e7d38dc1c0ffd5c5ebc6025ec290fef8d11f61fb5c99937cc8ecf864e3e
                                          • Instruction Fuzzy Hash: BE012D36B042155BDF155E6998157FA3F96AB84305F04C0ABF01A8B392CAB9C88297B0
                                          Function 074B2300 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93f0aa7863a776beab36c4e2a066a0be48da385e491e005bf5956f406e060fe6
                                          • Instruction ID: bfa6125e44e5c7516e4d4e1144471a016ddb9de307f534496905a5cd260c9b6d
                                          • Opcode Fuzzy Hash: 93f0aa7863a776beab36c4e2a066a0be48da385e491e005bf5956f406e060fe6
                                          • Instruction Fuzzy Hash: 04115BB0E1520ADBCB58CFA8D5811DDFBF1FB95310F2495AAD805A7354E7719A41CB10
                                          Function 074BB0D0 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7696425ceb380d0b7bb88c0ff635c386b4033a0debc78a89fb62b4ab17198ef3
                                          • Instruction ID: 84848a25c9feb719c7167fa3d5cfd9f9a58a85dc2903b6918c470e30f85a3cf6
                                          • Opcode Fuzzy Hash: 7696425ceb380d0b7bb88c0ff635c386b4033a0debc78a89fb62b4ab17198ef3
                                          • Instruction Fuzzy Hash: BF11F6B1D046598BEB18CFAAC8553DEFFF2AF89300F08C16AD408B6254DB740946CF60
                                          Function 054B3684 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4abe40feae8aaa332e582b52dfe5d94147b7fb62a66701cd2513120a231b4d87
                                          • Instruction ID: 8390f274fda3095f4beebe4caed861c1df6f14f17c7fa684a93206413a39be91
                                          • Opcode Fuzzy Hash: 4abe40feae8aaa332e582b52dfe5d94147b7fb62a66701cd2513120a231b4d87
                                          • Instruction Fuzzy Hash: EB1104B1D046489FDB20DF9AC444ADEFBF4EB48324F10851AE859A7310D7B4A945CFA5
                                          Function 054B3250 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d55a79200d4862f6ad22e818cb615ed6a98af3ccec7a89c7394d21d503cf8f5
                                          • Instruction ID: 87897b6c61b1349d816dcfbea6e2e640ea16a660ed7b3b8ea4b5c74e038f0ad3
                                          • Opcode Fuzzy Hash: 9d55a79200d4862f6ad22e818cb615ed6a98af3ccec7a89c7394d21d503cf8f5
                                          • Instruction Fuzzy Hash: 2F1104B1D046489FDB20DF9AC444ADEFBF4EB48324F10851AE859A7310D7B4A945CFA5
                                          Function 074BFA59 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 821d2a9e10278e9e40e6ea68eb6f7dba1864d182e91ede85da48b16010ef96a9
                                          • Instruction ID: f61bb93fe581d60e2f8eab259c4cbecea546d1b457f182f5c901a9ec07628cd4
                                          • Opcode Fuzzy Hash: 821d2a9e10278e9e40e6ea68eb6f7dba1864d182e91ede85da48b16010ef96a9
                                          • Instruction Fuzzy Hash: AD11F570D0021ACFCB54DFB8C8455EEBBB1BF48314F10856AD419A7350EB355952CF95
                                          Function 054BCF40 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 848101b00e63046694381c6185e5c34951a9e47a325978a51281f5d7cdb35103
                                          • Instruction ID: 12e933f1b054df5087d4444dd42766fa180269106350b8c7e5d14e3746d2577e
                                          • Opcode Fuzzy Hash: 848101b00e63046694381c6185e5c34951a9e47a325978a51281f5d7cdb35103
                                          • Instruction Fuzzy Hash: 5701C4B6A003059FD715EF69C4406EEB7F6EF84244B01C96EC059DB650EB74AA068BA0
                                          Function 054B3F90 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 690ddf342e3ab79931d506678411f6704691ea41b99b820cc2a636b96ddec1a5
                                          • Instruction ID: 6941bd841110ac0e938174678a10b5dc82c1e419d19109749ae539075c63b343
                                          • Opcode Fuzzy Hash: 690ddf342e3ab79931d506678411f6704691ea41b99b820cc2a636b96ddec1a5
                                          • Instruction Fuzzy Hash: B51102B5C002489FDB20DF9AD444ACEFBF4EB48324F14841AE859A7310D7B4A945CFA5
                                          Function 074B2240 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f30ce374fc8e63cef984153c44b8418c7219985d61fd30273e71831f56dc127
                                          • Instruction ID: cbe64bd442649c4802b5553117dc961da6a3515e1d6804ce24dec9252ebb2654
                                          • Opcode Fuzzy Hash: 8f30ce374fc8e63cef984153c44b8418c7219985d61fd30273e71831f56dc127
                                          • Instruction Fuzzy Hash: B4116AB0E1520ADBCB48CFA9C6411DEFBF2BB99310F24C5AAD405EB254E7749B02CB10
                                          Function 074B2250 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 002ec5afed82682ed9a206428447ff3cef8eb755130e096019df9c9bc14c35f6
                                          • Instruction ID: 6072f24a8354ff6ac1bd815dba2d26c4f33219b54f56a3bf901cb8bc37ba7f13
                                          • Opcode Fuzzy Hash: 002ec5afed82682ed9a206428447ff3cef8eb755130e096019df9c9bc14c35f6
                                          • Instruction Fuzzy Hash: A8111CB0E1520ADFDB48CFA9D5416EEFBF2BB89300F20D86A9405E7214E7709A01CB51
                                          Function 074B2D88 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41bd48bdebd2a18071bc86389557d955ae192eb4d58314ee718381164b9eaff6
                                          • Instruction ID: 0676475a1ac8a600f2a59a002d624190e1dd9f8f59b75ced9f1b479e2cce2fe0
                                          • Opcode Fuzzy Hash: 41bd48bdebd2a18071bc86389557d955ae192eb4d58314ee718381164b9eaff6
                                          • Instruction Fuzzy Hash: F3111930160B08CBC314DF2AE684416FBF6FFC8310B81AA68E08647A54CF75F868CB80
                                          Function 054B07B8 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0b4c6ca999899a9ac06820dfa39344fe1e73519b6a7771a5334cd6f3a5bc818
                                          • Instruction ID: 11c30c70f1a88306425e179dc4364912242400c9dc1799e6c1bcdaf1a678388f
                                          • Opcode Fuzzy Hash: c0b4c6ca999899a9ac06820dfa39344fe1e73519b6a7771a5334cd6f3a5bc818
                                          • Instruction Fuzzy Hash: C7018471E001149BEB049B58C949AAB7BF6EB88214F154465E106AB358DE759C05CBA1
                                          Function 074BB0E0 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6769c29b37eab353be93a52b790179e60071636df0b5a99f5fe88520b4bd0b2f
                                          • Instruction ID: b20346660900d8b793cc3cedaa05f2c631fc83d8070ac0b4997d20005264b741
                                          • Opcode Fuzzy Hash: 6769c29b37eab353be93a52b790179e60071636df0b5a99f5fe88520b4bd0b2f
                                          • Instruction Fuzzy Hash: 4211A2B1D006188BEB18CF9BC8457DEFAF6AFC9304F14C16AD40966254DB750946CFA0
                                          Function 074BAEF8 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e964a4036fe87641c99d3811be213924d72d5e1442e6e9c5746f6d3511213e42
                                          • Instruction ID: c943742e0e8bc3cc6cb552b9d47db4d3048b808621f852952b42c6f916d7f212
                                          • Opcode Fuzzy Hash: e964a4036fe87641c99d3811be213924d72d5e1442e6e9c5746f6d3511213e42
                                          • Instruction Fuzzy Hash: D80140B4A18209DFCB14DFA8C141AECBBB5FB5A301F10D1AAE81A97701DB75AD42CF40
                                          Function 054BCF50 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93d9b1e0bdb44bf518aec4aace95bf666f34673b16b3bbb9d03c9dd950639a79
                                          • Instruction ID: 55f91e8f263055e5857066f77dddd166dcfea6c417240ccf3120805ceda93510
                                          • Opcode Fuzzy Hash: 93d9b1e0bdb44bf518aec4aace95bf666f34673b16b3bbb9d03c9dd950639a79
                                          • Instruction Fuzzy Hash: 23018072B002059FD714DF6EC4409EEB7F6EFC4250700C96ED02997350EB70AA058BA0
                                          Function 054B4AD8 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cbb8053f85fef558acea04a7cfb48e04db84be796b3b8e4db07d7cbad03f3ea6
                                          • Instruction ID: fab73cec16a8dfdd6b826353db71985ff3e86c0efddb198435bbfc89f26d677b
                                          • Opcode Fuzzy Hash: cbb8053f85fef558acea04a7cfb48e04db84be796b3b8e4db07d7cbad03f3ea6
                                          • Instruction Fuzzy Hash: F31122B19002488FDB20DF9AC588BDEFBF4EB48320F10855AE919A7310D3B4A944CFA5
                                          Function 054B5428 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0425939f9c2158392d76545a007b8a7bcb52ae0ad8ad05d561f0809d0cdd1a14
                                          • Instruction ID: 92472b461c89f0d113cf2093b0cc5b36b127d9c3f9b33a38f25bc069a8e06d7e
                                          • Opcode Fuzzy Hash: 0425939f9c2158392d76545a007b8a7bcb52ae0ad8ad05d561f0809d0cdd1a14
                                          • Instruction Fuzzy Hash: 8A1130B18003488FDB20DF9AC584BCEFBF4EB48320F20841AE859A7310D774A944CFA5
                                          Function 054B07C8 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ab0a6245ca784b4899a5e585ba2df3ae62bd30d1f157b5804dba97b04e8c47d
                                          • Instruction ID: c98877d53f792fac0feb676bedcc280888461892d9456e99c0753ec187995e75
                                          • Opcode Fuzzy Hash: 6ab0a6245ca784b4899a5e585ba2df3ae62bd30d1f157b5804dba97b04e8c47d
                                          • Instruction Fuzzy Hash: CB01B170A001149FEB04EB68C949AAB7BF6EB8C314F108069E106AB358DE75AC04CBE1
                                          Function 054BDFBA Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94e739dacb0140957e9be278d94843da153bf58ba05e6609c4c1e7aa8431771c
                                          • Instruction ID: c79cd7a9b93e47828539ee1385b3b79f026855270c8f88858b492dd9aa4e5286
                                          • Opcode Fuzzy Hash: 94e739dacb0140957e9be278d94843da153bf58ba05e6609c4c1e7aa8431771c
                                          • Instruction Fuzzy Hash: 6A018034E00619CFFF14EFB580557EE7AA2AB88315F1444BED002A7281CBB84981CFB5
                                          Function 0132D745 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652472501.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_132d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f86d1aac5edb04db2f3c24b96859fc4e230c6822c344744d7e40874859b25bdf
                                          • Instruction ID: 1625b4eeb8ab51f6626f764c7d7ae330535c53589e2578c43a078ce695708632
                                          • Opcode Fuzzy Hash: f86d1aac5edb04db2f3c24b96859fc4e230c6822c344744d7e40874859b25bdf
                                          • Instruction Fuzzy Hash: F701F7310083949AE7106E6DCD84B67FF9CDF41328F08C56AED094A286C67DD840C6B1
                                          Function 054B44F0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f935b882248232c65a78ec33881718607ca60e0c3866b14bbee70a203b92251
                                          • Instruction ID: 2ca225b85f8a08d10bc80d58655096b361193b89f33943d7b27dd4713276faf4
                                          • Opcode Fuzzy Hash: 0f935b882248232c65a78ec33881718607ca60e0c3866b14bbee70a203b92251
                                          • Instruction Fuzzy Hash: C1F0A431B001155BDF16AAAB9C556FF7A7ADB88510F04042EE508A7341CE648D1157FA
                                          Function 054B7F68 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2d8a408d3811695b68383a4f03eff7dcd22ae08447f4c377d274f2df5765635
                                          • Instruction ID: 5b70512811622d58c69b6489c9bf428fb28a340d416509eb4c6c9eea104ebadb
                                          • Opcode Fuzzy Hash: f2d8a408d3811695b68383a4f03eff7dcd22ae08447f4c377d274f2df5765635
                                          • Instruction Fuzzy Hash: 47012D31A017048FD728EF3AC4445D6BBB6FFC5300B10896EE5468B764EB71D942CBA0
                                          Function 074BBF79 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be5a6d9749a6c61701a7529e027b489e35593f2371d3fc9d9d0ed15fc9ad517c
                                          • Instruction ID: d19885d22394b4dbd826f81cf7cd3972d1b186d6475e18e6efab39f77b764582
                                          • Opcode Fuzzy Hash: be5a6d9749a6c61701a7529e027b489e35593f2371d3fc9d9d0ed15fc9ad517c
                                          • Instruction Fuzzy Hash: D1014CB4608244DFC715CBA8C984AE8BFF5EF4E301F1995C5E409CB262C730AE02DB11
                                          Function 074BAF08 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72cd85c06f37d8d2ff9875da852b8c3603d01b1d7a35421f17d6c5b6909d4e07
                                          • Instruction ID: 84fe27903bbf18315186afc2d8e86ab592c2d388336f6547377a50fc49a00a13
                                          • Opcode Fuzzy Hash: 72cd85c06f37d8d2ff9875da852b8c3603d01b1d7a35421f17d6c5b6909d4e07
                                          • Instruction Fuzzy Hash: 9401E1B4E19208DFCB14DFA4D1409ECBBB5FB4A301F10D1AAE80997741DB75AD45CB50
                                          Function 074BBF00 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98b167aaaaa9a1e386126a4a6d3af6bd188a39f5a64041e4b0b0ea414bf679a5
                                          • Instruction ID: 0132b2efe431906f6e8bcb154e75f354b9e361a0cf3d77126b50cf3aa017458e
                                          • Opcode Fuzzy Hash: 98b167aaaaa9a1e386126a4a6d3af6bd188a39f5a64041e4b0b0ea414bf679a5
                                          • Instruction Fuzzy Hash: 67015AF091D249DFC710CF99C5405E8BBB9EF4E301F04A6A6E8099B212C730AE06DFA0
                                          Function 054B7E77 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b07cf608815afef2864224c061d908f9db5c0499a318ce0b6af1b1c25d6db5a1
                                          • Instruction ID: 37f4d1c10cf6780760768e39bbbf6bff0796e6bce887cbbec8c32f2929c737e6
                                          • Opcode Fuzzy Hash: b07cf608815afef2864224c061d908f9db5c0499a318ce0b6af1b1c25d6db5a1
                                          • Instruction Fuzzy Hash: B801F5309047808FD7469B35D4103D67FE9AF96304F0488ABD0CACB392DBB8998ADB61
                                          Function 054B7F59 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8be78b8c754d602eab55f196635272c22d2d447a84725c60657a240b27b5c2d
                                          • Instruction ID: 61a7fba4a28fe1208cc5fddc31f9653045ee5a49f74d14c33961c21a918fdc14
                                          • Opcode Fuzzy Hash: c8be78b8c754d602eab55f196635272c22d2d447a84725c60657a240b27b5c2d
                                          • Instruction Fuzzy Hash: 1801BC30A05B048FE725EF39C5445E6BBB2FF81300B4189AFD5868B7A5EB70D942CB61
                                          Function 054B6840 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6cec4def7114d2873cf5221661f77933c70fa68667f582e09808988d1d794a6
                                          • Instruction ID: f995149eeb306634adb2401225d0371dc5c5c4e1f692b262ad6b656e99320708
                                          • Opcode Fuzzy Hash: e6cec4def7114d2873cf5221661f77933c70fa68667f582e09808988d1d794a6
                                          • Instruction Fuzzy Hash: F6012430A543408BDB469B39D4003E6BFDAEB91304F008D6AD0CACB345DFB59845CB61
                                          Function 074BD610 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bdaf366bd8bb12dfb035ffc529b74d0968a1ad03b47d3bbe34e88d562bdd0881
                                          • Instruction ID: df7b940e8d025d8c6df426bd57cbff3c191e42e051b2df9f7f6ffb7c279cc2ae
                                          • Opcode Fuzzy Hash: bdaf366bd8bb12dfb035ffc529b74d0968a1ad03b47d3bbe34e88d562bdd0881
                                          • Instruction Fuzzy Hash: CD01B5F4E08309DFCB20DB99D4007DD7BB9AB4A340F40996AD0055B269DBB45841CF62
                                          Function 054B6930 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bfc50b7f7fcb43f2179232e3fe3f78d6d8c0f792bec30a1a53fc0a549cbd7ae0
                                          • Instruction ID: eeabcd7a0af61e5531fa16589de561f42582715037058ec7b75785414ceb736d
                                          • Opcode Fuzzy Hash: bfc50b7f7fcb43f2179232e3fe3f78d6d8c0f792bec30a1a53fc0a549cbd7ae0
                                          • Instruction Fuzzy Hash: 69F022313146000BEB1A6A3994181FE6BB66FC295170B40AFD04ACB3A1DE64C906C771
                                          Function 074BB465 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b17d3720f36466c5092154b1c66a16d7d973ec7acdd22b9e961408ff9c2fc92
                                          • Instruction ID: c4d3c203c997a2496a5f9468aae24fc1826d881b4b07dce0469c8062abd01cf4
                                          • Opcode Fuzzy Hash: 8b17d3720f36466c5092154b1c66a16d7d973ec7acdd22b9e961408ff9c2fc92
                                          • Instruction Fuzzy Hash: CF1103F4859269CFCB60DB64C984AE8BBB5FB4A205F10169BE8099B242DB309C41CF20
                                          Function 074BBF88 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 486d932495634e014a9391414a66f6a3d8a2d7055b6b6aeef5c5646df8bcc50d
                                          • Instruction ID: 13d561850420edd3f6c0b394da3e0ffbe86ebb88497fc2141107179430f9a2b7
                                          • Opcode Fuzzy Hash: 486d932495634e014a9391414a66f6a3d8a2d7055b6b6aeef5c5646df8bcc50d
                                          • Instruction Fuzzy Hash: 3401E8B4A14208DFC714DBA8C984AEDBBF9EF4D301F259495E4099B361DB30AE01DF50
                                          Function 054B6578 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74e81e0f944efa3dde0037b7ce7c8c64d20274a45079f9279318defa36504312
                                          • Instruction ID: 222690e65f43a5fc91948a81f92939df3c3939a3cf1b1bd001a167b9a2bf10ba
                                          • Opcode Fuzzy Hash: 74e81e0f944efa3dde0037b7ce7c8c64d20274a45079f9279318defa36504312
                                          • Instruction Fuzzy Hash: 86F02B3130511047EA14992B9454AFB73DADF86611707846FA407C7754CEA0DD128BB0
                                          Function 054B4500 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69b3c61b314f3087b61d75bb30e8cc72f5dafb5d3d3bbc8814f4cdfea8eb121f
                                          • Instruction ID: 1436ac4af901f766f35ed04838d239f8b4755c9c42e5e4bd528d8e4eec6c2bda
                                          • Opcode Fuzzy Hash: 69b3c61b314f3087b61d75bb30e8cc72f5dafb5d3d3bbc8814f4cdfea8eb121f
                                          • Instruction Fuzzy Hash: 63F09671B001149B9F16BEAB58548FFBBBAEF88510B00042EE509A7341CE748E1197F7
                                          Function 054BD1B4 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b924d2d153fa34e043b634cee77b4181db016e58fb935869bf1a9eefc306f9c9
                                          • Instruction ID: 9d16482394cb244ca84ab4dd36a6dca4efd8288cf7cae4a6fbb3037b1cb65a93
                                          • Opcode Fuzzy Hash: b924d2d153fa34e043b634cee77b4181db016e58fb935869bf1a9eefc306f9c9
                                          • Instruction Fuzzy Hash: 45F0F6363042146BCF15AE6A88949FF7F9BEBC8310B04482AF606CA351CD64DC1197B0
                                          Function 054B8338 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91929ce0e312fd1ef058c6170fdae63f1836ad1518477dcad61d16c40199a291
                                          • Instruction ID: 046a279ec1c758f408d8a2eaff51fb47b7fbbc3e9afcf56441c246bec1df96c2
                                          • Opcode Fuzzy Hash: 91929ce0e312fd1ef058c6170fdae63f1836ad1518477dcad61d16c40199a291
                                          • Instruction Fuzzy Hash: D1018635B057018BEB02BB74C4152EE7779AFC1210F06466FD4455B351EF71A546C7A2
                                          Function 054B69C8 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d31bf9da5651916904d7f0b6a6140727b6d45b96f336b157ae5f9d7bd57ff50
                                          • Instruction ID: 16e00a778cded91f1ec70a84dd308b1098c8efd4788a834a5e524a304bb9cf56
                                          • Opcode Fuzzy Hash: 3d31bf9da5651916904d7f0b6a6140727b6d45b96f336b157ae5f9d7bd57ff50
                                          • Instruction Fuzzy Hash: E6F0F6353092504FEB249A26A014AFA3BEA5F8655131B44AFD443CB791CAA0DD11CB70
                                          Function 074BBF10 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 494449199c4298361027fe83dbc629d6a96eab641f0ea0079d4cfcdd2589fcd1
                                          • Instruction ID: 66c14dc875d602264e738dbe1c4548e90b4e6b12bf679067829eb23aab1c98cd
                                          • Opcode Fuzzy Hash: 494449199c4298361027fe83dbc629d6a96eab641f0ea0079d4cfcdd2589fcd1
                                          • Instruction Fuzzy Hash: B0F08CF0919209DBCB14CF99C5409FDBBB9EB4A301F00A6A6A4099B212D730AE46DF60
                                          Function 054BE770 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60393cdb0616728172c568be2c3f647364ece46d2dcadc1394d715ed38dbbe55
                                          • Instruction ID: 3278e3ff401434f156177c2e83bd979d5fd74a84353b96dfc064fdb4b3d17f1e
                                          • Opcode Fuzzy Hash: 60393cdb0616728172c568be2c3f647364ece46d2dcadc1394d715ed38dbbe55
                                          • Instruction Fuzzy Hash: 43F0F676B003159FCB09BB74E8597EEB7A7EBC4315F00886ED44297381CF3898068B60
                                          Function 054B83B8 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a12b9f943e7325c747aa0dbad2106d1b7e2bcccf9b4ba4fc6ac123446471956
                                          • Instruction ID: b13d351b7c697ca2045cc4f20f44ecd4ceb0148329e2d2db1111584488cf5fc7
                                          • Opcode Fuzzy Hash: 7a12b9f943e7325c747aa0dbad2106d1b7e2bcccf9b4ba4fc6ac123446471956
                                          • Instruction Fuzzy Hash: B8F0C2353006118FC724AB29D84499BB7A7FF89311B05016EE10687765EB71EC42CB50
                                          Function 054B8750 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 333e5c1b9a685838b9f50f4e69bc3adebd3f90e5724693f5d881c86756c5242f
                                          • Instruction ID: 1082ba6b685168ebe82dafa8f3fc0a6aa08b8666f392f253a5d8f4eade30e8d0
                                          • Opcode Fuzzy Hash: 333e5c1b9a685838b9f50f4e69bc3adebd3f90e5724693f5d881c86756c5242f
                                          • Instruction Fuzzy Hash: 7DF054363447154FC7149F6EE89485ABBAAEFC4235300457AE10AC7321DF61DC4987A0
                                          Function 054B8348 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19ce450fb97a75c632e44347a4b418a86ef286139f6f50ad825046e10984fd94
                                          • Instruction ID: 05457559a0c21733e42c635b1ee347c344c2630f2a34915d7c31b11446272eee
                                          • Opcode Fuzzy Hash: 19ce450fb97a75c632e44347a4b418a86ef286139f6f50ad825046e10984fd94
                                          • Instruction Fuzzy Hash: 47F0CD31B007048BEB12BB79C8044EEB779EFC1210F06466ED84A6B310EF71A58286E2
                                          Function 054B6940 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9932f76c6de818185e397a9f26d0ea6a89b7e77c48a2dab2b1b107e40d31bae7
                                          • Instruction ID: 116fdf9c959df9d33458cb6af9b50a1da846c5091001d1e0218e0a6422a24813
                                          • Opcode Fuzzy Hash: 9932f76c6de818185e397a9f26d0ea6a89b7e77c48a2dab2b1b107e40d31bae7
                                          • Instruction Fuzzy Hash: 8EF0BE3131021047AB19AA2A90186FE77AA6FC5990B0600BEE50A8B3A0CFA4CD02C7B4
                                          Function 054B58FA Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b730300f759b21a0ccdb401432d842697e4758d67e61491f72c43a44c5839095
                                          • Instruction ID: e27a37bab84a0b114292d47e3458228cbbf77aac32cfbba9680dd966e3451867
                                          • Opcode Fuzzy Hash: b730300f759b21a0ccdb401432d842697e4758d67e61491f72c43a44c5839095
                                          • Instruction Fuzzy Hash: F6010075E00609DFCB40EFA8C6459DDBBF0EF49200F1581AAE858EB221E7709A44CB81
                                          Function 0132D744 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652472501.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_132d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37b026fb872458525e5fab222dd552055612fa6872924bab55041097946f8d75
                                          • Instruction ID: 55cb26fde1c1a83d4587b33aa9374b871fecbbb1771d0eccdbafbbd43f7770ea
                                          • Opcode Fuzzy Hash: 37b026fb872458525e5fab222dd552055612fa6872924bab55041097946f8d75
                                          • Instruction Fuzzy Hash: 48F062714093949AE7119E1AC9C8B62FFA8EB41738F18C45AED484A286C6799844CBB1
                                          Function 074BD620 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ae3fd9e4b8d1fa52d2879f6f8f6c609b2f17d123f5f629476c8e0c1070d2709
                                          • Instruction ID: d8ed63f40c6b6feddb93e0aa7356ce304af9cffacca1846effd786a879794e59
                                          • Opcode Fuzzy Hash: 1ae3fd9e4b8d1fa52d2879f6f8f6c609b2f17d123f5f629476c8e0c1070d2709
                                          • Instruction Fuzzy Hash: 56F0A9B4E04209CFCB20DB99D4007ED7BBDEB8A340F409D6AD00557358DB745846CF61
                                          Function 074B53DC Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1b2b1302e4cfda291bd381bc62e465fa01ad2ae8782ee0398571277eff8ee6a
                                          • Instruction ID: 116780d264aa71f839861b91dffeb3e5418ff895f3564a8152fbaa01145c0b89
                                          • Opcode Fuzzy Hash: d1b2b1302e4cfda291bd381bc62e465fa01ad2ae8782ee0398571277eff8ee6a
                                          • Instruction Fuzzy Hash: B60121B184021ADFDB21DF59C4043EEFAF1EF08355F24C52AE825AB290D7744A55CFA1
                                          Function 074BB29D Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3465d2893baaa2cc336880de0102f20a6da469d943b74bea8ac2909932543937
                                          • Instruction ID: cd7af581c77d5fb821fd87d77dcbcaf83ba13c36ed53f56fae82088f1d0fb82d
                                          • Opcode Fuzzy Hash: 3465d2893baaa2cc336880de0102f20a6da469d943b74bea8ac2909932543937
                                          • Instruction Fuzzy Hash: 991180B8915258CFCB15CFA9C995ADCBBB5FF1A301F009496E849A7311DB309981CF10
                                          Function 074B2E38 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa4763739c0cc66b4492c2f7c7f49152b91c30409c38405adf6a016bc8d9628e
                                          • Instruction ID: accf8e1b32f7af1b59c1bfdae8c87762795d62f10bf35266672536eb3e3b6a17
                                          • Opcode Fuzzy Hash: fa4763739c0cc66b4492c2f7c7f49152b91c30409c38405adf6a016bc8d9628e
                                          • Instruction Fuzzy Hash: 8D018BB1560A08CFC755CF55FA45261BFA0FB49346F6069DAF0888A242CB32CC67CB55
                                          Function 074B5478 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cc0567efad2a1f4c4f4d1c3cedbb11eac50e35402a9045ce547bdfc9a264de0
                                          • Instruction ID: d8a48e23b99bdfa61aa28e6a8cc88e131f75d3fb9f8e5e58b32037cb0563d70a
                                          • Opcode Fuzzy Hash: 9cc0567efad2a1f4c4f4d1c3cedbb11eac50e35402a9045ce547bdfc9a264de0
                                          • Instruction Fuzzy Hash: 5EF0ECBAB002201FD304EA6DD8C4AABBBEAFB9D225B118076E548C7310D9308C0483A0
                                          Function 054B8740 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dff21b62ea3c98ac916e54dd71a582e1e497e56cc1afde9f0a3cda41d9f39aa7
                                          • Instruction ID: 7c491e18fbd62be1c21d11a3891885f204ea985f41139046a63890d6027eb15e
                                          • Opcode Fuzzy Hash: dff21b62ea3c98ac916e54dd71a582e1e497e56cc1afde9f0a3cda41d9f39aa7
                                          • Instruction Fuzzy Hash: A6F09E7A3003114FC710AB78E4985897B95EF84220B000576E006C7322DE20DC058350
                                          Function 054B83C8 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bde27338b7a6ac03a052c076b20e05c95eb3793684812b232de7bdc195777f0c
                                          • Instruction ID: 8b1574fc24fbf7dfa22a47f63257284ec8a7e37674a66d5e0cf7c0b5c5a04260
                                          • Opcode Fuzzy Hash: bde27338b7a6ac03a052c076b20e05c95eb3793684812b232de7bdc195777f0c
                                          • Instruction Fuzzy Hash: 95F054353006118FC7249B1AE44499BF7ABFFC9721B14055EE50687765DF71EC42CB94
                                          Function 054B8BB1 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e2bc4784de8a1a5e713ebf8cf9ff195ef18ef89e4e32958b135b54392065bbd
                                          • Instruction ID: 37c758d884471ae90553ee0c673318c09b9402b92cefd95c2138125bd2f48986
                                          • Opcode Fuzzy Hash: 5e2bc4784de8a1a5e713ebf8cf9ff195ef18ef89e4e32958b135b54392065bbd
                                          • Instruction Fuzzy Hash: 690119302486908FC716CB38D558D99BBF5EF4A60430688E9F58ACB772CBA1EC44CB40
                                          Function 074B53E8 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ffcedca932496089e8c4261e3b744788ea64591f2554158016bc8595a0e9043
                                          • Instruction ID: 8676fbdeacdd45229034aa9997fdcb0d9753441e7e3188ac36d471b89d050cc8
                                          • Opcode Fuzzy Hash: 1ffcedca932496089e8c4261e3b744788ea64591f2554158016bc8595a0e9043
                                          • Instruction Fuzzy Hash: ED01ECB0840219DFDB24DF6AC4047EEFAF1AF44355F248526E414AA290D7744A55CFA1
                                          Function 054BE780 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c46d6fedde1abc56ed0a0b07f94eb73d47c7779d081c49e3b937b1532c390b4
                                          • Instruction ID: 57613d333e7264638457546844f1e0cbb005219debc28aa58ab5406edf358b1a
                                          • Opcode Fuzzy Hash: 4c46d6fedde1abc56ed0a0b07f94eb73d47c7779d081c49e3b937b1532c390b4
                                          • Instruction Fuzzy Hash: D4F05431B003149FCB18AB75E45856EB7ABEBC4315F40886ED40787350CE749801CB94
                                          Function 054B5908 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                          • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                          • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                          • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                          Function 074B5488 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e366d88b2cabe4ec8c06d647765503072971a602654ae235aa19ab68fa4709a6
                                          • Instruction ID: c59397875c64b3614b494aaf4d12c51b25ef5fda9f57e3c73d648d30b15cba5f
                                          • Opcode Fuzzy Hash: e366d88b2cabe4ec8c06d647765503072971a602654ae235aa19ab68fa4709a6
                                          • Instruction Fuzzy Hash: 43E0C9767042286F93149A6ED884D6BBBEEFBDD664355817AE508C7310DA319C0186A0
                                          Function 074B0AD0 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f429b37750d0175b094533f95a84f1fc4fb45af211be2d202e98dd2b8330c872
                                          • Instruction ID: 7f907dc1157aead1117a688f1b575c0f1260d0076c11136bf24c4e5caed1dd0f
                                          • Opcode Fuzzy Hash: f429b37750d0175b094533f95a84f1fc4fb45af211be2d202e98dd2b8330c872
                                          • Instruction Fuzzy Hash: 90F0E27A7002179FDB16EF78D5409E93BAAEF853153144866F604CB339DA74AC02CB90
                                          Function 054BD779 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f1c597e65f2b5a78a58fac8adf12373ed1728ad4af1e4ad2af154d8898fcdf6
                                          • Instruction ID: ea98e04fa127312bbbb051184113eeef7b92bfcc43851380c98002d76bf10a57
                                          • Opcode Fuzzy Hash: 6f1c597e65f2b5a78a58fac8adf12373ed1728ad4af1e4ad2af154d8898fcdf6
                                          • Instruction Fuzzy Hash: 49F0A7326045596FC702EA59D800BDA7FEADF89315F08449AF548C7252CA799812D760
                                          Function 054BFE0C Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e27d7dd361271e13f0363e0ab44b3c0f618609d05578b3e100231abe3bd32ebe
                                          • Instruction ID: 76985973e8d6cbb5f2feeab9ec3e47f6804908f162fa367d90a23dc08af2073e
                                          • Opcode Fuzzy Hash: e27d7dd361271e13f0363e0ab44b3c0f618609d05578b3e100231abe3bd32ebe
                                          • Instruction Fuzzy Hash: 44F06D31614106DFEF00DE68D80A7F833B4FB4035AF4014A7D00A9B2A1CBB4849ACB30
                                          Function 074BEB39 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c7018969880f63fbe6edbaaaf6467a1474e00daf2eab122f4eb4065ca9e78771
                                          • Instruction ID: c501ecf3a01e688c0e881f49837f55f2bf4ebbccf119008cbe5c4f63f454a246
                                          • Opcode Fuzzy Hash: c7018969880f63fbe6edbaaaf6467a1474e00daf2eab122f4eb4065ca9e78771
                                          • Instruction Fuzzy Hash: 2BF0B435948248AFCF11DFE8D4005DDBFB1AB46361F108296E8644A3A1C6340B41DB91
                                          Function 074BD7A1 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c9817b9242a0a0ddce44bafd29424a3f71670a15045553b96c962013978e08d6
                                          • Instruction ID: 90e712b0e86ee7191f489eb03ee59c45302aa5fadd707dcddeb397254bbe3d9e
                                          • Opcode Fuzzy Hash: c9817b9242a0a0ddce44bafd29424a3f71670a15045553b96c962013978e08d6
                                          • Instruction Fuzzy Hash: 30F04FB0E11248CFCB10DFA9E5455EDBBBAFB4D345B10A66AE8059B716DB305C01CF40
                                          Function 074B0AE0 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ea6731dba3a410471edbb2c8a6e2cbbf9247e974fa196ed810df5432677d7f7
                                          • Instruction ID: a818b48ed83f13b32aff0155370155a05cbe3f46bad96f7f94c008745d208d82
                                          • Opcode Fuzzy Hash: 3ea6731dba3a410471edbb2c8a6e2cbbf9247e974fa196ed810df5432677d7f7
                                          • Instruction Fuzzy Hash: 23F0A03530021AABCB15EF79D440CAA3BAEEF853553104529FA048B338DB71AC01CB90
                                          Function 054BDED0 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35ce5e2ebe38da279c75cb2fae4a5c194d50f753a4fb4849cbfac7bf3b0eb5a6
                                          • Instruction ID: 3dbed2b6a755749afd2017469d2bde88b4fcc76a009e8045b39ea14804048657
                                          • Opcode Fuzzy Hash: 35ce5e2ebe38da279c75cb2fae4a5c194d50f753a4fb4849cbfac7bf3b0eb5a6
                                          • Instruction Fuzzy Hash: 1CE092354085920FEB02F729D8AB7E17F60EF62305F1841E280C18A2ABD5184046C791
                                          Function 054B8BC0 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3d6cf2f8dd70e6e9f5bdb8fc7ecbc25ce76e1b1a21e3821b87a5ce8ae074ab7
                                          • Instruction ID: 5537552dce9fba3580502a3aaf0d46ca5c93175e68f3dac799b05301b3f0865a
                                          • Opcode Fuzzy Hash: f3d6cf2f8dd70e6e9f5bdb8fc7ecbc25ce76e1b1a21e3821b87a5ce8ae074ab7
                                          • Instruction Fuzzy Hash: 4FF0B2342406108FC718DB2CD598C59BBE5EF4971571145A9E10ACB332CBB2EC40CB80
                                          Function 074BEAD8 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6470ae49ff9ca084f96fd09b9820d2f4ea33fe9a2bdea3a601b976d473a804b3
                                          • Instruction ID: 8fe12bac85f5c02ecb0c84d0b6c842285f4cb5b6f071b9171164860d9bf77deb
                                          • Opcode Fuzzy Hash: 6470ae49ff9ca084f96fd09b9820d2f4ea33fe9a2bdea3a601b976d473a804b3
                                          • Instruction Fuzzy Hash: 4BF0177994820CEFCB51EFA8D44569DBBB1AF48311F11C0AAE80497390DA785A54DF52
                                          Function 054B5582 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 275050cd97ffcae429479e4168fbe6161bfcbb18fe77d95c72274e381bc3e406
                                          • Instruction ID: d0f50c8816c3ebba601941cb8b93007d8c16f5d45488d659970908db8df46e7a
                                          • Opcode Fuzzy Hash: 275050cd97ffcae429479e4168fbe6161bfcbb18fe77d95c72274e381bc3e406
                                          • Instruction Fuzzy Hash: 53E0DF712043146BAA34AA2AD884CE3B7FEFB48220310095FE84EC3B10EA71F805C6B4
                                          Function 054BE015 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83278780f77735d17fe8f66a659ed1dab718d60e44f4247b859e242833c3486d
                                          • Instruction ID: c3107bdc15611563e08f302ac21aaa278c64691fbdc2d050f3097054ff0ef16f
                                          • Opcode Fuzzy Hash: 83278780f77735d17fe8f66a659ed1dab718d60e44f4247b859e242833c3486d
                                          • Instruction Fuzzy Hash: A4F01230E4051ACBEB14EFB590157EE7AA6AF84305F14847AD00297281DFB44451CFB5
                                          Function 074BD68A Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2c52a0b1f44bee63152717674e59929fecdba5e29fb3f0f65a4ed099a83e014
                                          • Instruction ID: 7c76ace241eee5527b713b38583dbf6bfc9bb8e820011df21d4973314b348262
                                          • Opcode Fuzzy Hash: f2c52a0b1f44bee63152717674e59929fecdba5e29fb3f0f65a4ed099a83e014
                                          • Instruction Fuzzy Hash: A6F030F4E59249CFCB20DBA9D4005ED7FB9EF4A340B409E6AD0198B72AD6709806CF61
                                          Function 054BD788 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e899fa2ca68a83cd65a718adde898d033cd3be35673fb56e6745b2958a6aa024
                                          • Instruction ID: b368c3f6635832119fa5539177774867b73969a04cbc0627baa00fd2b23b0da2
                                          • Opcode Fuzzy Hash: e899fa2ca68a83cd65a718adde898d033cd3be35673fb56e6745b2958a6aa024
                                          • Instruction Fuzzy Hash: 10E092322001596FCB019A4AE800EEEBFDEEFC8311B08855AFA49C7251CAB1A81197A0
                                          Function 054BEE81 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84826633f12ef162546f012f8b3c4ad1a8c408babdcb5dea929f7a628125aacc
                                          • Instruction ID: 13c856f7c70f8ac7a0427e0b087a3506379a3ab279000b2cef5718c9aa134cda
                                          • Opcode Fuzzy Hash: 84826633f12ef162546f012f8b3c4ad1a8c408babdcb5dea929f7a628125aacc
                                          • Instruction Fuzzy Hash: B7E0D87BE2091553DB0465A4F9166EC7369EF44313F008437D901B7680DA34041A8741
                                          Function 074BEB48 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 681464b17e59c129c14a707ea9e6b582bf8fdcd4993a6c075bcbe9988813bdcf
                                          • Instruction ID: fcbf3543e4f3bf5daf21ef00cbc44cbffe22bc7eda2e4e6488efbf32c719e8f1
                                          • Opcode Fuzzy Hash: 681464b17e59c129c14a707ea9e6b582bf8fdcd4993a6c075bcbe9988813bdcf
                                          • Instruction Fuzzy Hash: 33F01574E4520CEBCB64EFA8D4456DDBBB1EB88311F10C1AAA80497350DA345A50DF81
                                          Function 074B7B39 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46fc0ec1844c2e71152bfe1b6ab335e3251bc7cf4a1f218b551b13fed632be66
                                          • Instruction ID: 31e86e33ece297bf09bf6e268c77defbe87ea6a789e5107255fd7ad1e1bcec4f
                                          • Opcode Fuzzy Hash: 46fc0ec1844c2e71152bfe1b6ab335e3251bc7cf4a1f218b551b13fed632be66
                                          • Instruction Fuzzy Hash: F0F0EDB4A542888FC702CFA8D0406D8BFB0EF06338F1041CBE8588B3A2CB319A42CB40
                                          Function 074B9A63 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3fceb4547e336d26eb68b5738b3ec3f5855523590a7ddfa60ed8ff65846e321a
                                          • Instruction ID: f0f63db0a24d5053e2bee0879b4eaa219dac885ed985f3611edd353050c47492
                                          • Opcode Fuzzy Hash: 3fceb4547e336d26eb68b5738b3ec3f5855523590a7ddfa60ed8ff65846e321a
                                          • Instruction Fuzzy Hash: 67E065F0A0E619CFDB64CB6589845E877A9EB8B204F00EAFAD10DA7116DA705D49CF11
                                          Function 054B64F1 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 749383e03cc60a6af6d172202251185f612722956d7694a724ecbf910e116fa0
                                          • Instruction ID: c6b199fa2b2a8aa540ee6cb199a1442f861b33d6a99b9a49613a4b78abf140f2
                                          • Opcode Fuzzy Hash: 749383e03cc60a6af6d172202251185f612722956d7694a724ecbf910e116fa0
                                          • Instruction Fuzzy Hash: B4E08C313086108FC718DB1CF440AE6BBEAAF88315B2646BAF00ACB7B5CA60ED058740
                                          Function 074BEAE8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8737e35b26fa84f84802e946e26f2d1abe06fc4203730776fa5380671c4aabd8
                                          • Instruction ID: 440c4f6d3a27494a167749827a4cb5aa01b1f42bd82118ac56347c97d2d429c9
                                          • Opcode Fuzzy Hash: 8737e35b26fa84f84802e946e26f2d1abe06fc4203730776fa5380671c4aabd8
                                          • Instruction Fuzzy Hash: EEF01E74E0420CEBCB50EFA8D4456DDBBB1EB88311F10C1AAA808A3350DA355A90DF82
                                          Function 054B3988 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5efc4a6efc95c742a0bc92959997b1a4722be2e761cc22b03196a29ad457709b
                                          • Instruction ID: 39c4213812e0b1ccb066e26d2067520262f6d4023925be526720ef00bf3e8627
                                          • Opcode Fuzzy Hash: 5efc4a6efc95c742a0bc92959997b1a4722be2e761cc22b03196a29ad457709b
                                          • Instruction Fuzzy Hash: D9E092B5A00208AFC740EFA4E50179C7FB2EB94208F1086A9E80593308DB365E009B10
                                          Function 074BD9DE Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d95a9153f1169d71b532d3de3b27e8fd8c6b6b477ce1ca100cc149474c2a5fe1
                                          • Instruction ID: 5ea2165e4e1b741e8ced0bb3057e7b2bec6750141cc6dcf11fc4c5ec1a4913e1
                                          • Opcode Fuzzy Hash: d95a9153f1169d71b532d3de3b27e8fd8c6b6b477ce1ca100cc149474c2a5fe1
                                          • Instruction Fuzzy Hash: E4F01C74E19209CFC720DFA9E5499EABFF0FB09305F44A1A6E40587311DB309880CF54
                                          Function 074B4310 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c970c182446f9d24be2695ceb1b5a3283979faca484691176ce7af9e0efca34f
                                          • Instruction ID: 1fb4c3659395126f41198e6f175dbeb1ead4213aaac7ba40dfdaa3eb23bfb475
                                          • Opcode Fuzzy Hash: c970c182446f9d24be2695ceb1b5a3283979faca484691176ce7af9e0efca34f
                                          • Instruction Fuzzy Hash: CEE0EDB0D0030DDFCB44DFA8D4416AEBBB5FB48300F5085AAD858A3300D7715A51DB95
                                          Function 074B0A89 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dee411d07a08c6f260be0331d9c3990ae3e2d05d218286701a80ab7dc42261cc
                                          • Instruction ID: 6ef349010feaa81c22a380257b29ae15a649b4646f78e6c72402ec9cc12ee06c
                                          • Opcode Fuzzy Hash: dee411d07a08c6f260be0331d9c3990ae3e2d05d218286701a80ab7dc42261cc
                                          • Instruction Fuzzy Hash: 5EE06D7AC0024DAFCF11DBA4C4056DDFF71EB11305F1042E6E92656292EA321B07DB80
                                          Function 054BFDD0 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 476238acdac5598dca5c816248afca2f1d4ceeccee187fedf8c791dede23ef51
                                          • Instruction ID: 1e9a46dcf45b0e0abf21d251e660532fc9defaae33a996c3dde2512b0d5eb1aa
                                          • Opcode Fuzzy Hash: 476238acdac5598dca5c816248afca2f1d4ceeccee187fedf8c791dede23ef51
                                          • Instruction Fuzzy Hash: 3BE01A35610115CFDF149E79E8497E873B0BB44256F4110A6E009DB2A1CB74998ACB20
                                          Function 074B430A Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6f38f8e29db7d75c777064afe48e09001fa461f7771eac70b8e7db261b6135e
                                          • Instruction ID: b8a99b086a08ca711301b0551e2ab9c7a364372eb91b6eb4afc9c15fe1f42f68
                                          • Opcode Fuzzy Hash: c6f38f8e29db7d75c777064afe48e09001fa461f7771eac70b8e7db261b6135e
                                          • Instruction Fuzzy Hash: D8E092B0D0035A9FCB15CFA8C4416DDBFB1FB05324F6486ADE86456382CB365582CB81
                                          Function 054B6500 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d10d2ddeacfa0ae68044b65605fdfbe455ecfd116b7f7f5d6db60bf86d15ee8
                                          • Instruction ID: 857a7b6a4899a8c200603f1b919a6d9172adb9fb0f91d78c4fdac92b8a980864
                                          • Opcode Fuzzy Hash: 9d10d2ddeacfa0ae68044b65605fdfbe455ecfd116b7f7f5d6db60bf86d15ee8
                                          • Instruction Fuzzy Hash: ADD05E313147149FC728DB1CE840C9AB7EAEF8831032586BAF00AC7764DAA0FC054794
                                          Function 054B3998 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 618da412ad1862e167de08f54dfa82dbfe5cf6681013070b9fbd7008a5a3a664
                                          • Instruction ID: 7bc8c57bdaa3433c836cfd134ed2e95c26965d1f467258f0ebd4cfffdea37f88
                                          • Opcode Fuzzy Hash: 618da412ad1862e167de08f54dfa82dbfe5cf6681013070b9fbd7008a5a3a664
                                          • Instruction Fuzzy Hash: B0E0E6B4A10219EFC700FFA5E54145DBBF5EB492147108665E80593318DB366F059F55
                                          Function 074BB3D1 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff4b58aea8d9da758612cb155fde610d624167c9431b67565fa76a18639a1867
                                          • Instruction ID: 0ff9595aa65ffb129810d6caf22da6b8eb0e8222b02b5b90d688fcfa672fe3af
                                          • Opcode Fuzzy Hash: ff4b58aea8d9da758612cb155fde610d624167c9431b67565fa76a18639a1867
                                          • Instruction Fuzzy Hash: FDE0E5B4524219CFD720CF58CA84DE9BBB5FB49301F01A592E80A67616CB30AD45CF20
                                          Function 074B7B48 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7ae5cc1da89d6ec8bc72f181cd56bcc2f2f82d50e0e6ecf52a6c411ade48255
                                          • Instruction ID: 90f26bc2408372f443ca242130264683b968bd3b929950c981a3b4597cba5acd
                                          • Opcode Fuzzy Hash: e7ae5cc1da89d6ec8bc72f181cd56bcc2f2f82d50e0e6ecf52a6c411ade48255
                                          • Instruction Fuzzy Hash: 9CE09AB4E502089FC790DFA9D44569DFBF4EB48614F1080EAE808D7351E6349A40CF41
                                          Function 074B0A98 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73a23c905e5cca670aa551244ccf262aae8ee80e47e6d24da9888f9bfd9e7adb
                                          • Instruction ID: f3947885ab83cb16130b4ac628b482286c648f70d323f152a12526c0cd60cf68
                                          • Opcode Fuzzy Hash: 73a23c905e5cca670aa551244ccf262aae8ee80e47e6d24da9888f9bfd9e7adb
                                          • Instruction Fuzzy Hash: 2EE07575D0020CEFCF50DFA4D5458DDFBB5EB48201F1081A6E805A2240EA315B55DF80
                                          Function 074B1C50 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a2bcf57a82315ae502c673d20549d0f30de9d24974fed8bf92c35e353512371
                                          • Instruction ID: 13272c93b9437a0e3a84d6a19f3c083005bf3a2d2fceb660a15d37e32a458f6c
                                          • Opcode Fuzzy Hash: 6a2bcf57a82315ae502c673d20549d0f30de9d24974fed8bf92c35e353512371
                                          • Instruction Fuzzy Hash: BDE02BE648D2CB4ACB62E7B4E4477D93FE04B03224F1513DA84944B1E3C6680E43C356
                                          Function 074B983A Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c913182098f0da8285614f9ac4c857d8b178ebe80283355abb11e5fe2dd523d
                                          • Instruction ID: 2a080b824f18a005fc9dec63838e20424b3fe75cc08da8570ed494dc4781bfb3
                                          • Opcode Fuzzy Hash: 3c913182098f0da8285614f9ac4c857d8b178ebe80283355abb11e5fe2dd523d
                                          • Instruction Fuzzy Hash: 2AD0A7761993458FD31297A8F8193D97F355F42323F091173F404C5572CE248589C7B5
                                          Function 074BF7D0 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e98e8258f672e9ec73a8c496231e123053fbf14ddc9a68a314adde7844e6fc8c
                                          • Instruction ID: 6fb5ce32897825fd0e3b0f88fe37d8793ce3c0b85fa333f2a038ffd62ca590b8
                                          • Opcode Fuzzy Hash: e98e8258f672e9ec73a8c496231e123053fbf14ddc9a68a314adde7844e6fc8c
                                          • Instruction Fuzzy Hash: 0EE0C27090420CDBCB10EFE8E8452DDBFB4EB44306F1040E9E80457390CA341E94CB92
                                          Function 074B2310 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 248aec234e58f9eb7257d71a7730096bdf9fd822c851bd25331ac9cadec41230
                                          • Instruction ID: 9bc73ef5ccfbdaceba5f24452f49650c3a303ee6bb910c3be31791dd8d86e376
                                          • Opcode Fuzzy Hash: 248aec234e58f9eb7257d71a7730096bdf9fd822c851bd25331ac9cadec41230
                                          • Instruction Fuzzy Hash: F5E0E2B0E5020DAFCB90EFBCD44529DBBF4AB08200F4080AA9818A3340EA755A54CF81
                                          Function 074BA315 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d346ecbf73a403d25f311be4b6ce6bd92252614ed3d94183f0d9b38274cfe377
                                          • Instruction ID: 7b723f2d79a4ddcfc8ba4ea78676058ab639267157a82a89fe0dd59c758a1fef
                                          • Opcode Fuzzy Hash: d346ecbf73a403d25f311be4b6ce6bd92252614ed3d94183f0d9b38274cfe377
                                          • Instruction Fuzzy Hash: 7DE0B6B4A1436D8BCB44EFE8D4881ECBBF6FB5A301F10552AD40AAB344EB341C41CB10
                                          Function 074BA2CF Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b04c44b282205f3b0dc89738ea68d52fcdd236f5ff955e3722d935708ac06fa8
                                          • Instruction ID: 1d41bdce7898368ecafae8fa43db13b2114e4298712a84ec0a9e4d9994c7f3cb
                                          • Opcode Fuzzy Hash: b04c44b282205f3b0dc89738ea68d52fcdd236f5ff955e3722d935708ac06fa8
                                          • Instruction Fuzzy Hash: 07E0B638A54208CFC714CFA0C484AEDBB75BF4A301F10A455E4066B365CB31AC46CF14
                                          Function 074BDAA7 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 927ae7b4b5a27b9ec503da87fa29594ff4ce78ef438f17bd2a1a89664fbe6615
                                          • Instruction ID: 98c67134fc161cee053b4daad80e6422982b1ed4785f3566d33982690755ef03
                                          • Opcode Fuzzy Hash: 927ae7b4b5a27b9ec503da87fa29594ff4ce78ef438f17bd2a1a89664fbe6615
                                          • Instruction Fuzzy Hash: CEE0E570A1421C8FCF00DBA9D9446ADBBB2FB49320F104A25E4159B398C6305841CB00
                                          Function 054B9610 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 068be25e1a9f5e2cc4efe5257c63985783bb4182dd9b6bf89836bda0d8a154b2
                                          • Instruction ID: 5aa96a7ca6579e75982382f66839f9622a67a2fc0bfd6138214afe39982f9b82
                                          • Opcode Fuzzy Hash: 068be25e1a9f5e2cc4efe5257c63985783bb4182dd9b6bf89836bda0d8a154b2
                                          • Instruction Fuzzy Hash: 8AD0A73864E2478BE7286BA492367F17B359F41306F1900DFD64ACA143DB649407D721
                                          Function 054B9620 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1656067790.00000000054B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_54b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04f5736d110b3e40e8e6b9d149ef40cda1d19a22d805810c0096fdd71a0eb3a2
                                          • Instruction ID: 08a7a6a935d60bf3daa59245ab0a40d8928b2025e3f6c7fa467d5879abf75171
                                          • Opcode Fuzzy Hash: 04f5736d110b3e40e8e6b9d149ef40cda1d19a22d805810c0096fdd71a0eb3a2
                                          • Instruction Fuzzy Hash: 57D0133035510A47E72857EDA4657F6775D6F40705F140099F60EC7601DFD1E442D521
                                          Function 074B1C60 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 322aa9c97d0714105c2a1ee504892ad791b142d812e3c7c06b2edbcd38975ada
                                          • Instruction ID: e30315f13fc6a7775baebc060ed66c1f01472f5ae565209cb2928f2006378642
                                          • Opcode Fuzzy Hash: 322aa9c97d0714105c2a1ee504892ad791b142d812e3c7c06b2edbcd38975ada
                                          • Instruction Fuzzy Hash: BBD0A7B095120DDBC740EBF8E84679DBBB89704204F1000A9980853251EB701F40C795
                                          Function 074B2667 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1db44d18e54f3d159b701690e7d3878bb8761f2c819a2138cc3bb474f041e1e
                                          • Instruction ID: 591a1cd95306abb23700b0f113beac27f0b61be500e5451c0fd89ee179238150
                                          • Opcode Fuzzy Hash: b1db44d18e54f3d159b701690e7d3878bb8761f2c819a2138cc3bb474f041e1e
                                          • Instruction Fuzzy Hash: CEC012B90501019ACA019F0485549D5B6A5FF59300B80D856650847030D630C819DB17
                                          Function 074B9848 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c92ca6314c01b4f7b042e48f900b20b2404a9d9e297d6c18562590fcde6da34
                                          • Instruction ID: 8c604cd3359b423d6d6739d245c05577718236d5cb1aaa15b5348f0fc368ec3f
                                          • Opcode Fuzzy Hash: 0c92ca6314c01b4f7b042e48f900b20b2404a9d9e297d6c18562590fcde6da34
                                          • Instruction Fuzzy Hash: B1C08CB00A170CCBC760A7E4F40E3A8BA686B04312F486021B508016218EB41490D6A5
                                          Function 074B4D62 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2bebe7e773d1bbe4cbfb4ba6e9a364a3fe6cf9230d2b59d43f127c161ecd1fc
                                          • Instruction ID: 121baa383b9c8b4514fdcc1800bcfc7ff87e12707ee23935f8368fb455405a9b
                                          • Opcode Fuzzy Hash: d2bebe7e773d1bbe4cbfb4ba6e9a364a3fe6cf9230d2b59d43f127c161ecd1fc
                                          • Instruction Fuzzy Hash: E0C04CFF9155415FE7027A50D805BD07B61EB65208F4581A6504456072E51694199726
                                          Function 074B6838 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1fba9eda2695716b376b6b971952d2f795445589b2e7336605d46af0a02109d
                                          • Instruction ID: f94fc807ee6116c944349f2e9f34254b3591f1f31e8e045dc7ddcebd4dff84a4
                                          • Opcode Fuzzy Hash: e1fba9eda2695716b376b6b971952d2f795445589b2e7336605d46af0a02109d
                                          • Instruction Fuzzy Hash: 66C092FFE28A8297F306B17099027C0AB109BB2748F994062865568092F9389A2BC036
                                          Function 074B56F4 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f892199208971c0ed8a021b6d721d4b40e2d6e5717b800a424afb6b2fb06697
                                          • Instruction ID: f5639824365df57459eedc5e006185e2ff5b00838cbb55925deffd4be822dca2
                                          • Opcode Fuzzy Hash: 7f892199208971c0ed8a021b6d721d4b40e2d6e5717b800a424afb6b2fb06697
                                          • Instruction Fuzzy Hash: 53B012E52E5100E1841037BC4D908EAE551EBF2B00F608C27770540024C430CCB9D13B

                                          Non-executed Functions

                                          Function 074BDE0C Relevance: .3, Instructions: 349COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff0a9332fc19048af2af93395ab96a270b9cf8eb3815c19e988db2c8bcda7721
                                          • Instruction ID: a7992c32f454693a83848e281e041d4b3b700473a5a719942e779ff81d9e0bba
                                          • Opcode Fuzzy Hash: ff0a9332fc19048af2af93395ab96a270b9cf8eb3815c19e988db2c8bcda7721
                                          • Instruction Fuzzy Hash: 06E11FB4E042698FCB14DFA9C5809EEFBB2BF89304F24825AD415AB356D730AD41CF61
                                          Function 074BE26B Relevance: .3, Instructions: 318COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16b09cb7050a2112eefb66d12b54f9c9e8c655575e9a84a4f853db5095842d72
                                          • Instruction ID: ba7a1a4acad9e625c51ed7680a4a42ad7ea9900dfa1b2bafb4ac8a6afa076db5
                                          • Opcode Fuzzy Hash: 16b09cb7050a2112eefb66d12b54f9c9e8c655575e9a84a4f853db5095842d72
                                          • Instruction Fuzzy Hash: B2E1DDB4E002298FCB14DFA9C5809EEFBB2BF89314F24915AD415A735AD731AD41CFA1
                                          Function 074BE6B0 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f29de48e5fc0ea559f1255c8ffddf1a2afda3fba1f1aff4b5d9d6feb83725c9
                                          • Instruction ID: 984b45b8e719ae3635d25417d933035a5024b3366a0fd8d44de62dcb398ad669
                                          • Opcode Fuzzy Hash: 4f29de48e5fc0ea559f1255c8ffddf1a2afda3fba1f1aff4b5d9d6feb83725c9
                                          • Instruction Fuzzy Hash: A2E1ECB4E002298FDB14DFA9C5809EEFBB6BF89314F24815AD415A7355D730AD41CF61
                                          Function 07840318 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 76bdde1a718549293ea32b8295b60a63ceba02c7ba13a7d2f5168ae82f4a13da
                                          • Instruction ID: e0441f46ac626c6e3df3b516958d3ec8a0fa665bd3685eb115355f7fa73e09a0
                                          • Opcode Fuzzy Hash: 76bdde1a718549293ea32b8295b60a63ceba02c7ba13a7d2f5168ae82f4a13da
                                          • Instruction Fuzzy Hash: 31E1ECB4E002198FCB14DFA9C5809AEFBB2FF89304F24C259D515AB35AD771A941CFA1
                                          Function 07840828 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b55e936fdd6b1a61924fa5e79cc0386a8a73a8a0d64e9534165555e7291bad2a
                                          • Instruction ID: 025dcd8d977026899b9b74e86b064506c147f258000bfc2f2046f503061669d6
                                          • Opcode Fuzzy Hash: b55e936fdd6b1a61924fa5e79cc0386a8a73a8a0d64e9534165555e7291bad2a
                                          • Instruction Fuzzy Hash: D2E10CB4E002198FCB14DFA9C580AAEFBB2FF49314F24C259D515AB35AD770A941CFA1
                                          Function 074B5DF7 Relevance: .3, Instructions: 270COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bfb66519f9da599c8cd4f1f2b701675513993e24539192192c806ad580a19da
                                          • Instruction ID: 4ce1a042da1e283aaa0dda21dcfa6bb790c98fee530d4a4c0319a4c18f50938d
                                          • Opcode Fuzzy Hash: 6bfb66519f9da599c8cd4f1f2b701675513993e24539192192c806ad580a19da
                                          • Instruction Fuzzy Hash: DCD1F43192075ACECB01EB64D990A9DF771FF95300F20DBAAD00977224EB706AD9CB91
                                          Function 0162DAEC Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1652738862.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1620000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 593505a27b21f9e7bf45abdaf2579e12cd8ff5e5dccfe580f861873515e3e7f5
                                          • Instruction ID: 6dc72d92ded59ddd3dd20023640208236b34502e5138177d6003b7f1cdf2cabb
                                          • Opcode Fuzzy Hash: 593505a27b21f9e7bf45abdaf2579e12cd8ff5e5dccfe580f861873515e3e7f5
                                          • Instruction Fuzzy Hash: B1A17E32E0061ACFCF05DFB4C8505AEBBB2FF85301B1545AAE905AB265DB71E955CF80
                                          Function 074B5E08 Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a13bc0dd4606c7a0e559c117983a54278cd574ad52c8b0a8906250f83416a0b
                                          • Instruction ID: 5128c5a5b06a31f14ebbbccfe61b189bd4095807c38827a2f7a52bd8bd231831
                                          • Opcode Fuzzy Hash: 3a13bc0dd4606c7a0e559c117983a54278cd574ad52c8b0a8906250f83416a0b
                                          • Instruction Fuzzy Hash: E0D1E43192075A8ECB01EB64D990A9DF771FF95300F20DBAAD40937224EB706AD5CB91
                                          Function 07840308 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1658700512.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7840000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0422d2d266718cbe4d04414db7c01cf1b34657e57605c89d94ef8d35da7b35eb
                                          • Instruction ID: bb5a3a1840e7cc8dd3878439411c4d4525cab87e59bb9cc74d786bc74637dc61
                                          • Opcode Fuzzy Hash: 0422d2d266718cbe4d04414db7c01cf1b34657e57605c89d94ef8d35da7b35eb
                                          • Instruction Fuzzy Hash: F7511FB4E142198FCB14CFA9C5405AEFBF2BF89304F24C1AAD518A7316D7719941CFA1
                                          Function 074BE6A0 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1657730429.00000000074B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74b0000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 383a8b1c070e3766c85fa2784d984248384d18adc42c9acb7fdbee22b58d8c5e
                                          • Instruction ID: f8f9e8e123a146e478586261f24a3884a838f6641ecd4a402d27b200638e0a74
                                          • Opcode Fuzzy Hash: 383a8b1c070e3766c85fa2784d984248384d18adc42c9acb7fdbee22b58d8c5e
                                          • Instruction Fuzzy Hash: D751DAB4E002198BDB14DFA9C5805EEFBF6BF89314F24816AD418A7356D7319D41CFA1

                                          Execution Graph

                                          Execution Coverage:9%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:3
                                          Total number of Limit Nodes:0
                                          execution_graph 27707 573e270 27708 573e2be GlobalMemoryStatusEx 27707->27708 27709 573e2ee 27708->27709

                                          Executed Functions

                                          Function 00D29BF0 Relevance: 2.7, Instructions: 2747COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71a79ce0c27c8b501a79c35ef817478c3c1d4fb597c9d97f8d9d3e4ba83f6185
                                          • Instruction ID: e404c6f9290d533b2319c2cdf020e5b9a1a64e3a6112b923220688b2ec4a685a
                                          • Opcode Fuzzy Hash: 71a79ce0c27c8b501a79c35ef817478c3c1d4fb597c9d97f8d9d3e4ba83f6185
                                          • Instruction Fuzzy Hash: 7953E631C10B1A8EDB51EB68C890599F7B1FF99300F15D79AE458B7221EB70AAC5CB81
                                          Function 00D2CF6F Relevance: 2.2, Instructions: 2237COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0c35087368464751bee714508d4ef383543b7a82f2bd9de3a7109bf27c39c1f
                                          • Instruction ID: 81737694b0c76c333d7f999b38f0fc5dfd33900992631bff227d673050b7349f
                                          • Opcode Fuzzy Hash: c0c35087368464751bee714508d4ef383543b7a82f2bd9de3a7109bf27c39c1f
                                          • Instruction Fuzzy Hash: 2E330B31D107198EDB11EF68C890A9DF7B1FF99300F15D79AE458A7221EB30AAC5CB91
                                          Function 00D29370 Relevance: .6, Instructions: 623COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6dd09c3dfba9ced7751e3459093ca777ddb02f4b8d3998cce719583959ac09d
                                          • Instruction ID: 75fd561bda4ca0bbf69f94a1bba1891270691f335f327ef68c04a4ec41ec2ff2
                                          • Opcode Fuzzy Hash: f6dd09c3dfba9ced7751e3459093ca777ddb02f4b8d3998cce719583959ac09d
                                          • Instruction Fuzzy Hash: 72328F34A002158FDB14DF68E994AADFBF2EF99314F148569E809DB395DB30DC46CBA0
                                          Function 00D24A98 Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b2c8c2522375e27fe8bef865a7885a7201d7173b241e57a08c24c963da3032aa
                                          • Instruction ID: c58d74b5e1355a0e189b9f12e4874377cdef875e3313e156b7230442f523fc23
                                          • Opcode Fuzzy Hash: b2c8c2522375e27fe8bef865a7885a7201d7173b241e57a08c24c963da3032aa
                                          • Instruction Fuzzy Hash: ECB15070E00229CFDF10CFA9E89179DBBF2AF98318F188529D859E7254EB74D845CB91
                                          Function 00D23E80 Relevance: .2, Instructions: 238COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 131af520134a48fee2b84afca32abc959356a65d3ad7b4ba74e163aac878358f
                                          • Instruction ID: 9a5eae864c27aba91a6697a3224d27de17891321dd9e86e5115f73eaad0d8c61
                                          • Opcode Fuzzy Hash: 131af520134a48fee2b84afca32abc959356a65d3ad7b4ba74e163aac878358f
                                          • Instruction Fuzzy Hash: 4C918270E00319CFDF10CFA8E9817DDBBF2AF98318F188129E815A7254DB749985CBA1
                                          Function 00D26ECF Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1900 d26ecf-d26f3a call d26c38 1909 d26f56-d26f84 1900->1909 1910 d26f3c-d26f55 call d2675c 1900->1910 1914 d26f86-d26f89 1909->1914 1915 d26f8b-d26f92 1914->1915 1916 d26f9d-d26fa0 1914->1916 1918 d270e3-d270e9 1915->1918 1919 d26f98 1915->1919 1920 d26fa2-d26fd7 1916->1920 1921 d26fdc-d26fdf 1916->1921 1919->1916 1920->1921 1922 d26fe1 call d27900 1921->1922 1923 d26fef-d26ff2 1921->1923 1928 d26fe7-d26fea 1922->1928 1924 d26ff4-d27008 1923->1924 1925 d27025-d27027 1923->1925 1931 d2700a-d2700c 1924->1931 1932 d2700e 1924->1932 1926 d27029 1925->1926 1927 d2702e-d27031 1925->1927 1926->1927 1927->1914 1929 d27037-d27046 1927->1929 1928->1923 1935 d27070-d27086 1929->1935 1936 d27048-d2704b 1929->1936 1933 d27011-d27020 1931->1933 1932->1933 1933->1925 1935->1918 1939 d27053-d2706e 1936->1939 1939->1935 1939->1936
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LR^q$LR^q
                                          • API String ID: 0-4089051495
                                          • Opcode ID: d512bd4860df64c485c61c1131561487eb8650e7d0746083e8f5837167b41c1a
                                          • Instruction ID: 21325c1fdb31465c7b7da672a4b89681ee1a5494d1079454f4776d90f86e594b
                                          • Opcode Fuzzy Hash: d512bd4860df64c485c61c1131561487eb8650e7d0746083e8f5837167b41c1a
                                          • Instruction Fuzzy Hash: E451F230A142299FCB25DF74E4547EEB7B2EF96304F248469E405EB281DB71DC46CB51
                                          Function 0573D354 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2362 573d354-573e2b6 2364 573e2be-573e2ec GlobalMemoryStatusEx 2362->2364 2365 573e2f5-573e31d 2364->2365 2366 573e2ee-573e2f4 2364->2366 2366->2365
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE(8B55056D), ref: 0573E2DF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2876676366.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5730000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 9783480b6558ebcf48e09b95f8dafb689f405d3e55708dcd1ceb1a183c9e99c1
                                          • Instruction ID: e6ad9fdb189f77719967e51871a14df441ddaa7ac3080f1224055e084f25074f
                                          • Opcode Fuzzy Hash: 9783480b6558ebcf48e09b95f8dafb689f405d3e55708dcd1ceb1a183c9e99c1
                                          • Instruction Fuzzy Hash: CF1103B1C006699BCB10DF9AC445BEEFBF4AB48320F10816AE818B7251D378A940CFA5
                                          Function 0573E270 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2369 573e270-573e2ec GlobalMemoryStatusEx 2371 573e2f5-573e31d 2369->2371 2372 573e2ee-573e2f4 2369->2372 2372->2371
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE(8B55056D), ref: 0573E2DF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2876676366.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5730000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: e8f933df9ff8d73fbbbf42b02cddaec69ed02adbfbe3e577034dd2d4072f763a
                                          • Instruction ID: aa7309c5ba5fd43a9cc03f6d7736f040a8183f2db52da00489c8a5cd55b03704
                                          • Opcode Fuzzy Hash: e8f933df9ff8d73fbbbf42b02cddaec69ed02adbfbe3e577034dd2d4072f763a
                                          • Instruction Fuzzy Hash: 081112B1C006699FCB10CF9AC444BEEFBF5BF48320F14816AE818A7250D778A940CFA5
                                          Function 00D2F43D Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2457 d2f43d-d2f46b 2458 d2f46d-d2f470 2457->2458 2459 d2f472-d2f48e 2458->2459 2460 d2f493-d2f495 2458->2460 2459->2460 2461 d2f497 2460->2461 2462 d2f49c-d2f49f 2460->2462 2461->2462 2462->2458 2463 d2f4a1-d2f4c7 2462->2463 2469 d2f4ce-d2f4fc 2463->2469 2474 d2f573-d2f597 2469->2474 2475 d2f4fe-d2f508 2469->2475 2483 d2f5a1 2474->2483 2484 d2f599 2474->2484 2478 d2f520-d2f571 2475->2478 2479 d2f50a-d2f510 2475->2479 2478->2474 2478->2475 2481 d2f512 2479->2481 2482 d2f514-d2f516 2479->2482 2481->2478 2482->2478 2486 d2f5a2 2483->2486 2484->2483 2486->2486
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH^q
                                          • API String ID: 0-2549759414
                                          • Opcode ID: abc20bc07fffa02c1962b833a3052e332908f8a1fcf5c578225371788740ab7b
                                          • Instruction ID: e278a96f5ae188be63ade12d00c12efebb3dfbd538b78218bdd701e4ab835e68
                                          • Opcode Fuzzy Hash: abc20bc07fffa02c1962b833a3052e332908f8a1fcf5c578225371788740ab7b
                                          • Instruction Fuzzy Hash: 3031FC30B042118FCB15AB30E55436E7BF2AF8A708F284979D406DB395EE39DC468BA1
                                          Function 00D2F450 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2492 d2f450-d2f46b 2493 d2f46d-d2f470 2492->2493 2494 d2f472-d2f48e 2493->2494 2495 d2f493-d2f495 2493->2495 2494->2495 2496 d2f497 2495->2496 2497 d2f49c-d2f49f 2495->2497 2496->2497 2497->2493 2498 d2f4a1-d2f4c7 2497->2498 2504 d2f4ce-d2f4fc 2498->2504 2509 d2f573-d2f597 2504->2509 2510 d2f4fe-d2f508 2504->2510 2518 d2f5a1 2509->2518 2519 d2f599 2509->2519 2513 d2f520-d2f571 2510->2513 2514 d2f50a-d2f510 2510->2514 2513->2509 2513->2510 2516 d2f512 2514->2516 2517 d2f514-d2f516 2514->2517 2516->2513 2517->2513 2521 d2f5a2 2518->2521 2519->2518 2521->2521
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH^q
                                          • API String ID: 0-2549759414
                                          • Opcode ID: 62959a1f5d9c667deec227a81c9319e45e99e1abf4b57e4c21d20e4974e70375
                                          • Instruction ID: 43bd1c184a1f5282bce5d963aea59cc1052ab02e79b3f1f1d0363217a4223675
                                          • Opcode Fuzzy Hash: 62959a1f5d9c667deec227a81c9319e45e99e1abf4b57e4c21d20e4974e70375
                                          • Instruction Fuzzy Hash: 7631C930B002118FCB19AB74E55476F7BF2AF89708F284879D006DB395EE75DC468BA1
                                          Function 00D26F70 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LR^q
                                          • API String ID: 0-2625958711
                                          • Opcode ID: ed313dec319dee8fdf47298f4d9583fc52eb82e64ef4e29b92d58998e7c0f282
                                          • Instruction ID: 5bb53128fbb1dcd84797d28da2653e30e761eb5e5fbc5ba9cae67b24b3575fb1
                                          • Opcode Fuzzy Hash: ed313dec319dee8fdf47298f4d9583fc52eb82e64ef4e29b92d58998e7c0f282
                                          • Instruction Fuzzy Hash: 29318E31E102299BDF24CFA4E5547AEB7B2EFA5304F248525E805EB240EB71ED468B61
                                          Function 00D26B99 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LR^q
                                          • API String ID: 0-2625958711
                                          • Opcode ID: 1ba2f51444c8c10e75ac5aab3d689751cd0c50abbbc163a777c751b240007419
                                          • Instruction ID: f1ce999bd2fcc0e58120005fe8e6079d6a80cc9f38845a87926bdd8ca309854b
                                          • Opcode Fuzzy Hash: 1ba2f51444c8c10e75ac5aab3d689751cd0c50abbbc163a777c751b240007419
                                          • Instruction Fuzzy Hash: C021D7307082946FC716AB38982479E7FF5DF86710B0448AEE485CB396DE319D4A87D2
                                          Function 00D27900 Relevance: .6, Instructions: 557COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 489f82199b64f9bff6cbc508d27289d2bcc14be41a435d8284aaf481790109b9
                                          • Instruction ID: 11ec0552bdaf4cb74c7d078579944720abdb71d73cb9fe4499418fb289f1df5e
                                          • Opcode Fuzzy Hash: 489f82199b64f9bff6cbc508d27289d2bcc14be41a435d8284aaf481790109b9
                                          • Instruction Fuzzy Hash: EA124C34B44206DFCB25AB78E594A2972E2FB9A318B144E3AE005CB765DF31DC47C7A1
                                          Function 00D24A8D Relevance: .3, Instructions: 262COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac3297d8cb092b97d6dffc7871df9f0105cade17757f52854075b9c9ff90b775
                                          • Instruction ID: 8bf4016b2d3fa0c04dd87622a4ee55871c344ede412c0ccd7a0887863a7a126c
                                          • Opcode Fuzzy Hash: ac3297d8cb092b97d6dffc7871df9f0105cade17757f52854075b9c9ff90b775
                                          • Instruction Fuzzy Hash: 62B14070E00229CFDF10CFA9E8957DDBBF1AF58318F188129D859E7254EB749845CBA1
                                          Function 00D2935C Relevance: .2, Instructions: 241COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33315fb2a885a6ba8e94ef6251e51bfd15154fd9a49698b0ff62c753145a911c
                                          • Instruction ID: b6323ab02b280d83c905de7ef368b8973cb70267d21c44a41c6408959f95e071
                                          • Opcode Fuzzy Hash: 33315fb2a885a6ba8e94ef6251e51bfd15154fd9a49698b0ff62c753145a911c
                                          • Instruction Fuzzy Hash: 49914D34A001148FCB15DF64E5A4AADFBF2EF98315F188569E806D73A5DB31DC42CB60
                                          Function 00D23E74 Relevance: .2, Instructions: 237COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e005434a1dd98bd42020f7d6c3cbe6613b5b75edbb92789d74917a7eddec9ab1
                                          • Instruction ID: bcc514dd0b68380384869caac1dc6befe767a68731f63ca4528ccc022796781f
                                          • Opcode Fuzzy Hash: e005434a1dd98bd42020f7d6c3cbe6613b5b75edbb92789d74917a7eddec9ab1
                                          • Instruction Fuzzy Hash: 90A17270E00359CFDF10CFA8E9857DDBBF1AF58318F188129E819A7254DB749985CBA1
                                          Function 00D26CD7 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eda32e76c739b65f411e5cd6485aa01d443d42cbcb160cc9a7ed76fd0db7a8ca
                                          • Instruction ID: b43546eb9f37a317f3bd596804e62d9da3252212a09b8a077c0a2bea7f788ae4
                                          • Opcode Fuzzy Hash: eda32e76c739b65f411e5cd6485aa01d443d42cbcb160cc9a7ed76fd0db7a8ca
                                          • Instruction Fuzzy Hash: 7C514374E003288FDB14CFA9D885B9DBBF1BF58308F198119E819AB355C774A845CFA5
                                          Function 00D26CD5 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e83a6db732ae3740d0196f98b5881be504ea1306fdfd52550574c9b8e2e828af
                                          • Instruction ID: 7d1800bff8f1ea84e7c3fc3453db686d20251c7a3bb1d6fe8296968c71a9da48
                                          • Opcode Fuzzy Hash: e83a6db732ae3740d0196f98b5881be504ea1306fdfd52550574c9b8e2e828af
                                          • Instruction Fuzzy Hash: F4513374E003288FCB14CFA9D884BDDBBB1BF58308F188119E819AB255C774A845CFA5
                                          Function 00D26CE0 Relevance: .1, Instructions: 132COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb3c1902a156136d4d559b75a90f2d086a42893496f584d154f862d0a175749c
                                          • Instruction ID: 7580033a0d8bc652272e1f154ef52ca8ac6cb93b8fc5e67874ad0ebab2d687a6
                                          • Opcode Fuzzy Hash: cb3c1902a156136d4d559b75a90f2d086a42893496f584d154f862d0a175749c
                                          • Instruction Fuzzy Hash: AE513274E003288FDB14CFA9D884B9DBBF1BF58308F198129E819AB350D774A845CFA5
                                          Function 00D2112A Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd4e3558ddfe468ccaf07df2eef8c0039b0fbb646d1f96e55384bf3e5bc97d66
                                          • Instruction ID: 97cf524f593247507c37f1f0dc0d031c0723e613477e26f568e45d91c3a814fa
                                          • Opcode Fuzzy Hash: cd4e3558ddfe468ccaf07df2eef8c0039b0fbb646d1f96e55384bf3e5bc97d66
                                          • Instruction Fuzzy Hash: 5251FC342021899FCB0AEB6CFD94B5A7BB6F75A304345496BD0046B77EDF20694BCB90
                                          Function 00D21138 Relevance: .1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb2b3f4807c424a1eb8e40c809e57b038829ed503328224ac4b98aa83aa89d29
                                          • Instruction ID: fdbfe03714e73090ce41103f1a0a2c8edfa5de1e240496eefb13acb67837ad99
                                          • Opcode Fuzzy Hash: bb2b3f4807c424a1eb8e40c809e57b038829ed503328224ac4b98aa83aa89d29
                                          • Instruction Fuzzy Hash: 4A51EB34202149AFCB0AFB6CF994B5A7BB6F799304345496BD0046B77DDF20694BCB90
                                          Function 00D2F300 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08aff309a72387258b726106ab7d9e85c93498b2a5630649464aaa41ac1b7c48
                                          • Instruction ID: 4cc97ab3c6ef46739833da01ee5eb71683f8efe0e7ec4c7174f2541bfa220419
                                          • Opcode Fuzzy Hash: 08aff309a72387258b726106ab7d9e85c93498b2a5630649464aaa41ac1b7c48
                                          • Instruction Fuzzy Hash: AF318F35E1021A9BCB15DFA4E49469EB7F2FF89304F148929E806E7350DB70AC46CB60
                                          Function 00D226DC Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 705fddd6024bf3e8dcf965736b57d17de76aa09875605a98f1b50646777f635f
                                          • Instruction ID: 4d83388eac6e7a13384cd5e83218bb98c22834c5db2ac02648b1f5fd52e35acc
                                          • Opcode Fuzzy Hash: 705fddd6024bf3e8dcf965736b57d17de76aa09875605a98f1b50646777f635f
                                          • Instruction Fuzzy Hash: 9C41F0B4D00359EFDB10CFA9C584ADEBBB5FF48314F14802AE819AB264DB759949CF90
                                          Function 00D2F310 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0505c019aa5a2d94a67791dc353981d84dff5d3dee5e489b3fcaa5c5c5821084
                                          • Instruction ID: 3ff4b4439e35ec132c5380905d96dbef74ebeb23878f05e6ba924ef2d973c84a
                                          • Opcode Fuzzy Hash: 0505c019aa5a2d94a67791dc353981d84dff5d3dee5e489b3fcaa5c5c5821084
                                          • Instruction Fuzzy Hash: 33314B35E1061A9BCB19DFA5E85469EB7F2FF89304F148929E806E7350DF70AC46CB60
                                          Function 00D226E8 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55da2a10595b3f0edf0b938aa6bc35d7011558c5528e17e7a1aa8fe2606bab79
                                          • Instruction ID: 536e25dc160f6c29d58faac7fab2611415b66db8a52bf39d521b9eaa170f5bef
                                          • Opcode Fuzzy Hash: 55da2a10595b3f0edf0b938aa6bc35d7011558c5528e17e7a1aa8fe2606bab79
                                          • Instruction Fuzzy Hash: B241FEB0D00249EFDB10CFA9C480ADEBFB5FF48314F248029E809AB254DB74A945CBA0
                                          Function 00D217C0 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b7b541e8868f6ee632449fa56649eb545b20f94374692d60108314234af930b
                                          • Instruction ID: 580f6a04e77abc36d30f99f92611183ad767d8657f26c22fcfa37ff9e6f329d5
                                          • Opcode Fuzzy Hash: 0b7b541e8868f6ee632449fa56649eb545b20f94374692d60108314234af930b
                                          • Instruction Fuzzy Hash: EC215539F042609FCB12AB78AC4876E3BE5EBA9314F144922D809D3341EB34CD4287A1
                                          Function 00D21488 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96c8b2bf6d919c0b07ff4fe2abd59c37943809d3507ed0958bf03eb2c5a96ece
                                          • Instruction ID: 0b838b1aff5b663f5db2c273c4936e04f0af0a03cacce4aed45e0fadeb24a781
                                          • Opcode Fuzzy Hash: 96c8b2bf6d919c0b07ff4fe2abd59c37943809d3507ed0958bf03eb2c5a96ece
                                          • Instruction Fuzzy Hash: E821A334A002358FCF31AFB8A4412ADBBB5EB74319F1844BAE809D7346DB35CD4287A1
                                          Function 00D29247 Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb5fcf138cc3c425f47985ba6ffd1017b0d66ee1c575022e198369faa011fccc
                                          • Instruction ID: 662082b3e846d5930a41ed3504aa5322c585314eebcccd9af38af3afa28dbf88
                                          • Opcode Fuzzy Hash: fb5fcf138cc3c425f47985ba6ffd1017b0d66ee1c575022e198369faa011fccc
                                          • Instruction Fuzzy Hash: 94318431E0025A9BCF05DFA4E8546DEFBB2FF99304F588516E805AB241DB71DC46CBA0
                                          Function 00D2169F Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ea607b392e40c98946cf0083fa807bc8804243a4ce40f050af5c4570d82d9bc
                                          • Instruction ID: 3e60a38aeff4da7bffbc9dcd8e23d1e70ee145bbb9dbbb8f8c3179409136990d
                                          • Opcode Fuzzy Hash: 5ea607b392e40c98946cf0083fa807bc8804243a4ce40f050af5c4570d82d9bc
                                          • Instruction Fuzzy Hash: 9121B77C5041118FDF12A728F884B6E3775EB79308F148A66D005DB299DF24DC478BE2
                                          Function 00C9D005 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870322434.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_c9d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b73a901c5d0cc71ff59a1401b25c89385a56ca7c266e4b02668f1808038a632
                                          • Instruction ID: 3ef893f4780e5001570460891353eff0779d49e1badbe87a1f51b980230354bf
                                          • Opcode Fuzzy Hash: 8b73a901c5d0cc71ff59a1401b25c89385a56ca7c266e4b02668f1808038a632
                                          • Instruction Fuzzy Hash: 6F316B7550D3C49FCB03CF24C994711BF71AB46214F29C5EBD9898F2A3C23A981ACB62
                                          Function 00D29258 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 524bbee508c569aaab652f90633227758918497b406b512d38a896bc36da4fb9
                                          • Instruction ID: 1b23a9c17c2657090cab09b8175f069ab79fa4058334a00c5390ab99a55b3f30
                                          • Opcode Fuzzy Hash: 524bbee508c569aaab652f90633227758918497b406b512d38a896bc36da4fb9
                                          • Instruction Fuzzy Hash: B4218030E0021A9FDF05CFA5E49469EF7B2FF99304F58861AE805AB340DB719C46CBA0
                                          Function 00D29148 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2679fd67b6ac44349f66ece7719a4b46ccd84e534ed61c3ae84d5aa608579afe
                                          • Instruction ID: 1b7b2253bdb6fe92997ecb96064d67f66115d8b09f32666b84a0a3c21d473555
                                          • Opcode Fuzzy Hash: 2679fd67b6ac44349f66ece7719a4b46ccd84e534ed61c3ae84d5aa608579afe
                                          • Instruction Fuzzy Hash: CD219231E002169BCB15CFA5D8646DEFBB2AF99304F648519E815FB341DB709D46CB60
                                          Function 00D24F89 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91cc9b50e5e03bd81f6a1ea3ccb85731da966dd54a39973febc4fe974294ddfe
                                          • Instruction ID: 93b6a9f375de120cc6bf8852d15dde9bc2c4d34af69594e2b63e1c209f91db70
                                          • Opcode Fuzzy Hash: 91cc9b50e5e03bd81f6a1ea3ccb85731da966dd54a39973febc4fe974294ddfe
                                          • Instruction Fuzzy Hash: 20213C34600255CFDB14DB74EA58BAE7BF1EF9D348B200468E406EB3A5DB319D01CBA0
                                          Function 00C9D030 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870322434.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_c9d000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb131bee52b430fa632ae2220fdff145a31595c344cadfa47036e0c5d64c6ca6
                                          • Instruction ID: e9266c49723c0a16e5dabf3835be5d867779473620c758cf2bf98b6a5b676ff3
                                          • Opcode Fuzzy Hash: cb131bee52b430fa632ae2220fdff145a31595c344cadfa47036e0c5d64c6ca6
                                          • Instruction Fuzzy Hash: FB210471504304DFDF14DF14DAC8B26BBA5FB84314F24C56DD80A5B296C33AD847CA62
                                          Function 00D21878 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a88779a26646ce1fccfd19faf26cf18441e2f6f4dd9bf5fb7d5af896f5baa37
                                          • Instruction ID: b26a6365c26807093d9204b0e33ff1504d82f95b1541bc914bc4d801cef01117
                                          • Opcode Fuzzy Hash: 1a88779a26646ce1fccfd19faf26cf18441e2f6f4dd9bf5fb7d5af896f5baa37
                                          • Instruction Fuzzy Hash: 04218D34B002658FDB24EB64D5657AE77B2AB69348F244469C405EB2A1DB368D81CFB0
                                          Function 00D29158 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c223a53d084bfba988047c0799211188c8b32f941175f20955ee59299b4c88f7
                                          • Instruction ID: 02e561452f3bf53d6990748fd4bd019e3f17501765134f728d00f68be9cc5bb7
                                          • Opcode Fuzzy Hash: c223a53d084bfba988047c0799211188c8b32f941175f20955ee59299b4c88f7
                                          • Instruction Fuzzy Hash: D2215031E0021A9BDB19CFA5D86469EF7B2EF99304F64851AE815FB340DB709C45CBA0
                                          Function 00D21382 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b66d1cc838f938218d77171d9405162c0c6eb437aea92f0a89bed7cdde13cb3
                                          • Instruction ID: a4fa524ff4c66ecf6791c6c6ecc54eb0378fd73544d8a23ce7ea94adb2dc77c1
                                          • Opcode Fuzzy Hash: 4b66d1cc838f938218d77171d9405162c0c6eb437aea92f0a89bed7cdde13cb3
                                          • Instruction Fuzzy Hash: F821BB38A042618FDB356764F84877D77A1E736319F18486AE44ACB3D0DB25CC878751
                                          Function 00D21888 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b612b005c96f68248617b3fb701c3dfd34db8ffcd57e175c8de1df369fde6b52
                                          • Instruction ID: e15feb6d0d596c815100d4311bfecdf58c6ff3339478374fe29d6b260ac159e4
                                          • Opcode Fuzzy Hash: b612b005c96f68248617b3fb701c3dfd34db8ffcd57e175c8de1df369fde6b52
                                          • Instruction Fuzzy Hash: 86217C347002298FDB14EB24D5247AE77F5EBA9348F244468D406EB364DB328C81CFB1
                                          Function 00D216B0 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13e92083acb33c41af4a62bd8725f7145d57beb9de9a1094fcfa4c38eb5c2cce
                                          • Instruction ID: 59b043581ab0e30b9c5faf85b1cd4a5e2e21c5ecaffb5e3d45d781c5b576856d
                                          • Opcode Fuzzy Hash: 13e92083acb33c41af4a62bd8725f7145d57beb9de9a1094fcfa4c38eb5c2cce
                                          • Instruction Fuzzy Hash: A821663C6001119FDF12E724F884B1E7765E7B9308F148A26D006D7399DF64DC468BD1
                                          Function 00D29880 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf3e920fe7ee9499ab686e663fc8a535cb9f9ce02a827e14faa372d25fcc9505
                                          • Instruction ID: 68f92f1eef3d61794dc2a48635dad94284df5da935340515db99f16702592225
                                          • Opcode Fuzzy Hash: bf3e920fe7ee9499ab686e663fc8a535cb9f9ce02a827e14faa372d25fcc9505
                                          • Instruction Fuzzy Hash: 12110631A002188FDB10DF69E99478DFBA1FF91314F1885B5D8089F296E771DD49C7A0
                                          Function 00D24F98 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3e579096a276526994eee9d748f78c07b4f40c9be8ecdd0fb8d86f91379e273
                                          • Instruction ID: 4ccfb0f2ac4163a35e02c93c089ae74c69c1df3d63b3e11bf8766a34def35fa6
                                          • Opcode Fuzzy Hash: c3e579096a276526994eee9d748f78c07b4f40c9be8ecdd0fb8d86f91379e273
                                          • Instruction Fuzzy Hash: 7C21E934600619CFDB14DB78EA59BAE77F1EF9D348B204468E406EB3A5DB359D01CBA0
                                          Function 00D20848 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98fe372718662f03b63f76662425e03e121b99e1f7694aeedde0935733cc252b
                                          • Instruction ID: eb79bb6b607a667a05d8e4c4216cc312173cb25f5bf54e173ac8805f7bea7225
                                          • Opcode Fuzzy Hash: 98fe372718662f03b63f76662425e03e121b99e1f7694aeedde0935733cc252b
                                          • Instruction Fuzzy Hash: B7119835B002148FDF547778E54437FBBA5EB69318F144936D006DB352DA61CD858BE1
                                          Function 00D20838 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69958f4f75caf73c6f8e34e4c3370d6065a1390057b7b10dbc114438b70efb3b
                                          • Instruction ID: 94c78cdd5659bccbbcee3b94467cb69af4c54b5d72a836ef9c99a3ef60900d26
                                          • Opcode Fuzzy Hash: 69958f4f75caf73c6f8e34e4c3370d6065a1390057b7b10dbc114438b70efb3b
                                          • Instruction Fuzzy Hash: E611B234B042244FDF256774A85437FBFA1DB66308F18497AD002DB283DA65CC868BE1
                                          Function 00D21498 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb62a79c18c895fb3fa1fe6e1d20ad6599b757892631589fa0ba17e2f06ca1c7
                                          • Instruction ID: ca213ce46a8f11d2cef0a8f3e1d4b45dcf4b7dfecbf2ddbd40b96eefbf59a230
                                          • Opcode Fuzzy Hash: fb62a79c18c895fb3fa1fe6e1d20ad6599b757892631589fa0ba17e2f06ca1c7
                                          • Instruction Fuzzy Hash: AD014435E002259FCF21EFB8955119EBBF5EFA8318F1444BAD809E7306E635D9428BB1
                                          Function 00D29890 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f66cc650558bbe9d10673d3132084027c7289474a2cc6ee829064eed2fc0594d
                                          • Instruction ID: 909e61638a1e0085d3810a237b6ca632d93c819d66fd70df84a205ae207ac2b8
                                          • Opcode Fuzzy Hash: f66cc650558bbe9d10673d3132084027c7289474a2cc6ee829064eed2fc0594d
                                          • Instruction Fuzzy Hash: 98019E30A002048FCB04EF69E98478AFBA6EF85710F54C674D8485B29ADB70ED45CBB1
                                          Function 00D240FF Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23dc4a3a659cf49d9a79aa99400310702d6badab247dfa7b5b5160f960824db5
                                          • Instruction ID: 05e99c9c0681b33198550aed1b3dde442edb9330acd43d69b7c8d7fa88b92e4c
                                          • Opcode Fuzzy Hash: 23dc4a3a659cf49d9a79aa99400310702d6badab247dfa7b5b5160f960824db5
                                          • Instruction Fuzzy Hash: BC11F730D00329DECF26DB94F99A7ECB7B1AF7031DF181029D411A21929B7048D9CB21
                                          Function 00D280E8 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f127a1724a2a80e0f4ca366b3bdc845ea8cb04b12911ebdef36e19686a3f70d8
                                          • Instruction ID: 700b9286a4052a378b222ace628f169d784536e075f7c10b3ac6b5e7d15f6526
                                          • Opcode Fuzzy Hash: f127a1724a2a80e0f4ca366b3bdc845ea8cb04b12911ebdef36e19686a3f70d8
                                          • Instruction Fuzzy Hash: 8C014434904109AFCB41FFA8F981ADDBBB5DF45304F1046BAD4089B2A9DF315E4ACB91
                                          Function 00D21524 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ef0d811de5b965dbaf727ae50966690f1ac4ccc94e301ffa4255605349ec91e
                                          • Instruction ID: 5f86572d6ff8c31ad88f0afe2000f05034147134f4682d07e3bcd2d985ef0332
                                          • Opcode Fuzzy Hash: 8ef0d811de5b965dbaf727ae50966690f1ac4ccc94e301ffa4255605349ec91e
                                          • Instruction Fuzzy Hash: DCF0F63AA041308FD7229BA4A8911ACBFB1EEF431571880D7D846DB616D621D842D771
                                          Function 00D27088 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0375105b0a4568227ad3d0cae287e1c42948536fea1160c4df63d2a00291cedf
                                          • Instruction ID: e0dbfd53456791b851b35754c99c355ac7d859efaee226fa2be13f5aa80ff322
                                          • Opcode Fuzzy Hash: 0375105b0a4568227ad3d0cae287e1c42948536fea1160c4df63d2a00291cedf
                                          • Instruction Fuzzy Hash: A4F0C439B40118CFC714EB74D598B6D77B2EF89715F1144A9E50A9B3A0CB35AD42CF41
                                          Function 00D280F8 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2870528074.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_d20000_INVOICE_MAY-888201-2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1588d83491156eba7012e0165d8ce4a4b4b53b15ba88f9da17b19473f2598333
                                          • Instruction ID: 79499b1325943704a62d1f963793d97bbed8f2005ad63259b608758ac508f597
                                          • Opcode Fuzzy Hash: 1588d83491156eba7012e0165d8ce4a4b4b53b15ba88f9da17b19473f2598333
                                          • Instruction Fuzzy Hash: 94F03134900109AFCB41FFA8FA41A9DB7B5EF44304F50467AD008A7259DF316E4A8B91